|
Plagegeister aller Art und deren Bekämpfung: Plagegeister: Superfish & SweetpageWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.02.2014, 11:09 | #1 |
| Plagegeister: Superfish & Sweetpage Guten Tag! Bin Chrome-Nutzer. a) Ich hab' mit AdwCleaner, CCleaner, AntiMalwareBytes und avast! alles getan, was anging, aber sie konnten mir nicht helfen: von Zeit zu Zeit wird mir trotz AdBlock, AdBlockPlus, AdBlockSuper und FacebookAdBlock eine Art Pop-Up-Werbebanner angezeigt. Klicke ich d'rauf, werde ich über eine Superfish-URL auf Seiten wie eBay weitergeleitet. b) Will ich in der URL-Leiste eine Suche ausführen, werde ich über eine Sweetpage-URL an Yahoo weitergeleitet. Könnt ihr mir helfen? |
16.02.2014, 16:58 | #2 |
/// the machine /// TB-Ausbilder | Plagegeister: Superfish & Sweetpage hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
16.02.2014, 18:38 | #3 |
| Plagegeister: Superfish & SweetpageFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01 Ran by HorrorKid (administrator) on LINK on 16-02-2014 18:28:40 Running from C:\Users\HorrorKid\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\NLSSRV32.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\syswow64\wwahost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2874256 2012-12-10] (ELAN Microelectronics Corp.) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-02-16] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-02-16] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-16] (AVAST Software) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1864232908-4205428584-3793576050-1001\...\Run: [Google Update] - C:\Users\HorrorKid\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-18] (Google Inc.) HKU\S-1-5-21-1864232908-4205428584-3793576050-1001\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {ACFAB3BE-2272-44A5-8567-2996320F2B7C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - {ACFAB3BE-2272-44A5-8567-2996320F2B7C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKCU - {ACFAB3BE-2272-44A5-8567-2996320F2B7C} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\HorrorKid\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\HorrorKid\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Extension: HDvid Codec 3 - C:\Users\HorrorKid\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc3@hdvidcodec.com.xpi [2013-06-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR DefaultSearchKeyword: sweet-page CHR DefaultSearchProvider: sweet-page CHR DefaultSearchURL: hxxp://www.sweet-page.com/web/?type=ds&ts=1390592673&from=cor&uid=ST500LT012-9WS142_S0V4B8GZXXXXS0V4B8GZ&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll () CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) CHR Plugin: (Google Update) - C:\Users\HorrorKid\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\SysWOW64\npDeployJava1.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File CHR Extension: (ProxTube) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-07-18] CHR Extension: (AdBlock) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-30] CHR Extension: (avast! Online Security) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-16] CHR Extension: (Adblock Super) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-01-24] CHR Extension: (Facebook AdBlock) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2014-01-29] CHR Extension: (Google Wallet) - C:\Users\HorrorKid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-16] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-16] (AVAST Software) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2012-10-17] (ELAN Microelectronics Corp.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] () R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2014-02-16] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2014-02-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-16] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1038072 2014-02-16] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [421704 2014-02-16] (AVAST Software) R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-02-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-16] () R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6822984 2013-02-16] (Broadcom Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-16 18:28 - 2014-02-16 18:28 - 02152960 _____ (Farbar) C:\Users\HorrorKid\Downloads\FRST64.exe 2014-02-16 18:28 - 2014-02-16 18:28 - 00013625 _____ () C:\Users\HorrorKid\Downloads\FRST.txt 2014-02-16 18:28 - 2014-02-16 18:28 - 00000000 ____D () C:\FRST 2014-02-16 13:26 - 2014-02-16 13:26 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\AVAST Software 2014-02-16 10:48 - 2014-02-16 10:48 - 00000000 ____D () C:\Users\HorrorKid\AppData\Roaming\AVAST Software 2014-02-16 10:47 - 2014-02-16 10:48 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-02-16 10:47 - 2014-02-16 10:47 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-16 10:47 - 2014-02-16 10:46 - 01038072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-02-16 10:47 - 2014-02-16 10:46 - 00421704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-02-16 10:47 - 2014-02-16 10:46 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-02-16 10:47 - 2014-02-16 10:46 - 00207904 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-02-16 10:47 - 2014-02-16 10:46 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-02-16 10:47 - 2014-02-16 10:46 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2014-02-16 10:47 - 2014-02-16 10:46 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-02-16 10:47 - 2014-02-16 10:46 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-02-16 10:46 - 2014-02-16 10:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-02-16 10:46 - 2014-02-16 10:46 - 00000000 ____D () C:\Program Files\AVAST Software 2014-02-16 10:45 - 2014-02-16 10:45 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-16 10:43 - 2014-02-16 