| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner? PDM:trojan.win32.bazon.aWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.02.2014, 14:38
| #1 |
| |  Trojaner? PDM:trojan.win32.bazon.a Hallo, wollte eben ein Update für NFS aus einer vermutlich unsicheren Quelle installieren. Kaspersky meldete dann: PDM:trojan.win32.bazon.a Ich habe die Datei mit Anubis gescannt, allerdings weiß ich nicht, wie ich das zu deuten habe: Code:
ATTFilter ___ __ _
+ /- / | ____ __ __/ /_ (_)____ -\ +
/s h- / /| | / __ \/ / / / __ \/ / ___/ -h s\
oh-:d/ / ___ |/ / / / /_/ / /_/ / (__ ) /d:-ho
shh+hy- /_/ |_/_/ /_/\__,_/_.___/_/____/ -yh+hhs
-:+hhdhyys/- -\syyhdhh+:-
-//////dhhhhhddhhyss- Analysis Report -ssyhhddhhhhhd\\\\\\-
/++/////oydddddhhyys/ ooooooooooooooooooooo \syyhhdddddyo\\\\\++\
-+++///////odh/- -+hdo\\\\\\\+++-
+++++++++//yy+/: :\+yy\\+++++++++
/+soss+sys//yyo/os++o+: :+o++so\oyy\\sys+ssos+\
+oyyyys++o/+yss/+/oyyyy: :yyyyo\+\ssy+\o++syyyyo+
+oyyyyyyso+os/o/+yyyyyy/ \yyyyyy+\o\so+osyyyyyyo+
[#############################################################################]
Analysis Report for hxxp://server.xx/nfs.r.g.e_updv1.3.0.0.exe
[#############################################################################]
[=============================================================================]
Table of Contents
[=============================================================================]
- General information
- iexplore.exe
a) Registry Activities
b) File Activities
c) Network Activities
d) Other Activities
[#############################################################################]
1. General Information
[#############################################################################]
[=============================================================================]
Information about Anubis' invocation
[=============================================================================]
Time needed: 246 s
Report created: 02/19/14, 10:24:04 UTC
Termination reason: Timeout
Program version: 1.76.3886
[#############################################################################]
2. iexplore.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
Analysis Reason: Primary Analysis Subject
Filename: iexplore.exe
Command Line: "C:\Program Files\Internet Explorer\iexplore.exe"
Process-status
at analysis end: alive
Exit Code: 0
[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\USER32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
Base Address: [0x77F60000 ], Size: [0x00076000 ]
Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\SHDOCVW.dll ],
Base Address: [0x7E290000 ], Size: [0x00171000 ]
Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
Base Address: [0x77A80000 ], Size: [0x00095000 ]
Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
Base Address: [0x77B20000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\CRYPTUI.dll ],
Base Address: [0x754D0000 ], Size: [0x00080000 ]
Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
Base Address: [0x5B860000 ], Size: [0x00055000 ]
Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
Base Address: [0x77120000 ], Size: [0x0008B000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WININET.dll ],
Base Address: [0x771B0000 ], Size: [0x000AA000 ]
Module Name: [ C:\WINDOWS\system32\WINTRUST.dll ],
Base Address: [0x76C30000 ], Size: [0x0002E000 ]
Module Name: [ C:\WINDOWS\system32\IMAGEHLP.dll ],
Base Address: [0x76C90000 ], Size: [0x00028000 ]
Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
Base Address: [0x76F60000 ], Size: [0x0002C000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
Base Address: [0x773D0000 ], Size: [0x00103000 ]
Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
Base Address: [0x5D090000 ], Size: [0x0009A000 ]
Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
Base Address: [0x74720000 ], Size: [0x0004C000 ]
Module Name: [ C:\WINDOWS\system32\BROWSEUI.dll ],
Base Address: [0x75F80000 ], Size: [0x000FD000 ]
Module Name: [ C:\WINDOWS\system32\browselc.dll ],
Base Address: [0x71600000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\appHelp.dll ],
Base Address: [0x77B40000 ], Size: [0x00022000 ]
Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
Base Address: [0x77050000 ], Size: [0x000C5000 ]
Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
Base Address: [0x5AD70000 ], Size: [0x00038000 ]
Module Name: [ C:\WINDOWS\System32\cscui.dll ],
Base Address: [0x77A20000 ], Size: [0x00054000 ]
Module Name: [ C:\WINDOWS\System32\CSCDLL.dll ],
Base Address: [0x76600000 ], Size: [0x0001D000 ]
Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
Base Address: [0x77920000 ], Size: [0x000F3000 ]
Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
Module Name: [ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll ],
Base Address: [0x10000000 ], Size: [0x00010000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ],
Base Address: [0x78130000 ], Size: [0x0009B000 ]
Module Name: [ C:\Program Files\Java\jre1.6.0\bin\ssv.dll ],
Base Address: [0x6D7C0000 ], Size: [0x00079000 ]
Module Name: [ C:\Program Files\Java\jre1.6.0\bin\MSVCR71.dll ],
Base Address: [0x7C340000 ], Size: [0x00056000 ]
Module Name: [ C:\WINDOWS\system32\mshtml.dll ],
Base Address: [0x7DC30000 ], Size: [0x002F2000 ]
Module Name: [ C:\WINDOWS\system32\msls31.dll ],
Base Address: [0x746C0000 ], Size: [0x00027000 ]
Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
Module Name: [ C:\WINDOWS\system32\SXS.DLL ],
Base Address: [0x7E720000 ], Size: [0x000B0000 ]
Module Name: [ C:\WINDOWS\system32\shdoclc.dll ],
Base Address: [0x71800000 ], Size: [0x00088000 ]
Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
Base Address: [0x011C0000 ], Size: [0x002C5000 ]
Module Name: [ C:\WINDOWS\system32\MLANG.dll ],
Base Address: [0x75CF0000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\msimtf.dll ],
Base Address: [0x746F0000 ], Size: [0x0002A000 ]
Module Name: [ C:\WINDOWS\system32\IMM32.DLL ],
Base Address: [0x76390000 ], Size: [0x0001D000 ]
[=============================================================================]
Run-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\hnetcfg.dll ],
Base Address: [0x662B0000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\mswsock.dll ],
Base Address: [0x71A50000 ], Size: [0x0003F000 ]
Module Name: [ C:\WINDOWS\System32\wshtcpip.dll ],
Base Address: [0x71A90000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
Base Address: [0x71AA0000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
Base Address: [0x71AB0000 ], Size: [0x00017000 ]
Module Name: [ C:\WINDOWS\system32\wsock32.dll ],
Base Address: [0x71AD0000 ], Size: [0x00009000 ]
Module Name: [ C:\WINDOWS\system32\sensapi.dll ],
Base Address: [0x722B0000 ], Size: [0x00005000 ]
Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
Base Address: [0x769C0000 ], Size: [0x000B4000 ]
Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
Base Address: [0x76B40000 ], Size: [0x0002D000 ]
Module Name: [ C:\WINDOWS\system32\rtutils.dll ],
Base Address: [0x76E80000 ], Size: [0x0000E000 ]
Module Name: [ C:\WINDOWS\system32\rasman.dll ],
Base Address: [0x76E90000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\TAPI32.dll ],
Base Address: [0x76EB0000 ], Size: [0x0002F000 ]
Module Name: [ C:\WINDOWS\system32\RASAPI32.DLL ],
Base Address: [0x76EE0000 ], Size: [0x0003C000 ]
Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ],
Base Address: [0x76F20000 ], Size: [0x00027000 ]
Module Name: [ C:\WINDOWS\system32\rasadhlp.dll ],
Base Address: [0x76FC0000 ], Size: [0x00006000 ]
[=============================================================================]
