| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.01.2014, 13:53
| #1 |
| |  Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung Hallo liebe Trojaner-Board-Team, nachdem Ihr meinen Laptop komplett bereinigt habt, brauche ich nun Hilfe bei meinem PC. Beim Öffnen verschiedener Websiten öffnen sich automatisch massenweise Popups, sowie Tabs mit Werbung, sowie Downloadvorschläge zur Systembereinigung. Des Weiteren will er immer wieder, dass ich eine Setup.exe downloade (auch dieses öffnet sich einfach so, als ob ich irgendwo auf Download klicken würde). Außerdem schliesst er dauernd eure Website und sagt mir folgendes ´´ Als Betrugsversuch gemeldete Webseite! Die Webseite auf download.adobaoom.com wurde als Betrugsversuch gemeldet und gemäß Ihrer Sicherheitseinstellungen blockiert Mit Betrugsseiten versuchen Kriminelle Sie dazu zu bringen, persönliche oder finanzielle Daten preiszugeben. Dabei ahmen sie in betrügerischer Absicht Webseiten oder E-Mails nach, denen Sie eventuell vertrauen. Falls Sie hier persönliche Daten eingeben, müssen Sie mit Identitätsdiebstahl oder sonstigem Betrug rechnen.´´ Über eure Hilfe wäre ich sehr dankbar. Logfiles: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Artyrius (administrator) on RAMSIS on 26-01-2014 13:28:59
Running from C:\Users\Artyrius\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\Itunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - D:\Itunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-18] (Adobe Systems Incorporated)
HKU\Mein Kleines\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Startup: C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mein Kleines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B9ED0378-DE4A-4E0F-968C-92EB130CC32F}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SuperLyrics-16 - C:\Users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com [2014-01-17]
FF Extension: Battlefield Play4Free - C:\Users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\Extensions\battlefieldplay4free@ea.com [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012-03-19]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-03-19]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-03-19]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SuperLyrics-16) - C:\Users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-11-10]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\urladvisor.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\virtkbd.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx [2011-10-13]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-02] ()
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-02] (Disc Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-26 13:28 - 2014-01-26 13:29 - 00010935 _____ C:\Users\Artyrius\Desktop\FRST.txt
2014-01-26 13:28 - 2014-01-26 13:28 - 00000000 ____D C:\FRST
2014-01-26 13:27 - 2014-01-26 13:27 - 02078208 _____ (Farbar) C:\Users\Artyrius\Desktop\FRST64.exe
2014-01-26 13:27 - 2014-01-26 13:27 - 00370971 _____ C:\Users\Artyrius\Desktop\gmer_2.1.19355.zip
2014-01-26 13:25 - 2014-01-26 13:25 - 00000548 _____ C:\Users\Artyrius\Desktop\defogger_disable.log
2014-01-26 13:25 - 2014-01-26 13:25 - 00000168 _____ C:\Users\Artyrius\defogger_reenable
2014-01-26 13:24 - 2014-01-26 13:24 - 00050477 _____ C:\Users\Artyrius\Desktop\Defogger.exe
2014-01-17 12:45 - 2014-01-17 12:45 - 01236282 _____ C:\Users\Artyrius\Desktop\adwcleaner_3.017.exe
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\Program Files\iTunes
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\Program Files\iPod
2014-01-10 16:05 - 2014-01-10 18:03 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Apple Computer
2014-01-03 01:19 - 2014-01-03 01:19 - 00000244 _____ C:\Users\Artyrius\Desktop\Battlefield 2 Complete Collection.lnk
2014-01-02 21:19 - 2014-01-02 21:19 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-02 21:18 - 2014-01-02 21:55 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\DAEMON Tools Lite
2014-01-02 21:18 - 2014-01-02 21:18 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-02 21:18 - 2014-01-02 21:18 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-01-02 21:18 - 2014-01-02 21:18 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-02 21:17 - 2014-01-02 21:18 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-02 21:16 - 2014-01-02 21:17 - 13485616 _____ (Disc Soft Ltd) C:\Users\Artyrius\Downloads\DTLite4481-0347.exe
2014-01-02 18:51 - 2014-01-02 18:51 - 00002153 _____ C:\Users\Artyrius\Desktop\Punkbuster Updatetool Win 3.4 Setup.lnk
2014-01-02 18:35 - 2014-01-02 18:35 - 00000648 _____ C:\Users\Artyrius\Desktop\Battlefield 2.lnk
2014-01-02 18:27 - 2014-01-02 18:27 - 00000937 _____ C:\Users\Public\Desktop\Battlefield Bad Company 2.lnk
2014-01-02 18:26 - 2014-01-02 18:26 - 02434856 _____ C:\Windows\SysWOW64\pbsvc.exe
2014-01-02 18:24 - 2014-01-02 18:24 - 00735889 _____ C:\Users\Artyrius\Downloads\pbsetup_3.4.zip
2014-01-02 18:21 - 2014-01-02 18:22 - 00614784 _____ C:\Users\Artyrius\Downloads\punkbuster-updatetool-win-3-4.exe
2014-01-02 16:14 - 2014-01-02 16:15 - 00000000 ____D C:\Users\Artyrius\Documents\Battlefield 4
2014-01-02 16:14 - 2014-01-02 16:14 - 00000000 ____D C:\Users\Artyrius\AppData\Local\ESN
2014-01-02 16:13 - 2014-01-02 16:13 - 03821064 _____ C:\Users\Artyrius\Downloads\battlelog-web-plugins_2.3.2_130(1).exe