10:45 - 90578216 _____ (AVAST Software) C:\Users\HorrorKid\Downloads\avast_free_antivirus_setup_9.0.2013.exe 2014-02-15 21:22 - 2014-02-15 21:22 - 00003118 _____ () C:\WINDOWS\System32\Tasks\{2D887AA4-C80D-4525-93C4-4CFB2B2AEC9C} 2014-02-15 21:15 - 2014-02-15 21:15 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{EE97E55B-81C7-4EFC-ACA6-B74C93886DC8} 2014-02-15 18:58 - 2014-02-15 20:36 - 153679872 _____ () C:\Users\HorrorKid\Downloads\The.Legend.of.Zelda.Skyward.Sword.part01.rar 2014-02-15 18:55 - 2014-02-15 18:55 - 00011568 _____ () C:\Users\HorrorKid\Downloads\c4b4ae006e36d7d2cf4a23bdf29e989f.dlc 2014-02-15 15:35 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll 2014-02-15 15:35 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll 2014-02-15 15:35 - 2013-03-02 09:23 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2014-02-15 15:35 - 2013-03-02 03:44 - 01011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2014-02-15 15:35 - 2012-12-15 05:55 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2014-02-15 15:35 - 2012-11-03 06:26 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysreset.exe 2014-02-15 15:35 - 2012-11-03 06:25 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\resetengmig.dll 2014-02-15 15:35 - 2012-10-24 04:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe 2014-02-15 15:35 - 2012-10-24 04:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2014-02-15 15:35 - 2012-10-24 04:24 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2014-02-15 15:35 - 2012-10-24 04:24 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll 2014-02-15 15:35 - 2012-10-24 04:05 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll 2014-02-15 15:35 - 2012-10-24 03:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe 2014-02-15 15:34 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-02-15 15:34 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-02-15 15:34 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-02-15 15:34 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-02-15 15:34 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2014-02-15 15:34 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2014-02-15 15:34 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2014-02-15 15:34 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2014-02-15 15:34 - 2013-03-22 04:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2014-02-15 15:34 - 2013-03-21 23:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2014-02-15 15:33 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-02-15 15:33 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-02-15 15:33 - 2013-04-03 00:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll 2014-02-15 15:33 - 2013-04-03 00:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll 2014-02-15 15:32 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll 2014-02-15 15:32 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll 2014-02-15 14:36 - 2014-02-16 14:40 - 00000000 ____D () C:\Users\HorrorKid\Tracing 2014-02-15 14:25 - 2014-02-15 14:25 - 00000000 ____D () C:\WINDOWS\de 2014-02-15 14:24 - 2014-02-16 14:43 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-02-15 14:24 - 2014-02-15 14:24 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2014-02-15 14:24 - 2014-02-15 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-02-15 14:23 - 2014-02-15 14:23 - 00000199 _____ () C:\WINDOWS\DirectX.log 2014-02-15 14:23 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2014-02-15 14:23 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2014-02-15 14:23 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2014-02-15 14:23 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2014-02-15 14:23 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2014-02-15 14:23 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2014-02-15 14:23 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2014-02-15 14:23 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2014-02-15 14:23 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2014-02-15 14:23 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2014-02-15 14:23 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2014-02-15 14:23 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2014-02-15 14:22 - 2014-02-15 15:16 - 00000000 ____D () C:\Users\HorrorKid\AppData\Local\Windows Live 2014-02-15 14:17 - 2014-02-15 14:21 - 142602520 _____ (Microsoft Corporation) C:\Users\HorrorKid\Downloads\wlsetup-all_16.4.3508.0205 (1).exe 2014-02-14 16:10 - 2014-02-14 16:16 - 246598160 _____ () C:\Users\HorrorKid\Downloads\kis14.0.0.4651de-de.exe 2014-02-14 14:26 - 2014-02-14 14:26 - 00000000 ____D () C:\Users\HorrorKid\AppData\Roaming\Malwarebytes 2014-02-14 14:26 - 2014-02-14 14:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-14 14:26 - 2014-02-14 14:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-14 14:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-02-14 14:25 - 2014-02-14 14:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HorrorKid\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-14 11:04 - 2014-02-14 11:04 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Lenovo 2014-02-14 11:03 - 2014-02-14 11:04 - 00001133 _____ () C:\Users\Gast\Desktop\Cyberlink Power2Go.lnk 2014-02-14 11:03 - 2014-02-14 11:03 - 00001449 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-14 11:03 - 2014-02-14 11:03 - 00000020 ___SH () C:\Users\Gast\ntuser.ini 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Vorlagen 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Startmenü 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Gast 2014-02-14 11:03 - 2013-08-16 15:02 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-02-14 11:03 - 2013-06-24 22:27 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-02-14 11:03 - 2013-02-16 03:28 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Macromedia 