2.a) iexplore.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], New Value: [ 0 ]
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
Value Name: [ Common AppData ], New Value: [ C:\Documents and Settings\All Users\Application Data ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ MigrateProxy ], New Value: [ 1 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], New Value: [ 0 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
Value Name: [ SavedLegacySettings ], New Value: [ 0x3c0000001600000001000000000000000000000000000000040000000000 ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SOFTWARE\CLASSES\.ASP ],
Value Name: [ ], Value: [ aspfile ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\.BAT ],
Value Name: [ ], Value: [ batfile ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\.CER ],
Value Name: [ ], Value: [ CERFile ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\.CHM ],
Value Name: [ ], Value: [ chm.file ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\.CMD ],
Value Name: [ ], Value: [ cmdfile ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\.COM ],
Value Name: [ ], Value: [ comfile ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\.CPL ],
Value Name: [ ], Value: [ cplfile ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\.CRT ],
Value Name: [ ], Value: [ CERFile ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\.EXE ],
Value Name: [ ], Value: [ exefile ], 17 times
Key: [ HKLM\SOFTWARE\CLASSES\.EXE ],
Value Name: [ Content Type ], Value: [ application/x-msdownload ], 10 times
Key: [ HKLM\SOFTWARE\CLASSES\.HTM ],
Value Name: [ ], Value: [ htmlfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\.HTML ],
Value Name: [ ], Value: [ htmlfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\.MHT ],
Value Name: [ ], Value: [ mhtmlfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\.MHTML ],
Value Name: [ ], Value: [ mhtmlfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\.SHTML ],
Value Name: [ ], Value: [ shtmlfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\.XML ],
Value Name: [ ], Value: [ xmlfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\.XSL ],
Value Name: [ ], Value: [ xslfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\SHELL32.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{79EAC9F2-BAF9-11CE-8C82-00AA004BA90B}\INPROCSERVER32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{79EAC9F2-BAF9-11CE-8C82-00AA004BA90B}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\browseui.dll ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\FOLDEREXTENSIONS\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} ],
Value Name: [ DriveMask ], Value: [ 32 ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\EXEFILE ],
Value Name: [ ], Value: [ Application ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\EXEFILE ],
Value Name: [ EditFlags ], Value: [ 0x38070000 ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\EXEFILE\DEFAULTICON ],
Value Name: [ ], Value: [ %1 ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{0000000E-0000-0000-C000-000000000046}\PROXYSTUBCLSID32 ],
Value Name: [ ], Value: [ {00000320-0000-0000-C000-000000000046} ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 4 times
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 1.1.4322 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 2.0.50727 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 3.0.04506.30 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 3.0.04506.648 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 3.5.21022 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET4.0C ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET4.0E ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ],
Value Name: [ SV1 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
Value Name: [ ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
Value Name: [ MSN 2.0 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
Value Name: [ MSN 2.5 ], Value: [ ], 1 time
Key: [ HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters ],
Value Name: [ Transports ], Value: [ 0x5400630070006900700000004e0065007400420049004f00530000000000 ], 2 times
Key: [ HKLM\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{dd313e04-feff-11d1-8ecd-0000f87a470c}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\browseui.dll ], 1 time
Key: [ HKLM\Software\Clients\News ],
Value Name: [ ], Value: [ Outlook Express ], 3 times
Key: [ HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} ],
Value Name: [ IsInstalled ], Value: [ 1 ], 1 time
Key: [ HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} ],
Value Name: [ Locale ], Value: [ en ], 2 times
Key: [ HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} ],
Value Name: [ Version ], Value: [ 6,0,2900,5512 ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Value Name: [ REGDBVersion ], Value: [ 0x0b00000000000000 ], 14 times
Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING ],
Value Name: [ iexplore.exe ], Value: [ 1 ], 1 time
Key: [ HKLM\Software\Microsoft\Tracing ],
Value Name: [ EnableConsoleTracing ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ ConsoleTracingMask ], Value: [ 4294901760 ], 2 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ EnableConsoleTracing ], Value: [ 0 ], 2 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ EnableFileTracing ], Value: [ 0 ], 2 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ FileDirectory ], Value: [ %windir%\tracing ], 4 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ FileTracingMask ], Value: [ 4294901760 ], 2 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ MaxFileSize ], Value: [ 1048576 ], 2 times
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
Value Name: [ AllUsersProfile ], Value: [ All Users ], 2 times
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
Value Name: [ DefaultUserProfile ], Value: [ Default User ], 2 times
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
Value Name: [ ProfilesDirectory ], Value: [ %SystemDrive%\Documents and Settings ], 4 times
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-842925246-1425521274-308236825-500 ],
Value Name: [ ProfileImagePath ], Value: [ %SystemDrive%\Documents and Settings\Administrator ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
Value Name: [ CommonFilesDir ], Value: [ C:\Program Files\Common Files ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
Value Name: [ ProgramFilesDir ], Value: [ C:\Program Files ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ Common AppData ], Value: [ %ALLUSERSPROFILE%\Application Data ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
Value Name: [ ComputerName ], Value: [ PC ], 2 times
Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ],
Value Name: [ wheel ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ],