2014-01-02 16:12 - 2014-01-02 16:13 - 03821064 _____ C:\Users\Artyrius\Downloads\battlelog-web-plugins_2.3.2_130.exe
2014-01-02 15:41 - 2014-01-10 15:54 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2014-01-02 15:41 - 2014-01-02 15:41 - 00000869 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2014-01-02 15:41 - 2014-01-02 15:41 - 00000853 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-01-02 15:40 - 2014-01-02 15:40 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-02 15:40 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-02 15:40 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-02 15:40 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-01-02 15:40 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-01-02 15:40 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-01-02 15:40 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-01-02 15:40 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-01-02 15:40 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-01-02 15:40 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-01-02 15:40 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-01-02 15:40 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-01-02 15:40 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-01-02 15:40 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-01-02 15:40 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-01-02 15:40 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-01-02 15:40 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-01-02 15:40 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-01-02 15:40 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-01-02 15:40 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-01-02 15:40 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-01-02 15:40 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-01-02 15:40 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-01-02 15:40 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-01-02 15:40 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-01-02 15:40 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-01-02 15:40 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-01-02 15:40 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-01-02 15:40 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-01-02 15:40 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-01-02 15:40 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-01-02 15:40 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-01-02 15:40 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-01-02 15:40 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-01-02 15:40 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-01-02 15:40 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-01-02 15:40 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-01-02 15:40 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-01-02 15:40 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-01-02 15:40 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-01-02 15:40 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-01-02 15:40 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-01-02 15:40 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-01-02 15:40 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-01-02 15:40 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-01-02 15:40 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-01-02 15:40 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-01-02 15:40 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-01-02 15:40 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-01-02 15:40 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-01-02 15:40 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-01-02 15:40 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-01-02 15:40 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-01-02 15:40 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-01-02 15:40 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-01-02 15:40 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-01-01 22:22 - 2014-01-01 22:22 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Justice
2014-01-01 21:55 - 2014-01-01 21:55 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2014-01-01 20:36 - 2014-01-01 21:37 - 00000000 ____D C:\Users\Artyrius\Documents\Battlefield 2
2014-01-01 20:36 - 2014-01-01 20:36 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-01 20:35 - 2014-01-02 18:26 - 00203535 _____ C:\Windows\DirectX.log