2014-02-14 11:03 - 2013-02-16 03:26 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-02-14 11:03 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-14 11:03 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-14 11:03 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\Gast\Desktop\Lenovo Telephony Start Now.url 2014-02-14 10:13 - 2014-02-14 10:13 - 01166132 _____ () C:\Users\HorrorKid\Downloads\adwcleaner-3.018 (1).exe 2014-02-13 10:20 - 2014-02-13 10:20 - 00482645 _____ () C:\Users\HorrorKid\Downloads\Ba7ONiWCQAACgVm.png-large 2014-02-12 10:32 - 2014-02-12 10:32 - 01709990 _____ () C:\Users\HorrorKid\Downloads\51.jpeg 2014-02-12 10:02 - 2014-02-12 10:03 - 01166132 _____ () C:\Users\HorrorKid\Downloads\adwcleaner-3.018.exe 2014-02-12 07:56 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-12 07:56 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-12 07:56 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-12 07:56 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-02-12 07:56 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-12 07:56 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-02-12 07:56 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-02-12 07:56 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-02-12 07:56 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-02-12 07:56 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-02-12 07:56 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-02-12 07:56 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-02-12 07:56 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-02-12 07:56 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-02-12 07:56 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-02-12 07:56 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-02-12 07:56 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-02-12 07:56 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-02-12 07:56 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-02-12 07:56 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-02-12 07:56 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-02-12 07:56 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-02-12 07:56 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-02-12 07:56 - 2013-11-27 01:19 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-02-12 07:56 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2014-02-12 07:56 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-02-12 07:55 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-02-12 07:55 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-12 07:55 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-02-12 07:55 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-02-12 07:55 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-02-12 07:55 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-02-12 07:54 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2014-02-12 07:54 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2014-02-12 07:54 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2014-02-12 07:54 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2014-02-04 23:02 - 2014-02-04 23:54 - 202831872 _____ () C:\Users\HorrorKid\Downloads\Metroid.Prime.Trilogy.part04.rar 2014-02-04 21:48 - 2014-02-04 22:56 - 202831872 _____ () C:\Users\HorrorKid\Downloads\Metroid.Prime.Trilogy.part01.rar 2014-02-04 21:45 - 2014-02-04 21:45 - 00014488 _____ () C:\Users\HorrorKid\Downloads\10c16348d566d79d4202b7e62135c6d6.dlc 2014-02-04 00:48 - 2014-02-04 00:56 - 44350914 _____ () C:\Users\HorrorKid\Downloads\mp2_pal.zip 2014-02-03 23:25 - 2014-02-03 23:25 - 44768128 _____ () C:\Users\HorrorKid\Downloads\N64 Mario Party 2.wad 2014-02-03 20:25 - 2014-02-03 20:26 - 00777208 _____ () C:\Users\HorrorKid\Downloads\wii_gamecube_homebrew_launcher_v0.2.3.rar 2014-02-03 20:11 - 2014-02-03 20:12 - 61569210 _____ () C:\Users\HorrorKid\Downloads\Conker's Bad Fur Day (USA).zip 2014-02-01 18:17 - 2014-02-01 18:17 - 00749735 _____ () C:\Users\HorrorKid\Downloads\wad_manager_1.7.rar 2014-02-01 18:11 - 2014-02-01 18:11 - 00131072 _____ () C:\Users\HorrorKid\Downloads\Super.Mario.World.PAL.PROPER.REPACK.VC.Wii-OneUp.srm 2014-02-01 18:03 - 2014-02-01 18:03 - 00004910 _____ () C:\Users\HorrorKid\Downloads\2A11C738A27C35E6303F36F60D0B001EFB0287BD.torrent 2014-02-01 18:01 - 2014-02-01 18:01 - 00004925 _____ () C:\Users\HorrorKid\Downloads\Super.Mario.World.PAL.PROPER.REPACK.VC.Wii-OneUp.torrent 2014-01-31 22:26 - 2014-01-31 22:31 - 14342256 _____ () C:\Users\HorrorKid\Downloads\LoZ_-_LttP.zip 2014-01-30 15:36 - 2014-01-30 15:36 - 00020203 _____ () C:\Users\HorrorKid\Downloads\20120416-223701.jpg-w=490 2014-01-28 09:28 - 2014-01-28 09:28 - 00037855 _____ () C:\Users\HorrorKid\Downloads\The-animatrix-poster.jpeg 2014-01-28 09:24 - 2014-02-16 17:39 - 00006584 _____ () C:\WINDOWS\PFRO.log 2014-01-28 09:19 - 2014-02-14 10:14 - 00000000 ____D () C:\AdwCleaner 2014-01-28 09:17 - 2014-01-28 09:17 - 01236282 _____ () C:\Users\HorrorKid\Downloads\adwcleaner_3.017 (2).exe 2014-01-27 15:18 - 2014-01-27 15:18 - 00000000 ____D () C:\Users\HorrorKid\AppData\Local\Wii_Converter_GUI 2014-01-27 13:55 - 2014-01-27 13:56 - 16503094 _____ () C:\Users\HorrorKid\Downloads\usbloader_gx_v3_0_allinonepackage_ios249.zip 2014-01-27 12:09 - 2014-02-07 23:58 - 00009415 _____ () C:\WINDOWS\setupact.log 2014-01-27 12:09 - 2014-01-27 12:09 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-01-26 07:34 - 2009-02-12 22:45 - 405012480 _____ () C:\Users\HorrorKid\Downloads\SuMGal.iso 2014-01-25 09:22 - 2014-01-25 09:22 - 00002736 _____ () C:\Users\HorrorKid\Downloads\relink.us__RMGP01.part0_dd5e61980093677970f4d5002c958e (1).dlc 2014-01-24 21:13 - 2014-01-24 21:13 - 00002736 _____ () C:\Users\HorrorKid\Downloads\relink.us__RMGP01.part0_dd5e61980093677970f4d5002c958e.dlc 2014-01-24 20:58 - 2014-01-24 20:58 - 00921000 _____ (Oracle