Value Name: [ ProductType ], Value: [ WinNT ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ ComSpec ], Value: [ %SystemRoot%\system32\cmd.exe ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ FP_NO_HOST_CHECK ], Value: [ NO ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ NUMBER_OF_PROCESSORS ], Value: [ 1 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ OS ], Value: [ Windows_NT ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PATHEXT ], Value: [ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PROCESSOR_ARCHITECTURE ], Value: [ x86 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PROCESSOR_IDENTIFIER ], Value: [ x86 Family 6 Model 3 Stepping 3, GenuineIntel ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PROCESSOR_LEVEL ], Value: [ 6 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PROCESSOR_REVISION ], Value: [ 0303 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ Path ], Value: [ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ TEMP ], Value: [ %SystemRoot%\TEMP ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ TMP ], Value: [ %SystemRoot%\TEMP ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ windir ], Value: [ %SystemRoot% ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Domain ], Value: [ ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Hostname ], Value: [ pc ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ UseDomainNameDevolution ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ HelperDllName ], Value: [ %SystemRoot%\System32\wshtcpip.dll ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ Mapping ], Value: [ 0x0b0000000300000002000000010000000600000002000000010000000000 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ MaxSockaddrLength ], Value: [ 16 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ MinSockaddrLength ], Value: [ 16 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ UseDelayedAcceptance ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\AppEvents\Schemes\Apps\Explorer\Navigating\.current ],
Value Name: [ ], Value: [ %SystemRoot%\media\Windows XP Start.wav ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment ],
Value Name: [ TEMP ], Value: [ %USERPROFILE%\Local Settings\Temp ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment ],
Value Name: [ TMP ], Value: [ %USERPROFILE%\Local Settings\Temp ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837} ],
Value Name: [ Version ], Value: [ 3 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count ],
Value Name: [ HRZR_PGYFRFFVBA ], Value: [ 0x967c5e0e06000000 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\\\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9} ],
Value Name: [ Version ], Value: [ 3 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\\\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count ],
Value Name: [ HRZR_PGYFRFFVBA ], Value: [ 0xe57b5e0e05000000 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP ],
Value Name: [ IntranetName ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP ],
Value Name: [ ProxyBypass ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\ProtocolDefaults\ ],
Value Name: [ http ], Value: [ 3 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\CACHED ],
Value Name: [ {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 ], Value: [ 0x010000007c6c9c7cc0da56ab0ac5c801 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ Address ], Value: [ 4294967295 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ Buttons ], Value: [ 4294967295 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ FFlags ], Value: [ 1 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ HotKey ], Value: [ 0 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ Links ], Value: [ 4294967295 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ Rev ], Value: [ 1 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ ShowCmd ], Value: [ 3 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ WFlags ], Value: [ 2 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
Value Name: [ User Agent ], Value: [ Mozilla/4.0 (compatible; MSIE 6.0; Win32) ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Connection Wizard ],
Value Name: [ Completed ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ NoUpdateCheck ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows NT\CurrentVersion\Winlogon ],
Value Name: [ ParseAutoexec ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Generation ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ AppData ], Value: [ %USERPROFILE%\Application Data ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 1803 ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 1806 ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 1A10 ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 2200 ], Value: [ 3 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ MigrateProxy ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
Value Name: [ DefaultConnectionSettings ], Value: [ 0x3c0000000300000001000000000000000000000000000000040000000000 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
Value Name: [ SavedLegacySettings ], Value: [ 0x3c0000001500000001000000000000000000000000000000040000000000 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ APPDATA ], Value: [ C:\Documents and Settings\Administrator\Application Data ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ CLIENTNAME ], Value: [ Console ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ HOMEDRIVE ], Value: [ C: ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ HOMEPATH ], Value: [ \Documents and Settings\Administrator ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ HOMESHARE ], Value: [ ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ LOGONSERVER ], Value: [ \\PC ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ SESSIONNAME ], Value: [ Console ], 4 times
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Watch subtree: [ 0 ], Notify Filter: [ Attributes Change,Value Change,Security Descriptor Change ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKU ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
[=============================================================================]
2.b) iexplore.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDUF49AN\nfs.r.g.e_updv1.3.0.0[1].exe ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\lsarpc, Flags: Named pipe ]
File Name: [ c:\autoexec.bat ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDUF49AN\nfs.r.g.e_updv1.3.0.0[1].exe ]
File Name: [ C:\lsarpc, Flags: Named pipe ]
File Name: [ \Device\Afd\AsyncConnectHlp ]
File Name: [ \Device\Afd\Endpoint ]
File Name: [ \Device\RasAcd ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ C:\lsarpc, Flags: Named pipe ], Control Code: [ 0x0011C017 ], 16 times
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_INFO (0x0001207B) ], 2 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_CONTEXT (0x00012047) ], 9 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_BIND (0x00012003) ], 2 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_TDI_HANDLES (0x00012037) ], 4 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_SOCK_NAME (0x0001202F) ], 3 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SELECT (0x00012024) ], 25 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_INFO (0x0001203B) ], 1 time
File: [ \Device\Afd\AsyncConnectHlp ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_RECV (0x00012017) ], 10 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SEND (0x0001201F) ], 4 times
File: [ unnamed file ], Control Code: [ 0x00120028 ], 2 times
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
File Name: [ C:\WINDOWS\system32\DNSAPI.dll ]
File Name: [ C:\WINDOWS\system32\RASAPI32.DLL ]
File Name: [ C:\WINDOWS\system32\TAPI32.dll ]
File Name: [ C:\WINDOWS\system32\WINMM.dll ]
File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
File Name: [ C:\WINDOWS\system32\hnetcfg.dll ]
File Name: [ C:\WINDOWS\system32\mswsock.dll ]
File Name: [ C:\WINDOWS\system32\rasadhlp.dll ]
File Name: [ C:\WINDOWS\system32\rasman.dll ]
File Name: [ C:\WINDOWS\system32\rtutils.dll ]
File Name: [ C:\WINDOWS\system32\sensapi.dll ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\WINDOWS\system32\wsock32.dll ]
[=============================================================================]
2.c) iexplore.exe - Network Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