2014-01-01 20:35 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-01-01 20:35 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-01-01 20:35 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-01-01 20:35 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-01-01 20:35 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-01-01 20:35 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-01-01 20:35 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-01-01 20:35 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-01-01 20:35 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-01-01 20:35 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-01-01 20:35 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-01-01 20:35 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-01-01 20:35 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-01-01 20:35 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-01-01 20:35 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-01-01 20:35 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-01-01 20:35 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-01-01 20:35 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-01-01 20:35 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-01-01 20:35 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-01-01 20:35 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-01-01 20:35 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-01-01 20:35 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-01-01 20:35 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-01-01 20:35 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-01-01 20:35 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-01-01 20:35 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-01-01 20:35 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-01-01 20:35 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-01-01 20:35 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-01-01 20:35 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-01-01 20:35 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-01-01 20:35 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-01-01 20:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-01-01 20:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-01-01 20:35 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-01-01 20:35 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-01-01 20:35 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-01-01 20:35 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-01-01 20:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-01-01 20:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-01-01 20:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-01-01 20:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-01-01 20:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-01-01 20:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-01-01 20:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-01-01 20:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-01-01 20:35 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-01-01 20:35 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-01-01 20:35 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-01-01 20:35 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-01-01 20:35 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-01-01 20:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-01-01 20:35 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-01-01 20:35 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-01-01 20:05 - 2014-01-01 20:05 - 00000000 ____D C:\Windows\rescache
2014-01-01 19:33 - 2014-01-01 19:33 - 00000000 ____D C:\Program Files (x86)\Origin Games
2014-01-01 19:32 - 2014-01-02 16:14 - 00000000 ____D C:\Users\Artyrius\AppData\Local\Origin
2014-01-01 19:32 - 2014-01-01 22:54 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Origin
2014-01-01 19:31 - 2014-01-02 16:14 - 00000000 ____D C:\ProgramData\Origin
2014-01-01 19:31 - 2014-01-02 16:14 - 00000000 ____D C:\ProgramData\Electronic Arts
2014-01-01 19:31 - 2014-01-02 12:20 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-01 19:31 - 2014-01-01 19:31 - 00000983 _____ C:\Users\Public\Desktop\Origin.lnk
2014-01-01 19:29 - 2014-01-01 19:30 - 16952720 _____ (Electronic Arts, Inc.) C:\Users\Artyrius\Downloads\OriginThinSetup.exe
2014-01-01 19:26 - 2014-01-01 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-26 13:29 - 2014-01-26 13:28 - 00010935 _____ C:\Users\Artyrius\Desktop\FRST.txt
2014-01-26 13:28 - 2014-01-26 13:28 - 00000000 ____D C:\FRST
2014-01-26 13:28 - 2009-07-14 05:45 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 13:28 - 2009-07-14 05:45 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 13:27 - 2014-01-26 13:27 - 02078208 _____ (Farbar) C:\Users\Artyrius\Desktop\FRST64.exe
2014-01-26 13:27 - 2014-01-26 13:27 - 00370971 _____ C:\Users\Artyrius\Desktop\gmer_2.1.19355.zip
2014-01-26 13:26 - 2012-03-19 20:30 - 02021824 _____ C:\Windows\WindowsUpdate.log
2014-01-26 13:26 - 2011-04-12 08:43 - 00654150 _____ C:\Windows\system32\perfh007.dat
2014-01-26 13:26 - 2011-04-12 08:43 - 00130022 _____ C:\Windows\system32\perfc007.dat
2014-01-26 13:26 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-26 13:25 - 2014-01-26 13:25 - 00000548 _____ C:\Users\Artyrius\Desktop\defogger_disable.log
2014-01-26 13:25 - 2014-01-26 13:25 - 00000168 _____ C:\Users\Artyrius\defogger_reenable
2014-01-26 13:25 - 2012-03-19 20:30 - 00000000 ____D C:\Users\Artyrius
2014-01-26 13:24 - 2014-01-26 13:24 - 00050477 _____ C:\Users\Artyrius\Desktop\Defogger.exe
2014-01-26 13:24 - 2012-03-19 21:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-26 13:20 - 2013-11-10 18:36 - 00001978 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job
2014-01-26 13:20 - 2013-11-10 18:36 - 00001902 _____ C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job
2014-01-26 13:20 - 2013-11-10 18:36 - 00001264 _____ C:\Windows\Tasks\SuperLyrics-16-codedownloader.job