Corporation) C:\Users\HorrorKid\Downloads\chromeinstall-7u51.exe 2014-01-24 20:45 - 2014-01-24 21:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-01-24 20:42 - 2014-01-24 20:42 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\HorrorKid\Downloads\WebInstaller.exe 2014-01-24 19:54 - 2014-01-24 19:54 - 00000000 ____D () C:\wbfs 2014-01-24 19:47 - 2014-01-24 19:47 - 00000000 ____D () C:\ProgramData\Free Download Manager 2014-01-24 19:45 - 2014-01-24 19:45 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\HorrorKid\Downloads\fdminst_3.9.3.1360.exe 2014-01-24 08:25 - 2014-01-24 08:25 - 01236282 _____ () C:\Users\HorrorKid\Downloads\adwcleaner_3.017.exe 2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys ==================== One Month Modified Files and Folders ======= 2014-02-16 18:28 - 2014-02-16 18:28 - 02152960 _____ (Farbar) C:\Users\HorrorKid\Downloads\FRST64.exe 2014-02-16 18:28 - 2014-02-16 18:28 - 00013625 _____ () C:\Users\HorrorKid\Downloads\FRST.txt 2014-02-16 18:28 - 2014-02-16 18:28 - 00000000 ____D () C:\FRST 2014-02-16 18:19 - 2013-02-16 11:57 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat 2014-02-16 18:19 - 2013-02-16 11:57 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat 2014-02-16 18:19 - 2012-07-26 08:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-02-16 18:17 - 2014-01-02 17:59 - 01113784 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-16 17:40 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-02-16 17:39 - 2014-01-28 09:24 - 00006584 _____ () C:\WINDOWS\PFRO.log 2014-02-16 17:39 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-02-16 16:02 - 2013-06-18 16:31 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1864232908-4205428584-3793576050-1001UA.job 2014-02-16 14:56 - 2013-06-18 16:05 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1864232908-4205428584-3793576050-1001 2014-02-16 14:43 - 2014-02-15 14:24 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-02-16 14:42 - 2013-06-27 13:35 - 00000000 ____D () C:\Users\HorrorKid\AppData\Roaming\Skype 2014-02-16 14:42 - 2013-06-27 13:35 - 00000000 ____D () C:\ProgramData\Skype 2014-02-16 14:40 - 2014-02-15 14:36 - 00000000 ____D () C:\Users\HorrorKid\Tracing 2014-02-16 13:56 - 2013-08-15 09:00 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-02-16 13:53 - 2013-06-19 10:51 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-02-16 13:26 - 2014-02-16 13:26 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\AVAST Software 2014-02-16 10:48 - 2014-02-16 10:48 - 00000000 ____D () C:\Users\HorrorKid\AppData\Roaming\AVAST Software 2014-02-16 10:48 - 2014-02-16 10:47 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-02-16 10:47 - 2014-02-16 10:47 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-16 10:46 - 2014-02-16 10:47 - 01038072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-02-16 10:46 - 2014-02-16 10:47 - 00421704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-02-16 10:46 - 2014-02-16 10:47 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-02-16 10:46 - 2014-02-16 10:47 - 00207904 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-02-16 10:46 - 2014-02-16 10:47 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-02-16 10:46 - 2014-02-16 10:47 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2014-02-16 10:46 - 2014-02-16 10:47 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-02-16 10:46 - 2014-02-16 10:47 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-02-16 10:46 - 2014-02-16 10:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-02-16 10:46 - 2014-02-16 10:46 - 00000000 ____D () C:\Program Files\AVAST Software 2014-02-16 10:45 - 2014-02-16 10:45 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-16 10:45 - 2014-02-16 10:43 - 90578216 _____ (AVAST Software) C:\Users\HorrorKid\Downloads\avast_free_antivirus_setup_9.0.2013.exe 2014-02-16 10:21 - 2013-08-17 00:16 - 00000000 ____D () C:\Users\HorrorKid\AppData\Local\Facebook 2014-02-16 10:16 - 2013-07-16 04:44 - 00000000 ____D () C:\ldiag 2014-02-16 10:02 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-02-16 10:01 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-02-16 09:58 - 2013-12-18 13:29 - 00000000 ____D () C:\Gamigo 2014-02-16 09:50 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-02-16 09:49 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-02-16 09:49 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore 2014-02-15 21:22 - 2014-02-15 21:22 - 00003118 _____ () C:\WINDOWS\System32\Tasks\{2D887AA4-C80D-4525-93C4-4CFB2B2AEC9C} 2014-02-15 21:15 - 2014-02-15 21:15 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{EE97E55B-81C7-4EFC-ACA6-B74C93886DC8} 2014-02-15 20:36 - 2014-02-15 18:58 - 153679872 _____ () C:\Users\HorrorKid\Downloads\The.Legend.of.Zelda.Skyward.Sword.part01.rar 2014-02-15 18:55 - 2014-02-15 18:55 - 00011568 _____ () C:\Users\HorrorKid\Downloads\c4b4ae006e36d7d2cf4a23bdf29e989f.dlc 2014-02-15 15:53 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-02-15 15:16 - 2014-02-15 14:22 - 00000000 ____D () C:\Users\HorrorKid\AppData\Local\Windows Live 2014-02-15 14:36 - 2013-06-18 15:56 - 00000000 ____D () C:\Users\HorrorKid 2014-02-15 14:25 - 2014-02-15 14:25 - 00000000 ____D () C:\WINDOWS\de 2014-02-15 14:25 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-02-15 14:24 - 2014-02-15 14:24 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2014-02-15 14:24 - 2014-02-15 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-02-15 14:23 - 2014-02-15 14:23 - 00000199 _____ () C:\WINDOWS\DirectX.log 2014-02-15 14:21 - 2014-02-15 14:17 - 142602520 _____ (Microsoft Corporation) C:\Users\HorrorKid\Downloads\wlsetup-all_16.4.3508.0205 (1).exe 2014-02-14 21:02 - 2013-06-18 16:31 - 00001094 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1864232908-4205428584-3793576050-1001Core.job 2014-02-14 16:16 - 2014-02-14 16:10 - 246598160 _____ () C:\Users\HorrorKid\Downloads\kis14.0.0.4651de-de.exe 2014-02-14 14:26 - 2014-02-14 14:26 - 00000000 ____D () C:\Users\HorrorKid\AppData\Roaming\Malwarebytes 2014-02-14 14:26 - 2014-02-14 14:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-14 14:26 - 2014-02-14 14:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-14 14:25 - 2014-02-14 14:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HorrorKid\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-14 11:04 - 2014-02-14 11:04 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Lenovo 2014-02-14 11:04 - 2014-02-14 11:03 - 00001133 _____ () C:\Users\Gast\Desktop\Cyberlink Power2Go.lnk 2014-02-14 11:03 - 2014-02-14 11:03 - 00001449 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-14 11:03 - 2014-02-14 11:03 - 00000020 ___SH () C:\Users\Gast\ntuser.ini 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Vorlagen 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Startmenü 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages 2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Gast 2014-02-14 10:14 - 2014-01-28 09:19 - 00000000 ____D () C:\AdwCleaner 2014-02-14 10:13 - 2014-02-14 10:13 - 01166132 _____ () C:\Users\HorrorKid\Downloads\adwcleaner-3.018 (1).exe 2014-02-13 14:36 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-02-13 10:20 - 2014-02-13 10:20 - 00482645 _____ () C:\Users\HorrorKid\Downloads\Ba7ONiWCQAACgVm.png-large 2014-02-12 10:32 - 2014-02-12 10:32 - 01709990 _____ () C:\Users\HorrorKid\Downloads\51.jpeg 2014-02-12 10:03 - 2014-02-12 10:02 - 01166132 _____ () C:\Users\HorrorKid\Downloads\adwcleaner-3.018.exe 2014-02-11 20:57 - 2013-06-18 16:31 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864232908-4205428584-3793576050-1001UA 2014-02-11 20:57 - 2013-06-18 16:31 - 00003720 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864232908-4205428584-3793576050-1001Core 2014-02-10 17:25 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-02-07 23:58 - 2014-01-27 12:09 - 00009415 _____ () C:\WINDOWS\setupact.log 2014-02-04 23:54 - 2014-02-04 23:02 - 202831872 _____ () C:\Users\HorrorKid\Downloads\Metroid.Prime.Trilogy.part04.rar 2014-02-04 22:56 - 2014-02-04 21:48 - 202831872 _____ () C:\Users\HorrorKid\Downloads\Metroid.Prime.Trilogy.part01.rar 2014-02-04 21:45 - 2014-02-04 21:45 - 00014488 _____ () C:\Users\HorrorKid\Downloads\10c16348d566d79d4202b7e62135c6d6.dlc 2014-02-04 00:56 - 2014-02-04 00:48 - 44350914 _____ () C:\Users\HorrorKid\Downloads\mp2_pal.zip 2014-02-03 23:25 - 2014-02-03 23:25 - 44768128 _____ () C:\Users\HorrorKid\Downloads\N64 Mario Party 2.wad 2014-02-03 20:26 - 2014-02-03 20:25 - 00777208 _____ () C:\Users\HorrorKid\Downloads\wii_gamecube_homebrew_launcher_v0.2.3.rar 2014-02-03 20:12 - 2014-02-03 20:11 - 61569210 _____ () C:\Users\HorrorKid\Downloads\Conker's Bad Fur Day (USA).zip 2014-02-02 01:14 - 2013-06-18 15:56 - 00000000 ____D () C:\Users\HorrorKid\AppData\Local\Packages 2014-02-01 18:17 - 2014-02-01 18:17 - 00749735 _____ () C:\Users\HorrorKid\Downloads\wad_manager_1.7.rar 2014-02-01 18:11 - 2014-02-01 18:11 - 00131072 _____ () C:\Users\HorrorKid\Downloads\Super.Mario.World.PAL.PROPER.REPACK.VC.Wii-OneUp.srm 2014-02-01 18:03 - 2014-02-01 18:03 - 00004910 _____ () C:\Users\HorrorKid\Downloads\2A11C738A27C35E6303F36F60D0B001EFB0287BD.torrent 2014-02-01 18:01 - 2014-02-01 18:01 - 00004925 _____ () C:\Users\HorrorKid\Downloads\Super.Mario.World.PAL.PROPER.REPACK.VC.Wii-OneUp.torrent 2014-02-01 10:20 - 2014-02-12 07:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-01 10:19 - 2014-02-12 07:56 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-01 10:19 - 2014-02-12 07:56 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-01 10:19 - 2014-02-12 07:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-02-01 10:19 - 2014-02-12 07:56 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-01 10:18 - 2014-02-12 07:56 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-02-01 10:18 - 2014-02-12 07:55 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-02-01 10:18 - 2014-02-12 07:55 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-01 08:58 - 2014-02-12 07:56 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-02-01 08:58 - 2014-02-12 07:56 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-02-01 08:58 - 2014-02-12 07:56 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-02-01 08:57 - 2014-02-12 07:56 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-02-01 08:57 - 2014-02-12 07:56 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-02-01 08:57 - 2014-02-12 07:56 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-02-01 08:57 - 2014-02-12 07:56 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-02-01 08:57 - 2014-02-12 07:56 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-02-01 08:57 - 2014-02-12 07:56 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-02-01 08:57 - 2014-02-12 07:56 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-02-01 08:57 - 2014-02-12 07:55 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-02-01 08:57 - 2014-02-12 07:55 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-02-01 08:57 - 2014-02-12 07:55 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-02-01 08:57 - 2014-02-12 07:55 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-02-01 08:40 - 2014-02-12 07:56 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-02-01 08:34 - 2014-02-12 07:56 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-02-01 06:08 - 2014-02-12 07:56 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-01-31 22:31 - 2014-01-31 22:26 - 14342256 _____ () C:\Users\HorrorKid\Downloads\LoZ_-_LttP.zip 2014-01-30 22:10 - 2013-12-17 20:20 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-01-30 22:10 - 2013-12-17 20:20 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-30 15:36 - 2014-01-30 15:36 - 00020203 _____ () C:\Users\HorrorKid\Downloads\20120416-223701.jpg-w=490 