DNS Queries:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Name: [ server.xx ], Query Type: [ DNS_TYPE_A ],
Query Result: [ 85.214.78.48 ], Successful: [ YES ], Protocol: [ udp ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
HTTP Conversations:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
From ANUBIS:1029 to 85.214.78.48:80 - [ server.xx ]
Request: [ GET /nfs.r.g.e_updv1.3.0.0.exe ], Response: [ 200 "OK" ]
[=============================================================================]
2.d) iexplore.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutexes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutex: [ CritOpMutex ]
Mutex: [ MSCTF.Shared.MUTEX.IFG ]
Mutex: [ _SHuassist.mtx ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Keyboard Keys Monitored:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Virtual Key Code: [ VK_CONTROL (17) ], 15 times
Virtual Key Code: [ VK_LBUTTON (1) ], 39 times
Virtual Key Code: [ VK_RBUTTON (2) ], 1 time
Virtual Key Code: [ VK_SHIFT (16) ], 20 times
Virtual Key Code: [ VK_MBUTTON (4) ], 1 time
Virtual Key Code: [ VK_MENU (18) ], 13 times
Virtual Key Code: [ VK_LSHIFT (160) ], 12 times
Virtual Key Code: [ VK_LCONTROL (162) ], 14 times
Virtual Key Code: [ VK_LMENU (164) ], 12 times
Virtual Key Code: [ VK_RCONTROL (163) ], 2 times
[#############################################################################]
International Secure Systems Lab
hxxp://www.iseclab.org
Vienna University of Technology Eurecom France UC Santa Barbara
hxxp://www.tuwien.ac.at hxxp://www.eurecom.fr hxxp://www.cs.ucsb.edu
Contact: anubis@iseclab.org
Gruß  |
|
19.02.2014, 15:11
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner? PDM:trojan.win32.bazon.a hi,
__________________wo meldete Kaspersky das? Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
19.02.2014, 15:30
| #3 |
| | Trojaner? PDM:trojan.win32.bazon.a Hey,
__________________Kaspersky meldete das beim Öffnen der exe. "Logs bitte als Archiv an den Beitrag anhängen!" sagt er mir. EDIT: Gerade mal durchgestöbert, erstaunlich und beängstigend zugleich, was man da alles sehen kann :O Also so wies aussieht, wurde ja nichts geändert. Vielleicht hat Kaspersky mich ja davor geschützt. Allerdings würde mich trotzdem interessieren, wieso bei Anubis der Prozess iexplore.exe heißt, klingt für mich ja schon stark nach nem Trojaner? Geändert von Muffinman187 (19.02.2014 um 15:46 Uhr) |
|
20.02.2014, 12:20
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner? PDM:trojan.win32.bazon.a Lass die Exe bitte mal bei www.virustotal.com scannen und poste den Link zum Ergebnis. Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.02.2014, 14:59
| #5 |
| | Trojaner? PDM:trojan.win32.bazon.aCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Marvin (administrator) on MARVINPC on 19-02-2014 15:27:43
Running from C:\Users\Marvin\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Users\Marvin\AppData\Local\Temp\Rar$EXa0.958\Shairport4w.exe
(Microsoft Corporation) C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16470_none_fa2491fd9b3cfcb2\TiWorker.exe
(Microsoft Corporation) C:\WINDOWS\WinStore\WSHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1335754230-1967579693-124619293-1001\...\Run: [Spotify] - C:\Users\Marvin\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-02-03] (Spotify Ltd)
HKU\S-1-5-21-1335754230-1967579693-124619293-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1335754230-1967579693-124619293-1001\...\Run: [Spotify Web Helper] - C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-03] (Spotify Ltd)
Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=FCB5BC5FF4476677
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default
FF user.js: detected! => C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\user.js
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-30]
FF Extension: No Name - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\staged [2014-02-18]
FF Extension: DownloadHelper - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-30]
FF Extension: Autofill Forms - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\autofillForms@blueimp.net.xpi [2014-01-30]
FF Extension: Firebug - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\firebug@software.joehewitt.com.xpi [2014-01-30]
FF Extension: Reddit Enhancement Suite - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-01-30]
FF Extension: Google Translator for Firefox - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\translator@zoli.bod.xpi [2014-01-30]
FF Extension: YouTube quality manager - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\youtubequality@rzll.xpi [2014-01-30]
FF Extension: Session Manager - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-01-30]
FF Extension: FlashGot - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-01-30]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-01-30]
FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5kxae3ql.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-02-10]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R0 AsrRamDisk; C:\Windows\System32\drivers\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-30] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46016 2012-08-17] ()
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-01-30] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-30] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-19 15:27 - 2014-02-19 15:27 - 02153472 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2014-02-19 15:27 - 2014-02-19 15:27 - 00019107 _____ () C:\Users\Marvin\Desktop\FRST.txt
2014-02-19 15:27 - 2014-02-19 15:27 - 00000000 ____D () C:\FRST
2014-02-19 11:21 - 2014-02-19 11:21 - 00000000 ____D () C:\Users\Marvin\Documents\My Cheat Tables
2014-02-19 11:17 - 2014-01-09 11:06 - 00661448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll
2014-02-19 11:17 - 2013-12-30 15:36 - 00849360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll
2014-02-19 11:16 - 2014-01-09 11:06 - 00661448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110.dll
2014-02-19 11:16 - 2013-12-30 15:36 - 00849360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr110.dll
2014-02-19 10:45 - 2014-02-19 11:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-02-19 10:45 - 2014-02-19 10:45 - 00000859 _____ () C:\Users\Marvin\Desktop\Need for Speed (TM) Rivals 32BIT.lnk
2014-02-19 10:45 - 2014-02-19 10:45 - 00000835 _____ () C:\Users\Marvin\Desktop\Need for Speed (TM) Rivals 64BIT.lnk
2014-02-19 10:39 - 2014-02-19 10:39 - 00000000 ____D () C:\Users\Marvin\Documents\Ghost Games
2014-02-19 10:38 - 2013-11-21 16:22 - 03526656 _____ () C:\Users\Marvin\Desktop\NeedForSpeedRivals+6TrainerByAfterManV.1.1.EXE
2014-02-14 22:17 - 2014-02-14 22:17 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-02-14 22:04 - 2014-02-14 22:04 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-13 12:12 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-13 12:12 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 19:19 - 2014-02-19 15:27 - 00000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd
2014-02-12 17:36 - 2014-02-12 17:36 - 00000000 ____D () C:\Users\Marvin\Documents\Navicat
2014-02-12 17:32 - 2014-02-12 17:32 - 00001217 _____ () C:\Users\Public\Desktop\Navicat Premium.lnk
2014-02-12 17:32 - 2014-02-12 17:32 - 00000000 ____D () C:\Program Files (x86)\PremiumSoft
2014-02-12 17:32 - 2013-03-06 14:39 - 01816064 _____ () C:\WINDOWS\SysWOW64\libmysql_e.dll
2014-02-12 17:30 - 2014-02-12 17:31 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-12 17:30 - 2014-02-12 17:30 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\WinRAR