2014-01-26 13:20 - 2012-03-19 20:33 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-26 13:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 13:20 - 2009-07-14 05:51 - 00077790 _____ C:\Windows\setupact.log
2014-01-17 12:47 - 2013-11-21 17:51 - 00000000 ____D C:\AdwCleaner
2014-01-17 12:45 - 2014-01-17 12:45 - 01236282 _____ C:\Users\Artyrius\Desktop\adwcleaner_3.017.exe
2014-01-12 19:17 - 2012-04-23 20:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 18:03 - 2014-01-10 16:05 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Apple Computer
2014-01-10 18:01 - 2012-10-18 23:50 - 00001455 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\Program Files\iTunes
2014-01-10 18:00 - 2014-01-10 18:00 - 00000000 ____D C:\Program Files\iPod
2014-01-10 15:54 - 2014-01-02 15:41 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2014-01-10 15:54 - 2010-11-21 04:47 - 00012912 _____ C:\Windows\PFRO.log
2014-01-03 01:19 - 2014-01-03 01:19 - 00000244 _____ C:\Users\Artyrius\Desktop\Battlefield 2 Complete Collection.lnk
2014-01-02 21:55 - 2014-01-02 21:18 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\DAEMON Tools Lite
2014-01-02 21:19 - 2014-01-02 21:19 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-02 21:18 - 2014-01-02 21:18 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-02 21:18 - 2014-01-02 21:18 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-01-02 21:18 - 2014-01-02 21:18 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-02 21:18 - 2014-01-02 21:17 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-02 21:17 - 2014-01-02 21:16 - 13485616 _____ (Disc Soft Ltd) C:\Users\Artyrius\Downloads\DTLite4481-0347.exe
2014-01-02 18:52 - 2012-08-24 00:18 - 00189472 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-02 18:52 - 2012-08-24 00:14 - 00189472 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-02 18:51 - 2014-01-02 18:51 - 00002153 _____ C:\Users\Artyrius\Desktop\Punkbuster Updatetool Win 3.4 Setup.lnk
2014-01-02 18:45 - 2012-08-24 00:14 - 00189472 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-02 18:35 - 2014-01-02 18:35 - 00000648 _____ C:\Users\Artyrius\Desktop\Battlefield 2.lnk
2014-01-02 18:27 - 2014-01-02 18:27 - 00000937 _____ C:\Users\Public\Desktop\Battlefield Bad Company 2.lnk
2014-01-02 18:26 - 2014-01-02 18:26 - 02434856 _____ C:\Windows\SysWOW64\pbsvc.exe
2014-01-02 18:26 - 2014-01-01 20:35 - 00203535 _____ C:\Windows\DirectX.log
2014-01-02 18:24 - 2014-01-02 18:24 - 00735889 _____ C:\Users\Artyrius\Downloads\pbsetup_3.4.zip
2014-01-02 18:22 - 2014-01-02 18:21 - 00614784 _____ C:\Users\Artyrius\Downloads\punkbuster-updatetool-win-3-4.exe
2014-01-02 17:43 - 2012-08-24 00:17 - 00000000 ____D C:\Users\Artyrius\AppData\Local\PunkBuster
2014-01-02 16:15 - 2014-01-02 16:14 - 00000000 ____D C:\Users\Artyrius\Documents\Battlefield 4
2014-01-02 16:14 - 2014-01-02 16:14 - 00000000 ____D C:\Users\Artyrius\AppData\Local\ESN
2014-01-02 16:14 - 2014-01-01 19:32 - 00000000 ____D C:\Users\Artyrius\AppData\Local\Origin
2014-01-02 16:14 - 2014-01-01 19:31 - 00000000 ____D C:\ProgramData\Origin
2014-01-02 16:14 - 2014-01-01 19:31 - 00000000 ____D C:\ProgramData\Electronic Arts
2014-01-02 16:13 - 2014-01-02 16:13 - 03821064 _____ C:\Users\Artyrius\Downloads\battlelog-web-plugins_2.3.2_130(1).exe
2014-01-02 16:13 - 2014-01-02 16:12 - 03821064 _____ C:\Users\Artyrius\Downloads\battlelog-web-plugins_2.3.2_130.exe
2014-01-02 15:41 - 2014-01-02 15:41 - 00000869 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2014-01-02 15:41 - 2014-01-02 15:41 - 00000853 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-01-02 15:40 - 2014-01-02 15:40 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-02 15:40 - 2012-08-24 00:14 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-02 12:20 - 2014-01-01 19:31 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-02 12:17 - 2012-05-29 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-01 22:54 - 2014-01-01 19:32 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Origin
2014-01-01 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-01 22:22 - 2014-01-01 22:22 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Justice
2014-01-01 21:55 - 2014-01-01 21:55 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2014-01-01 21:37 - 2014-01-01 20:36 - 00000000 ____D C:\Users\Artyrius\Documents\Battlefield 2
2014-01-01 20:36 - 2014-01-01 20:36 - 00000000 ____D C:\Users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-01 20:05 - 2014-01-01 20:05 - 00000000 ____D C:\Windows\rescache
2014-01-01 19:33 - 2014-01-01 19:33 - 00000000 ____D C:\Program Files (x86)\Origin Games
2014-01-01 19:31 - 2014-01-01 19:31 - 00000983 _____ C:\Users\Public\Desktop\Origin.lnk
2014-01-01 19:30 - 2014-01-01 19:29 - 16952720 _____ (Electronic Arts, Inc.) C:\Users\Artyrius\Downloads\OriginThinSetup.exe
2014-01-01 19:26 - 2014-01-01 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\Artyrius\AppData\Local\Temp\app.exe
C:\Users\Artyrius\AppData\Local\Temp\BackupSetup.exe
C:\Users\Artyrius\AppData\Local\Temp\IMsetup.exe
C:\Users\Artyrius\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Artyrius\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Artyrius\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Artyrius\AppData\Local\Temp\nsfF515.exe
C:\Users\Artyrius\AppData\Local\Temp\nsfFA44.exe
C:\Users\Artyrius\AppData\Local\Temp\nsl19C7.exe