2014-01-28 09:28 - 2014-01-28 09:28 - 00037855 _____ () C:\Users\HorrorKid\Downloads\The-animatrix-poster.jpeg 2014-01-28 09:23 - 2013-06-18 16:32 - 00000000 ____D () C:\Users\HorrorKid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-01-28 09:23 - 2013-06-18 15:57 - 00001014 _____ () C:\Users\HorrorKid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-28 09:17 - 2014-01-28 09:17 - 01236282 _____ () C:\Users\HorrorKid\Downloads\adwcleaner_3.017 (2).exe 2014-01-27 15:18 - 2014-01-27 15:18 - 00000000 ____D () C:\Users\HorrorKid\AppData\Local\Wii_Converter_GUI 2014-01-27 13:56 - 2014-01-27 13:55 - 16503094 _____ () C:\Users\HorrorKid\Downloads\usbloader_gx_v3_0_allinonepackage_ios249.zip 2014-01-27 12:09 - 2014-01-27 12:09 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-01-25 09:22 - 2014-01-25 09:22 - 00002736 _____ () C:\Users\HorrorKid\Downloads\relink.us__RMGP01.part0_dd5e61980093677970f4d5002c958e (1).dlc 2014-01-24 21:20 - 2014-01-24 20:45 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-01-24 21:13 - 2014-01-24 21:13 - 00002736 _____ () C:\Users\HorrorKid\Downloads\relink.us__RMGP01.part0_dd5e61980093677970f4d5002c958e.dlc 2014-01-24 20:58 - 2014-01-24 20:58 - 00921000 _____ (Oracle Corporation) C:\Users\HorrorKid\Downloads\chromeinstall-7u51.exe 2014-01-24 20:42 - 2014-01-24 20:42 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\HorrorKid\Downloads\WebInstaller.exe 2014-01-24 19:54 - 2014-01-24 19:54 - 00000000 ____D () C:\wbfs 2014-01-24 19:47 - 2014-01-24 19:47 - 00000000 ____D () C:\ProgramData\Free Download Manager 2014-01-24 19:45 - 2014-01-24 19:45 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\HorrorKid\Downloads\fdminst_3.9.3.1360.exe 2014-01-24 08:25 - 2014-01-24 08:25 - 01236282 _____ () C:\Users\HorrorKid\Downloads\adwcleaner_3.017.exe 2014-01-23 05:57 - 2013-06-30 18:24 - 00019701 _____ () C:\Users\HorrorKid\Desktop\Notizen.txt 2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2014-01-20 13:41 - 2013-12-26 18:45 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-01-19 08:33 - 2013-07-20 13:41 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\HorrorKid\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-16 13:26 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01 Ran by HorrorKid at 2014-02-16 18:29:23 Running from C:\Users\HorrorKid\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Alcor Micro USB Card Reader (x32 Version: 3.8.42.71502 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.8.42.71502 - Alcor Micro Corp.) Hidden Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.4 - Atheros Communications Inc.) avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software) Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden Broadcom 802.11 Network Adapter (Version: 6.30.59.20 - Broadcom Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Advanced Audio v2 (x32 Version: 7.2.8000.13 - Dolby Laboratories Inc) Energy Management (x32 Version: 8.0.2.3 - Lenovo) Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0 - ) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.) Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH) Left 4 Dead 2 (x32 Version: - Valve) Lenovo EasyCamera (x32 Version: 1.12.824.1 - Vimicro) Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (x32 Version: 8.0.0.0710 - CyberLink Corp.) Lenovo Photos (x32 Version: 4.8.5 - CEWE COLOR AG u Co. OHG) Lenovo pointing device (Version: 11.4.11.7 - ELAN Microelectronic Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden Lenovo Solution Center (Version: 2.3.002.00 - Lenovo Group Limited) Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Nitro Pro 8 (Version: 8.0.7.3 - Nitro) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.) Project 64 version 2.1.0.1 (x32 Version: 2.1.0.1 - ) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6675 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (Version: 10.0.0 - McAfee) Steam (x32 Version: - Valve Corporation) SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.) UserGuide (x32 Version: 1.0.0.9 - Lenovo) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo) WinRAR 5.00 (32-Bit) (x32 Version: 5.00.0 - win.rar GmbH) ==================== Restore Points ========================= 01-02-2014 02:02:29 Geplanter Prüfpunkt 05-02-2014 13:51:52 Windows Update 13-02-2014 10:13:09 Windows Update 15-02-2014 13:22:19 Windows Live Essentials 16-02-2014 13:41:13 Removed Skype™ 6.3 ==================== Hosts content: ========================== 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {01489315-AF0F-4774-AE19-0BA847BA9926} - \Plus-HD-4.8-updater No Task File Task: {09165554-CF9D-40C5-B22B-4BDBA7783C9B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864232908-4205428584-3793576050-1001UA => C:\Users\HorrorKid\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-18] (Google Inc.) Task: {18E51AB3-23BB-4FF3-8ED5-B70833155183} - System32\Tasks\{BC7DEA4D-0781-463A-8967-E46282B99082} => Chrome.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1603 Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1C574E6C-2234-4CDB-9F7C-9F48F12A8800} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] () Task: {1F56F8B8-60FA-45C8-9512-0EEB0F8B07A5} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {254292BD-C1EA-443E-B9D1-DF758A1B4648} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {26971375-77E9-4EA1-8D2F-E26ED1123EB8} - \BrowserDefendert No Task File Task: {2A36C22A-CC6E-446D-B826-B1D13DF154F9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo) Task: {2C4B9490-7C20-474F-84FA-7149933259EE} - System32\Tasks\{FDFD0B59-2E71-4EEA-B331-70EE75DD3C24} => Chrome.