2014-02-12 17:30 - 2014-02-12 17:30 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-11 19:20 - 2014-02-11 19:20 - 07208726 _____ () C:\Users\Marvin\Desktop\Unbenannt-2.psd
2014-02-11 19:20 - 2014-02-11 19:20 - 00241514 _____ () C:\Users\Marvin\Desktop\Unbenannt-1.psd
2014-02-11 15:24 - 2014-02-11 15:34 - 00000000 ____D () C:\Users\Marvin\Documents\Virtual Machines
2014-02-11 14:24 - 2014-02-11 14:24 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-02-11 14:24 - 2014-02-11 14:24 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-02-11 14:24 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2014-02-11 14:24 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2014-02-11 14:24 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2014-02-11 14:24 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2014-02-11 14:24 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2014-02-11 14:24 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2014-02-11 14:24 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2014-02-11 14:24 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2014-02-11 14:24 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2014-02-11 14:08 - 2014-02-11 16:44 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\VMware
2014-02-11 14:08 - 2014-02-11 16:44 - 00000000 ____D () C:\Users\Marvin\AppData\Local\VMware
2014-02-11 14:04 - 2014-02-11 20:14 - 00000000 ____D () C:\ProgramData\VMware
2014-02-11 14:04 - 2014-02-11 14:24 - 00001024 _____ () C:\WINDOWS\SysWOW64\%TMP%
2014-02-11 12:36 - 2014-02-12 19:01 - 00000000 ____D () C:\Users\Marvin\Desktop\nurrein.de
2014-02-10 20:21 - 2014-02-10 20:21 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\MySQL
2014-02-10 20:21 - 2014-02-10 20:21 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-02-10 20:18 - 2014-02-10 20:18 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\PDAppFlex
2014-02-10 20:02 - 2014-02-12 19:18 - 00000132 _____ () C:\Users\Marvin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-02-10 19:57 - 2014-02-10 19:57 - 00000000 ____D () C:\Users\Marvin\Documents\bebas-neue
2014-02-10 19:38 - 2014-02-10 20:02 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-10 19:38 - 2014-02-10 19:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\NVIDIA
2014-02-10 19:35 - 2014-02-10 19:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-02-10 19:35 - 2014-02-10 19:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-02-10 18:59 - 2014-02-17 14:20 - 00000600 _____ () C:\Users\Marvin\AppData\Local\PUTTY.RND
2014-02-10 18:04 - 2014-02-10 18:04 - 00000991 _____ () C:\Users\Public\Desktop\WinSCP.lnk
2014-02-10 18:04 - 2014-02-10 18:04 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2014-02-07 13:57 - 2014-02-07 13:57 - 00000000 ____D () C:\Program Files (x86)\Western Digital Corporation
2014-02-07 13:51 - 2014-02-14 22:19 - 00000000 ____D () C:\Users\Marvin\Documents\FIFA 14
2014-02-07 13:42 - 2014-02-07 13:42 - 00000000 ____D () C:\ProgramData\Origin
2014-02-07 13:40 - 2014-02-07 13:41 - 00000972 _____ () C:\Users\Marvin\Desktop\FIFA 14.lnk
2014-02-07 13:31 - 2014-02-07 13:39 - 00000583 _____ () C:\Users\Marvin\Desktop\asdf.vbs
2014-02-07 13:30 - 2014-02-07 13:30 - 00001351 _____ () C:\Users\Marvin\Documents\AutoHotkey.ahk
2014-02-07 13:29 - 2014-02-14 22:04 - 00039229 _____ () C:\WINDOWS\DirectX.log
2014-02-07 13:29 - 2014-02-07 13:29 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-02-07 13:29 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2014-02-07 13:29 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-02-07 13:29 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2014-02-07 13:29 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2014-02-07 13:29 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-02-07 13:29 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2014-02-07 13:29 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-02-07 13:29 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2014-02-07 13:29 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2014-02-07 13:29 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2014-02-07 13:29 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2014-02-07 13:29 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2014-02-07 13:29 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2014-02-07 13:29 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2014-02-07 13:29 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2014-02-07 13:29 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2014-02-07 13:29 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2014-02-07 13:29 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2014-02-07 13:29 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2014-02-07 13:29 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2014-02-07 13:29 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2014-02-07 13:29 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2014-02-07 13:29 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2014-02-07 13:29 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2014-02-07 13:29 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2014-02-07 13:29 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2014-02-07 13:29 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2014-02-07 13:29 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2014-02-07 13:29 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2014-02-07 13:29 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2014-02-07 13:29 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2014-02-07 13:29 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2014-02-07 13:29 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2014-02-07 13:29 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2014-02-07 13:29 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2014-02-07 13:29 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2014-02-07 13:29 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2014-02-07 13:29 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2014-02-07 13:29 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2014-02-07 13:29 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2014-02-07 13:29 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2014-02-07 13:29 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2014-02-07 13:29 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2014-02-07 13:29 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2014-02-07 13:29 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2014-02-07 13:29 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2014-02-07 13:29 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2014-02-07 13:29 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2014-02-07 13:29 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2014-02-07 13:29 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2014-02-07 13:29 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2014-02-07 13:29 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2014-02-07 13:29 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2014-02-07 13:29 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2014-02-07 13:29 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2014-02-07 13:29 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2014-02-07 13:29 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2014-02-07 13:29 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2014-02-07 13:29 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2014-02-07 13:29 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2014-02-07 13:29 