C:\Users\Artyrius\AppData\Local\Temp\nsl1E0C.exe
C:\Users\Artyrius\AppData\Local\Temp\plus-hd-2-6.exe
C:\Users\Artyrius\AppData\Local\Temp\Quarantine.exe
C:\Users\Artyrius\AppData\Local\Temp\SeesimilarSetup-18-.exe
C:\Users\Artyrius\AppData\Local\Temp\Setup.exe
C:\Users\Artyrius\AppData\Local\Temp\setup__3862.exe
C:\Users\Artyrius\AppData\Local\Temp\sonarinst.exe
C:\Users\Artyrius\AppData\Local\Temp\SPSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 16:55
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by Artyrius at 2014-01-26 13:29:37
Running from C:\Users\Artyrius\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AS: Kaspersky Internet Security (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Battlefield 2 (x32 Version: 1.5.0.0 - Electronic Arts)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlefield Play4Free (x32 Version: - EA Digital illusions)
Battlefield: Bad Company™ 2 (x32 Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon iP4700 series Printer Driver (Version: - )
Canon MP Navigator EX 4.0 (x32 Version: - )
CanoScan LiDE 110 Scanner Driver (Version: - )
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
ElsterFormular (x32 Version: 14.0.0.10899 - Landesfinanzdirektion Thüringen)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0 - )
Hard Justice (x32 Version: 1.31 - The Hard Justice Mod Team)
Hard Justice Map Pack 1 (x32 Version: 1.2 - wccsquad.com)
iCloud (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab)
K-Lite Codec Pack 5.9.0 (64-bit) (Version: 5.9.0 - )
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Controller-Treiber 295.73 (Version: 295.73 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0209 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0209 (Version: 9.12.0209 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
Origin (x32 Version: 9.3.11.2762 - Electronic Arts, Inc.)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PunkBuster Services (x32 Version: 0.988 - Even Balance, Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0145 - REALTEK Semiconductor Corp.)
Star Wars: The Old Republic (x32 Version: 1.00 - Electronic Arts, Inc.)
SuperLyrics-16 (x32 Version: 1.30.153.0 - 10superSoftabcd) <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
World of Warcraft (x32 Version: - Blizzard Entertainment)
==================== Restore Points =========================
10-01-2014 17:27:10 Windows Update
12-01-2014 18:00:11 Windows-Sicherung
26-01-2014 12:23:37 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {28DFB9F6-3F41-493D-8551-7FA308169492} - \Plus-HD-2.6-firefoxinstaller No Task File
Task: {2D4EE823-F86F-4FFA-8BC4-91A29D5EBAE5} - \DealPlyUpdate No Task File
Task: {337D4059-48F8-41EC-99D9-A499F3887B37} - \Plus-HD-2.6-codedownloader No Task File
Task: {4473CA5F-6D41-4B11-8B74-24E76330DABF} - \SuperLyrics-16-chromeinstaller No Task File
Task: {64780FBE-5D65-4D6B-BC46-BBE2A00493F1} - \Plus-HD-2.6-updater No Task File
Task: {72EBDAFB-DF31-44FD-9ACF-131A74730665} - \SuperLyrics-16-codedownloader No Task File
Task: {8DD33BF2-3D96-41E3-82A7-AE9834B44EE2} - \DealPly No Task File
Task: {91A84CBC-273D-4030-9E95-C1DBEF22A6EB} - \Plus-HD-2.6-enabler No Task File
Task: {A5DA7EF6-5172-49F0-9D73-834C303F340D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AECD4BBC-C4C5-4206-ACF3-8740BC7E0844} - \SuperLyrics-16-firefoxinstaller No Task File
Task: {D763376F-6DCF-4065-8657-2721095B3B74} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E18E63AB-7888-4526-AB02-64B10DA6D9D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-18] (Adobe Systems Incorporated)
Task: {E4DCFF77-55C2-4792-8B6D-22DF722196E2} - \HDvid Codec V1-codedownloader No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperLyrics-16-codedownloader.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-firefoxinstaller.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-19 21:15 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\EnumDevLib.dll
2011-01-17 16:19 - 2012-03-19 20:36 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
2014-01-01 19:26 - 2014-01-01 19:26 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-18 20:17 - 2013-12-18 20:17 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2014 01:22:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/17/2014 00:49:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/17/2014 00:42:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2014 06:53:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 06:03:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 03:56:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 06:24:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/02/2014 04:13:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/02/2014 00:19:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 02:30:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BF2.exe, Version: 0.0.0.0, Zeitstempel: 0x4a8d6629
Name des fehlerhaften Moduls: Memory.dll, Version: 0.0.0.0, Zeitstempel: 0x497ec791
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001ddc
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xBF2.exe0
Pfad der fehlerhaften Anwendung: BF2.exe1
Pfad des fehlerhaften Moduls: BF2.exe2
Berichtskennung: BF2.exe3
System errors:
=============
Error: (01/26/2014 01:23:48 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.