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1603 Task: {2F92F082-BE72-4DF9-8EF9-10EE522781A3} - System32\Tasks\{CE1DFF19-7686-40D2-8779-ECFDF9BB2731} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1603 Task: {3FCD0E83-2C61-40BD-B1EF-2C547F257819} - \Plus-HD-4.8-firefoxinstaller No Task File Task: {40212352-FDF9-4008-8860-416CC1EA78C9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-16] (AVAST Software) Task: {578E351C-0718-40E5-825F-C5FA705AF2E8} - \Desk 365 RunAsStdUser No Task File Task: {6001EF7C-B27D-42FA-A44C-ED8A2C0E6591} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864232908-4205428584-3793576050-1001Core => C:\Users\HorrorKid\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-18] (Google Inc.) Task: {6952FF54-08E7-4395-88D0-441E78BEC008} - System32\Tasks\{2D887AA4-C80D-4525-93C4-4CFB2B2AEC9C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsWLM Task: {6CAA9FCB-EB86-45F6-BEDC-BD8D5FCEC2F2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {71024835-969A-4AB0-AC21-93D8F48C97AA} - System32\Tasks\Microsoft\WINRE\WinRE-Repair => C:\windows\System32\reagentc.exe [2012-10-24] (Microsoft Corporation) Task: {797C22AC-532C-44B7-8BA6-AAB6A93E5C50} - \Plus-HD-4.8-codedownloader No Task File Task: {853296E5-99CD-4DF5-B92E-69F5DDDA9AC3} - System32\Tasks\{EE97E55B-81C7-4EFC-ACA6-B74C93886DC8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/go/help.faq.installer?LastError=1603 Task: {8A30E798-4A62-4FCA-B59A-A1064B0D8D55} - System32\Tasks\{088DAD7B-8373-459B-B5B1-1D426A241776} => Chrome.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1603 Task: {8B4E1962-DBB6-47A9-987C-3AD80D3E1285} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] () Task: {9E50CBAF-C83B-4ECA-AE15-00CE154C0EB3} - System32\Tasks\{C1892C02-5018-46FF-ABBC-ACB87AE8F851} => Chrome.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1603 Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AD808DCC-E606-4FFE-A11E-45B1F696809C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo) Task: {B871D65E-D098-456E-8B54-9E0513859B98} - \Plus-HD-4.8-chromeinstaller No Task File Task: {BE67E384-0466-4563-B204-A3A8E2519EA8} - \Plus-HD-4.8-enabler No Task File Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1864232908-4205428584-3793576050-1001Core.job => C:\Users\HorrorKid\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1864232908-4205428584-3793576050-1001UA.job => C:\Users\HorrorKid\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-27 07:13 - 2012-08-23 09:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll 2013-02-16 03:32 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll 2014-02-16 10:46 - 2014-02-16 10:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-02-03 23:58 - 2014-02-02 00:41 - 00715592 _____ () C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll 2014-02-03 23:58 - 2014-02-02 00:41 - 00100168 _____ () C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll 2014-02-03 23:58 - 2014-02-02 00:42 - 04055368 _____ () C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll 2014-02-03 23:58 - 2014-02-02 00:42 - 00399688 _____ () C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll 2014-02-03 23:58 - 2014-02-02 00:41 - 01634632 _____ () C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll 2014-02-03 23:58 - 2014-02-02 00:42 - 13616456 _____ () C:\Users\HorrorKid\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/16/2014 02:41:24 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary yotphmjs. System Error: Das System kann die angegebene Datei nicht finden. . Error: (02/15/2014 09:15:36 PM) (Source: MsiInstaller) (User: LINK) Description: Product: Skype™ 6.3 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeSetup_6.3.0.105.msi Error: (02/15/2014 06:47:03 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MovieMaker.exe, Version: 16.4.3508.205, Zeitstempel: 0x5111fa77 Name des fehlerhaften Moduls: igd10umd32.dll, Version: 9.17.10.2843, Zeitstempel: 0x5033bdbf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d0ef ID des fehlerhaften Prozesses: 0x1fb8 Startzeit der fehlerhaften Anwendung: 0xMovieMaker.exe0 Pfad der fehlerhaften Anwendung: MovieMaker.exe1 Pfad des fehlerhaften Moduls: MovieMaker.exe2 Berichtskennung: MovieMaker.exe3 Vollständiger Name des fehlerhaften Pakets: MovieMaker.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MovieMaker.exe5 Error: (02/15/2014 06:36:23 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MovieMaker.exe, Version: 16.4.3508.205, Zeitstempel: 0x5111fa77 Name des fehlerhaften Moduls: igd10umd32.dll, Version: 9.17.10.2843, Zeitstempel: 0x5033bdbf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006cfab ID des fehlerhaften Prozesses: 0x1eb4 Startzeit der fehlerhaften Anwendung: 0xMovieMaker.exe0 Pfad der fehlerhaften Anwendung: MovieMaker.exe1 Pfad des fehlerhaften Moduls: MovieMaker.exe2 Berichtskennung: MovieMaker.exe3 Vollständiger Name des fehlerhaften Pakets: MovieMaker.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MovieMaker.exe5 Error: (02/12/2014 10:06:16 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.14.1.36458, Zeitstempel: 0x4fbe2d9c Name des fehlerhaften Moduls: dlnashext.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5010975d Ausnahmecode: 0xc0000005 Fehleroffset: 0x74afdeed ID des fehlerhaften Prozesses: 0xdf0 Startzeit der fehlerhaften Anwendung: 0xismagent.exe0 Pfad der fehlerhaften Anwendung: ismagent.exe1 Pfad des fehlerhaften Moduls: ismagent.exe2 Berichtskennung: ismagent.exe3 Vollständiger Name des fehlerhaften Pakets: ismagent.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5 Error: (02/12/2014 10:06:14 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.14.1.36458, Zeitstempel: 0x4fbe2d9c Name des fehlerhaften Moduls: ncrypt.dll, Version: 6.2.9200.16384, Zeitstempel: 0x50108af8 Ausnahmecode: 0xc00001a5 Fehleroffset: 0x000176d4 ID des fehlerhaften Prozesses: 0xdf0 Startzeit der fehlerhaften Anwendung: 0xismagent.exe0 Pfad der fehlerhaften Anwendung: ismagent.exe1 Pfad des fehlerhaften Moduls: ismagent.exe2 Berichtskennung: ismagent.exe3 Vollständiger Name des fehlerhaften Pakets: ismagent.