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2014-02-07 13:29 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2014-02-07 13:29 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2014-02-07 13:29 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2014-02-07 13:29 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2014-02-07 13:29 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2014-02-07 13:29 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2014-02-07 13:29 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2014-02-07 13:29 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2014-02-07 13:29 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2014-02-07 13:29 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2014-02-07 13:29 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2014-02-07 13:29 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2014-02-07 13:29 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2014-02-07 13:29 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2014-02-07 13:29 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2014-02-07 13:29 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2014-02-07 13:29 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2014-02-07 13:29 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2014-02-07 13:29 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2014-02-07 13:29 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2014-02-07 13:29 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2014-02-07 13:29 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2014-02-07 13:29 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2014-02-07 13:29 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2014-02-07 13:29 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2014-02-07 13:29 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2014-02-07 13:29 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2014-02-07 13:29 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2014-02-07 13:29 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2014-02-07 13:29 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2014-02-07 13:29 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2014-02-07 13:29 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2014-02-07 13:29 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2014-02-07 13:29 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2014-02-07 13:29 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2014-02-07 13:29 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2014-02-07 13:29 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2014-02-07 13:29 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2014-02-07 13:29 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2014-02-07 13:29 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2014-02-07 13:29 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2014-02-07 13:29 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2014-02-07 13:29 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2014-02-07 13:29 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2014-02-07 13:29 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2014-02-07 13:29 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2014-02-07 13:29 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2014-02-07 13:29 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2014-02-07 13:29 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2014-02-07 13:29 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2014-02-07 13:29 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2014-02-07 13:29 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2014-02-07 13:29 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2014-02-07 13:29 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2014-02-07 13:29 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2014-02-07 13:29 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2014-02-07 13:29 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2014-02-07 13:29 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2014-02-07 13:29 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2014-02-07 13:29 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2014-02-07 13:29 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2014-02-07 13:29 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2014-02-07 13:29 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2014-02-07 13:29 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2014-02-07 13:29 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2014-02-07 13:29 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2014-02-07 13:29 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2014-02-07 13:29 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2014-02-07 13:29 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2014-02-07 13:29 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2014-02-07 13:29 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2014-02-07 13:29 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2014-02-07 13:29 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2014-02-07 13:29 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2014-02-07 13:29 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2014-02-07 13:29 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2014-02-07 13:29 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2014-02-07 13:29 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2014-02-07 13:29 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2014-02-07 13:29 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2014-02-07 13:29 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2014-02-07 13:29 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2014-02-07 13:29 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2014-02-07 13:29 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2014-02-07 13:29 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2014-02-07 13:29 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2014-02-07 13:29 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2014-02-07 13:29 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2014-02-07 13:29 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2014-02-07 13:29 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2014-02-07 13:29 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2014-02-07 13:29 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2014-02-07 13:29 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2014-02-07 13:29 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2014-02-07 13:29 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2014-02-07 13:29 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2014-02-07 13:29 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2014-02-07 13:29 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2014-02-07 13:29 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2014-02-07 13:29 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2014-02-07 13:29 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2014-02-07 13:12 - 2014-02-07 13:12 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Notepad++
2014-02-07 13:12 - 2014-02-07 13:12 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-02-07 13:12 - 2014-02-07 13:12 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-02-05 15:13 - 2014-02-12 15:47 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Apple Computer
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Apple Computer
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Apple
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files\iTunes