Error: (01/26/2014 01:22:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/26/2014 01:22:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/26/2014 01:20:45 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.
Error: (01/26/2014 01:20:45 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.
Error: (01/17/2014 00:50:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/17/2014 00:50:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/17/2014 00:44:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/17/2014 00:44:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/12/2014 07:08:30 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
Microsoft Office Sessions:
=========================
Error: (01/26/2014 01:22:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/17/2014 00:49:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/17/2014 00:42:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2014 06:53:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 06:03:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 03:56:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 06:24:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Artyrius\Downloads\SoftonicDownloader_fuer_wowmatrix.exe
Error: (01/02/2014 04:13:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Artyrius\Downloads\SoftonicDownloader_fuer_wowmatrix.exe
Error: (01/02/2014 00:19:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 02:30:29 AM) (Source: Application Error)(User: )
Description: BF2.exe0.0.0.04a8d6629Memory.dll0.0.0.0497ec791c000000500001ddc169401cf075a0f6d35afE:\Spiele\Spiele zum Installieren\Battlefield 2 Complete Collection\BF2.exeE:\Spiele\Spiele zum Installieren\Battlefield 2 Complete Collection\Memory.dll7614fbc6-734d-11e3-be83-001e8cdb7bcb
CodeIntegrity Errors:
===================================
Date: 2013-02-25 21:31:52.060
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-25 21:31:52.017
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-25 21:31:21.257
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-25 21:31:21.213
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-25 21:30:52.656
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-25 21:30:52.626
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 8191.11 MB
Available physical RAM: 5636.3 MB
Total Pagefile: 16380.41 MB
Available Pagefile: 13691.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:55.8 GB) (Free:6.56 GB) NTFS
Drive d: (Filme und Daten) (Fixed) (Total:1397.26 GB) (Free:346.8 GB) NTFS
Drive e: (Filme und Spiele) (Fixed) (Total:1397.26 GB) (Free:122.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: F1BEC7A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 5607C364)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 5607C367)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-26 13:42:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Corsair_Force_GT rev.1.3.3 55,90GB
Running: gmer.exe; Driver: C:\Users\Artyrius\AppData\Local\Temp\pwldrpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072981a22 2 bytes [98, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072981ad0 2 bytes [98, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072981b08 2 bytes [98, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072981bba 2 bytes [98, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072981bda 2 bytes [98, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51661971-47BE-4DFB-95CE-A2D95482A077}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [5392] (Microsoft Malware Protection Engine/Microsoft Corporation SIGNED)(2014-01-26 12:25:31) 000007feea7b0000
Process C:\Users\Artyrius\AppData\Local\Temp\Temp1_gmer_2.1.19355.zip\gmer.exe (*** suspicious ***) @ C:\Users\Artyrius\AppData\Local\Temp\Temp1_gmer_2.1.19355.zip\gmer.exe [4228] 0000000000400000
---- EOF - GMER 2.1 ----
LG Artyrius |
|
26.01.2014, 17:00
| #2 | |
| /// the machine /// TB-Ausbilder    | Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
26.01.2014, 17:28
| #3 |
| | Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit WerbungCode:
ATTFilter ComboFix 14-01-23.02 - Artyrius 26.01.2014 17:17:35.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8191.6007 [GMT 1:00]
ausgeführt von:: c:\users\Artyrius\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\program files (x86)\SuperLyrics-16
c:\program files (x86)\SuperLyrics-16\44162.crx
c:\program files (x86)\SuperLyrics-16\44162.xpi
c:\program files (x86)\SuperLyrics-16\superlyrics-16-chromeinstaller.exe
c:\program files (x86)\SuperLyrics-16\superlyrics-16-firefoxinstaller.exe
c:\users\Artyrius\AppData\Local\._Revolution_
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\background.html
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\crossriderManifest.json
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\manifest.xml
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins.json
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\actions\1.png
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon128.png
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon16.png
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon48.png
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\manifest.json
c:\users\Artyrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\popup.html
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome.manifest
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\asyncDB.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\background.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\browserAction.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\contextMenu.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dbManager.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dom_bg.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\fileManager.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefox.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxNotifications.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxOmnibox.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\message.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\pageAction.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\request.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\tabs.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\webRequest.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\background.html
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\baseObject.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\browser.xul