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5 Error: (02/12/2014 07:48:01 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.14.1.36458, Zeitstempel: 0x4fbe2d9c Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16680, Zeitstempel: 0x51fb1462 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001d45e ID des fehlerhaften Prozesses: 0xad4 Startzeit der fehlerhaften Anwendung: 0xismagent.exe0 Pfad der fehlerhaften Anwendung: ismagent.exe1 Pfad des fehlerhaften Moduls: ismagent.exe2 Berichtskennung: ismagent.exe3 Vollständiger Name des fehlerhaften Pakets: ismagent.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5 Error: (02/12/2014 07:47:57 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.14.1.36458, Zeitstempel: 0x4fbe2d9c Name des fehlerhaften Moduls: dlnashext.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5010975d Ausnahmecode: 0xc00001a5 Fehleroffset: 0x746176d4 ID des fehlerhaften Prozesses: 0xad4 Startzeit der fehlerhaften Anwendung: 0xismagent.exe0 Pfad der fehlerhaften Anwendung: ismagent.exe1 Pfad des fehlerhaften Moduls: ismagent.exe2 Berichtskennung: ismagent.exe3 Vollständiger Name des fehlerhaften Pakets: ismagent.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5 Error: (02/04/2014 04:22:41 PM) (Source: Google Update) (User: LINK) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (01/21/2014 07:22:41 AM) (Source: Google Update) (User: LINK) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s System errors: ============= Error: (02/16/2014 05:39:31 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (02/01/2014 04:38:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Modem Error: (02/01/2014 04:38:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile MTP Device Error: (01/24/2014 01:12:48 PM) (Source: DCOM) (User: LINK) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (01/16/2014 07:54:42 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (01/09/2014 07:33:07 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 09.01.2014 um 18:53:11 unerwartet heruntergefahren. Error: (01/08/2014 10:41:59 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/08/2014 10:41:59 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (12/26/2013 06:51:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/26/2013 06:51:02 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Microsoft Office Sessions: ========================= Error: (02/16/2014 02:41:24 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary yotphmjs. System Error: Das System kann die angegebene Datei nicht finden. Error: (02/15/2014 09:15:36 PM) (Source: MsiInstaller)(User: LINK) Description: Product: Skype™ 6.3 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeSetup_6.3.0.105.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/15/2014 06:47:03 PM) (Source: Application Error)(User: ) Description: MovieMaker.exe16.4.3508.2055111fa77igd10umd32.dll9.17.10.28435033bdbfc00000050006d0ef1fb801cf2a7478f84461C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\WINDOWS\SYSTEM32\igd10umd32.dll2d56a15f-9669-11e3-bea2-3c970e761646 Error: (02/15/2014 06:36:23 PM) (Source: Application Error)(User: ) Description: MovieMaker.exe16.4.3508.2055111fa77igd10umd32.dll9.17.10.28435033bdbfc00000050006cfab1eb401cf2a745644b798C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\WINDOWS\SYSTEM32\igd10umd32.dllafcf6f11-9667-11e3-bea2-3c970e761646 Error: (02/12/2014 10:06:16 AM) (Source: Application Error)(User: ) Description: ismagent.exe1.14.1.364584fbe2d9cdlnashext.dll_unloaded0.0.0.05010975dc000000574afdeeddf001cf27d1acdbe867C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exedlnashext.dlled1f4ace-93c4-11e3-be9f-3c970e761646 Error: (02/12/2014 10:06:14 AM) (Source: Application Error)(User: ) Description: ismagent.exe1.14.1.364584fbe2d9cncrypt.dll6.2.9200.1638450108af8c00001a5000176d4df001cf27d1acdbe867C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exeC:\WINDOWS\SYSTEM32\ncrypt.dllec1904c7-93c4-11e3-be9f-3c970e761646 Error: (02/12/2014 07:48:01 AM) (Source: Application Error)(User: ) Description: ismagent.exe1.14.1.364584fbe2d9cSHELL32.dll6.2.9200.1668051fb1462c00000050001d45ead401cf27be56233d5aC:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exeC:\WINDOWS\SYSTEM32\SHELL32.dll9cd62df5-93b1-11e3-be9e-3c970e761646 Error: (02/12/2014 07:47:57 AM) (Source: Application Error)(User: ) Description: ismagent.exe1.14.1.364584fbe2d9cdlnashext.dll_unloaded0.0.0.05010975dc00001a5746176d4ad401cf27be56233d5aC:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exedlnashext.dll9ae17ad0-93b1-11e3-be9e-3c970e761646 Error: (02/04/2014 04:22:41 PM) (Source: Google Update)(User: LINK) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (01/21/2014 07:22:41 AM) (Source: Google Update)(User: LINK) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 3941.41 MB Available physical RAM: 2300.64 MB Total Pagefile: 4645.41 MB Available Pagefile: 2859.26 MB Total Virtual: 8192 MB Available Virtual: 8191.75 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:418.43 GB) (Free:352.83 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 4B804535) Partition: GPT Partition Type ==================== End Of Log ============================ 1.Ich benutze Windows 8. 2.Ich habe dieses Tutorial vollständig durchgemacht: Sweet Page entfernen - Kostenlos den Virus löschen | Browserdoktor 3.Mir ist aufgefallen, daß bei der Weiterleitung noch ein Plagegeist auftritt - sweetpage leitet über myv9.com an Yahoo (yhs4.com) weiter. |
17.02.2014, 13:46 | #4 |
/// the machine /// TB-Ausbilder | Plagegeister: Superfish & Sweetpage Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Plagegeister: Superfish & Sweetpage |
adwcleaner, antimalwarebytes, ausführen, avast, avast!, ccleaner, ebay, guten, klicke, konnte, plagegeister, seite, seiten, spyhunter, spyhunter entfernen, suche, superfish, sweet page, sweet page entfernen, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, trotz, yahoo |