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files\iPod
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-05 15:13 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-02-05 15:12 - 2014-02-05 15:13 - 00000000 ____D () C:\ProgramData\Apple
2014-02-05 15:12 - 2014-02-05 15:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-05 15:12 - 2014-02-05 15:12 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-05 15:12 - 2014-02-05 15:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-05 15:03 - 2014-02-10 19:37 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-05 15:03 - 2014-02-10 19:37 - 00000000 ____D () C:\Program Files\Adobe
2014-02-05 00:06 - 2014-02-05 00:07 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TeamViewer
2014-02-05 00:04 - 2014-02-05 00:04 - 00001178 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-02-05 00:04 - 2014-02-05 00:04 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-04 23:48 - 2014-02-04 23:51 - 00000000 ____D () C:\Users\Marvin\AppData\Local\FullTiltPoker.eu
2014-02-04 23:47 - 2014-02-05 11:51 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker.Eu
2014-02-04 23:47 - 2014-02-04 23:47 - 49649512 _____ () C:\Users\Marvin\AppData\Local\TempFullTiltPokerEuSetup.exe
2014-02-04 23:45 - 2014-02-04 23:48 - 00000000 ____D () C:\Users\Marvin\AppData\Local\cache
2014-02-04 23:45 - 2014-02-04 23:47 - 00000000 ____D () C:\Users\Marvin\AppData\Local\FullTiltPoker
2014-02-04 23:45 - 2014-02-04 23:47 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-02-04 00:35 - 2014-02-04 00:35 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\LolClient
2014-02-03 23:52 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2014-02-03 23:52 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2014-02-03 23:52 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2014-02-03 23:52 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2014-02-03 23:52 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2014-02-03 23:51 - 2014-02-03 23:54 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PMB Files
2014-02-03 23:51 - 2014-02-03 23:54 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-03 23:51 - 2014-02-03 23:51 - 00001495 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-02-03 23:51 - 2014-02-03 23:51 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-02-03 23:51 - 2014-02-03 23:51 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-03 23:48 - 2014-02-03 23:51 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Riot Games
2014-02-03 16:46 - 2014-02-18 20:13 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Spotify
2014-02-03 16:46 - 2014-02-06 14:06 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Spotify
2014-02-03 16:46 - 2014-02-03 16:46 - 00001842 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-03 14:56 - 2014-02-03 14:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-02-03 01:28 - 2014-02-17 16:10 - 00000000 ___RD () C:\Users\Marvin\Dropbox
2014-02-03 01:27 - 2014-02-17 16:10 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Dropbox
2014-02-03 01:27 - 2014-02-03 01:28 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DropboxMaster
2014-02-03 01:27 - 2014-02-03 01:27 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\ProgramData\Sun
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-02 19:40 - 2014-02-02 19:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-02-02 19:40 - 2014-02-02 19:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-02-02 19:40 - 2014-02-02 19:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-02-02 19:40 - 2014-02-02 19:39 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-02-02 19:39 - 2014-02-02 19:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-02 17:41 - 2014-02-18 19:31 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PokerStars.EU
2014-02-02 17:41 - 2014-02-02 17:41 - 00001096 _____ () C:\Users\Public\Desktop\PokerStars.eu.lnk
2014-02-02 17:40 - 2014-02-04 19:32 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-02-02 06:00 - 2014-02-02 06:00 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-02-01 16:01 - 2014-02-01 16:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-01 16:01 - 2014-02-01 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-31 11:00 - 2014-01-31 11:00 - 00000000 ____D () C:\Users\Marvin\Desktop\BreBa05.2
2014-01-31 01:44 - 2014-01-31 01:44 - 00000000 ____D () C:\Users\Marvin\Desktop\BreBa05.1
2014-01-31 01:18 - 2014-02-18 19:30 - 00000000 ____D () C:\Program Files (x86)\ruSamsungTVCommunicator
2014-01-31 01:18 - 2014-01-31 01:18 - 00001427 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ruSamsungTVCommunicator.lnk
2014-01-30 16:55 - 2014-01-30 16:55 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Macromedia
2014-01-30 16:53 - 2014-02-11 02:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-30 16:53 - 2014-02-10 19:37 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-30 16:47 - 2014-01-30 16:47 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-01-30 16:47 - 2014-01-30 16:47 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\Program Files\MSBuild
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-01-30 16:45 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-01-30 16:45 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-30 16:45 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-01-30 16:45 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-01-30 16:45 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-30 16:45 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-01-30 16:42 - 2014-02-19 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-30 16:42 - 2014-02-04 20:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-30 16:41 - 2014-02-11 14:13 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Adobe
2014-01-30 16:38 - 2014-01-30 16:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-01-30 16:37 - 2014-02-18 20:13 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2014-01-30 15:52 - 2014-01-30 15:52 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-30 15:50 - 2014-02-11 20:52 - 00000000 __RDO () C:\Users\Marvin\SkyDrive
2014-01-30 15:49 - 2014-01-30 15:50 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PackageStaging
2014-01-30 15:49 - 2014-01-30 15:49 - 00001450 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-30 15:49 - 2014-01-30 15:49 - 00000020 ___SH () C:\Users\Marvin\ntuser.ini
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-30 15:46 - 2014-01-30 15:46 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-01-30 15:45 - 2014-02-03 01:28 - 00000000 ____D () C:\Users\Marvin
2014-01-30 15:45 - 2014-01-30 15:46 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-01-30 15:45 - 2014-01-30 15:46 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Vorlagen
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Startmenü
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Netzwerkumgebung
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Lokale Einstellungen
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Eigene Dateien
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Druckumgebung
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Documents\Eigene Musik
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Documents\Eigene Bilder
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\AppData\Local\Verlauf
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\AppData\Local\Anwendungsdaten
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Anwendungsdaten
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-30 15:44 - 2014-02-19 15:27 - 02003991 _____ () C:\WINDOWS\WindowsUpdate.log