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\console.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\consts.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\delegate.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\extensionDataStore.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\folderIOWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\httpObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\IDBWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\installer.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\logFile.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\prefs.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\progressListenerObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\registry.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reloadObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reports.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\requestObject.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\searchSettings.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\uninstallObserver.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\updateManager.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\utils.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\xhr.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\dialog.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\main.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.xul
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\platformVersion.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\search_dialog.xul
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults\preferences\prefs.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\manifest.xml
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins.json
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\1_base.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\17_jQuery.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\182_openUrl.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\207_dbWrapper.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\21_debug.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\22_resources.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\28_initializer.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\47_resources_background.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\64_appApiMessage.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\72_appApiValidation.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\98_omniCommands.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\background.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\extension.js
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\install.rdf
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale\en-US\translations.dtd
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button1.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button2.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button3.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button4.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button5.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\crossrider_statusbar.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon128.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon16.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon24.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon48.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\panelarrow-up.png
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\popup.html
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\skin.css
c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\update.css
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-26 bis 2014-01-26 ))))))))))))))))))))))))))))))
.
.
2014-01-26 12:28 . 2014-01-26 12:28 -------- d-----w- C:\FRST
2014-01-26 12:25 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51661971-47BE-4DFB-95CE-A2D95482A077}\mpengine.dll
2014-01-26 12:25 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-26 12:24 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-26 12:24 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-26 12:24 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-26 12:24 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-26 12:24 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-26 12:24 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-26 12:24 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-26 12:24 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-10 17:00 . 2014-01-10 17:00 -------- d-----w- c:\program files\iPod
2014-01-10 17:00 . 2014-01-10 17:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-10 17:00 . 2014-01-10 17:00 -------- d-----w- c:\program files\iTunes
2014-01-10 15:05 . 2014-01-10 17:03 -------- d-----w- c:\users\Artyrius\AppData\Roaming\Apple Computer
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-01-02 20:18 . 2014-01-02 20:18 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-01-02 20:18 . 2014-01-02 20:55 -------- d-----w- c:\users\Artyrius\AppData\Roaming\DAEMON Tools Lite
2014-01-02 20:18 . 2014-01-02 20:18 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2014-01-02 20:17 . 2014-01-02 20:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-01-02 17:26 . 2014-01-02 17:26 2434856 ----a-w- c:\windows\SysWow64\pbsvc.exe
2014-01-02 15:14 . 2014-01-02 15:14 -------- d-----w- c:\users\Artyrius\AppData\Local\ESN
2014-01-02 14:41 . 2014-01-02 17:27 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-01-02 14:41 . 2014-01-10 14:54 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2014-01-01 20:55 . 2014-01-01 20:55 -------- d-----w- c:\program files (x86)\EA GAMES
2014-01-01 19:05 . 2014-01-01 19:05 -------- d-----w- c:\windows\rescache
2014-01-01 18:33 . 2014-01-01 18:33 -------- d-----w- c:\program files (x86)\Origin Games
2014-01-01 18:32 . 2014-01-01 21:54 -------- d-----w- c:\users\Artyrius\AppData\Roaming\Origin
2014-01-01 18:32 . 2014-01-02 15:14 -------- d-----w- c:\users\Artyrius\AppData\Local\Origin
2014-01-01 18:31 . 2014-01-02 15:14 -------- d-----w- c:\programdata\Origin
2014-01-01 18:31 . 2014-01-02 15:14 -------- d-----w- c:\programdata\Electronic Arts
2014-01-01 18:31 . 2014-01-02 11:20 -------- d-----w- c:\program files (x86)\Origin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-02 17:52 . 2012-08-23 23:18 189472 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-01-02 17:52 . 2012-08-23 23:14 189472 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-01-02 17:45 . 2012-08-23 23:14 189472 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-01-02 14:40 . 2012-08-23 23:14 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-12-18 19:17 . 2012-04-23 19:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-18 19:17 . 2012-03-20 17:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 05:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-26 18:07 . 2013-11-26 18:07 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 18:07 . 2013-11-26 18:07 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 18:07 . 2013-11-26 18:07 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 18:07 . 2013-11-26 18:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 18:07 . 2013-11-26 18:07 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-26 18:07 . 2013-11-26 18:07 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-26 18:07 . 2013-11-26 18:07 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 18:07 . 2013-11-26 18:07 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-26 18:07 . 2013-11-26 18:07 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 18:07 . 2013-11-26 18:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-26 18:07 . 2013-11-26 18:07 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-26 18:07 . 2013-11-26 18:07 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-26 18:07 . 2013-11-26 18:07 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 18:07 . 2013-11-26 18:07 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-26 18:07 . 2013-11-26 18:07 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-26 18:07 . 2013-11-26 18:07 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 18:07 . 2013-11-26 18:07 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-26 18:07 . 2013-11-26 18:07 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-26 18:07 . 2013-11-26 18:07 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-26 18:07 . 2013-11-26 18:07 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-26 18:07 . 2013-11-26 18:07 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-26 18:07 . 2013-11-26 18:07 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 18:07 . 2013-11-26 18:07 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 18:07 . 2013-11-26 18:07 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 18:07 . 2013-11-26 18:07 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 18:07 . 2013-11-26 18:07 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-26 18:07 . 2013-11-26 18:07 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 18:07 . 2013-11-26 18:07 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-26 18:07 . 2013-11-26 18:07 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 18:07 . 2013-11-26 18:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-26 18:07 . 2013-11-26 18:07 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-26 18:07 . 2013-11-26 18:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 18:07 . 2013-11-26 18:07 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-26 18:07 . 2013-11-26 18:07 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-26 18:07 . 2013-11-26 18:07 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-26 18:07 . 2013-11-26 18:07 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 18:07 . 2013-11-26 18:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-26 18:07 . 2013-11-26 18:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 18:07 . 2013-11-26 18:07 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 18:07 . 2013-11-26 18:07 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-26 18:07 . 2013-11-26 18:07 413696 ----a-w- c:\windows\system32\html.iec
2013-11-26 18:07 . 2013-11-26 18:07 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 18:07 . 2013-11-26 18:07 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 18:07 . 2013-11-26 18:07 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-26 18:07 . 2013-11-26 18:07 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-26 18:07 . 2013-11-26 18:07 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 18:07 . 2013-11-26 18:07 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-26 18:07 . 2013-11-26 18:07 235520 ----a-w- c:\windows\system32\url.dll
2013-11-26 18:07 . 2013-11-26 18:07 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-26 18:07 . 2013-11-26 18:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 18:07 . 2013-11-26 18:07 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-26 18:07 . 2013-11-26 18:07 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 18:07 . 2013-11-26 18:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 18:07 . 2013-11-26 18:07 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 18:07 . 2013-11-26 18:07 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-26 18:07 . 2013-11-26 18:07 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 18:07 . 2013-11-26 18:07 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 18:07 . 2013-11-26 18:07 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 18:07 . 2013-11-26 18:07 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-18 20:01 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-18 20:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-18 20:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-18 20:01 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-18 20:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-18 20:01 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-18 20:01 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-18 20:01 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-18 20:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-18 20:01 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-18 20:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-18 20:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-18 20:01 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-18 20:01 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-18 20:01 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-18 20:01 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-18 20:01 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-18 20:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-18 20:01 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-18 20:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-18 20:01 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-18 20:01 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-18 20:01 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-18 20:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-18 19:08 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-18 19:08 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-21 16:46 . 2013-11-21 16:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-12 02:23 . 2013-12-18 19:08 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-18 19:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-18 19:08 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-18 19:08 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-31 206448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 Realtek87B;Realtek87B;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 19:17]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B9ED0378-DE4A-4E0F-968C-92EB130CC32F}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Artyrius\AppData\Roaming\Mozilla\Firefox\Profiles\624pd3h5.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Mein Kleines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\Artyrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SuperLyrics-16 - c:\program files (x86)\SuperLyrics-16\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-26 17:25:09
ComboFix-quarantined-files.txt 2014-01-26 16:25
.
Vor Suchlauf: 8.749.133.824 Bytes frei
Nach Suchlauf: 9.653.088.256 Bytes frei
.
- - End Of File - - DC130DBD77CC4FEDD09BBEEFB4647E7C
A36C5E4F47E84449FF07ED3517B43A31
|
|
27.01.2014, 10:59
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung |
| adobe, bonjour, browser, defender, entfernen, explorer, fehler, firefox, flash player, identitätsdiebstahl, kaspersky, malware, mozilla, popups, realtek, registry, rundll, scan, security, services.exe, sich automatisch, software, svchost.exe, tabs mit werbung, temp, werbung, windows, öffnet |
Linear-Darstellung