2014-01-30 15:44 - 2014-01-30 15:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-30 15:44 - 2013-12-19 19:53 - 06671648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-01-30 15:44 - 2013-12-19 19:53 - 03490080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-01-30 15:44 - 2013-12-19 19:53 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-01-30 15:44 - 2013-12-19 19:53 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-01-30 15:44 - 2013-12-19 19:53 - 00386336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-01-30 15:44 - 2013-12-19 19:53 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-01-30 15:44 - 2013-12-19 06:01 - 03539040 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-01-30 15:43 - 2014-01-30 15:49 - 00000000 ___DC () C:\WINDOWS\Panther
2014-01-30 15:43 - 2014-01-30 15:45 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-01-30 15:43 - 2014-01-30 15:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-01-30 15:43 - 2014-01-30 15:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-30 15:43 - 2014-01-30 15:43 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-30 15:43 - 2014-01-30 15:43 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-30 15:43 - 2014-01-30 15:43 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00000000 ____D () C:\Program Files\Intel
2014-01-30 15:43 - 2013-12-21 00:02 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2014-01-30 15:43 - 2013-12-21 00:02 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2014-01-30 15:42 - 2014-01-30 15:42 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-30 15:42 - 2014-01-30 15:42 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-30 15:42 - 2014-01-30 15:42 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-30 15:42 - 2014-01-30 15:42 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-30 15:42 - 2014-01-30 15:42 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-30 15:42 - 2014-01-30 15:42 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-01-30 15:42 - 2014-01-30 15:42 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-30 15:36 - 2014-01-30 15:46 - 00006611 _____ () C:\WINDOWS\comsetup.log
2014-01-30 15:19 - 2014-02-19 10:37 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client
2014-01-30 15:19 - 2014-01-30 15:19 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-01-30 15:18 - 2014-02-18 14:50 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\vlc
2014-01-30 15:18 - 2014-01-30 15:18 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-30 15:17 - 2014-01-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-30 14:40 - 2014-02-17 11:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-30 14:40 - 2014-02-17 11:47 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-30 14:39 - 2013-05-04 05:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2014-01-30 14:39 - 2013-05-04 05:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2014-01-30 14:36 - 2014-01-30 14:36 - 00001325 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-01-30 14:35 - 2014-02-19 14:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-01-30 14:35 - 2014-02-18 08:35 - 00624224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-01-30 14:35 - 2014-02-18 08:35 - 00115296 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-01-30 14:35 - 2014-01-30 14:35 - 00000167 _____ () C:\WINDOWS\system32\netcfg-2381765.txt
2014-01-30 14:35 - 2014-01-30 14:35 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-01-30 14:35 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2014-01-30 14:13 - 2014-02-11 18:56 - 00073728 ___SH () C:\Users\Marvin\Desktop\Thumbs.db
2014-01-30 14:01 - 2014-02-18 15:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1335754230-1967579693-124619293-1001
2014-01-30 13:59 - 2014-01-30 13:59 - 00001949 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk
2014-01-30 13:58 - 2014-02-11 14:24 - 01807894 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 13:57 - 2014-01-30 13:57 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Intel Corporation
2014-01-30 13:55 - 2014-01-30 13:55 - 00000304 _____ () C:\WINDOWS\system32\netcfg-1213421.txt
2014-01-30 13:55 - 2014-01-30 13:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1218312.txt
2014-01-30 13:55 - 2014-01-30 13:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1213171.txt
2014-01-30 13:54 - 2014-01-30 13:54 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-01-30 13:54 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-01-30 13:54 - 2013-12-27 19:42 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-01-30 13:54 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-01-30 13:52 - 2014-01-30 13:52 - 00000000 ____D () C:\Users\Marvin\AppData\Local\NVIDIA Corporation
2014-01-30 13:52 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-01-30 13:52 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-01-30 13:52 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2014-01-30 13:52 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2014-01-30 13:52 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-01-30 13:52 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-01-30 13:51 - 2014-01-30 13:53 - 00000000 ____D () C:\Users\Marvin\AppData\Local\NVIDIA
2014-01-30 13:51 - 2014-01-30 13:51 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-01-30 13:51 - 2014-01-21 03:53 - 01179576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-01-30 13:51 - 2014-01-21 03:53 - 01048152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-01-30 13:51 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 03071656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 02698272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433221.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433221.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 01436528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00357152 _____ () C:\WINDOWS\system32\NvIFROpenGL.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00314656 _____ () C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-01-30 13:51 - 2013-12-19 21:33 - 00023754 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-01-30 13:51 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2014-01-30 13:51 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2014-01-30 13:51 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2014-01-30 13:49 - 2014-01-30 13:49 - 00000000 ____D () C:\NVIDIA
2014-01-30 13:48 - 2014-01-30 13:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-30 13:48 - 2014-01-30 13:48 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\InstallShield
2014-01-30 13:48 - 2014-01-30 13:48 - 00000000 ____D () C:\Program Files\ASRock Utility
2014-01-30 13:48 - 2014-01-30 13:48 - 00000000 ____D () C:\Program Files (x86)\ASRock Utility
2014-01-30 13:48 - 2012-11-19 12:10 - 00652344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2014-01-30 13:48 - 2012-01-13 12:52 - 00031016 _____ (ASRock Inc.) C:\WINDOWS\system32\Drivers\AsrRamDisk.sys
2014-01-30 13:45 - 2012-09-14 09:59 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2014-01-30 13:44 - 2014-01-30 13:48 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-01-30 13:44 - 2014-01-30 13:44 - 00000000 ____D () C:\Intel
2014-01-30 13:43 - 2014-02-14 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-30 13:43 - 2014-02-14 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-30 13:43 - 2014-01-30 13:43 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Mozilla
2014-01-30 13:43 - 2014-01-30 13:43 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Mozilla
2014-01-30 13:43 - 2014-01-30 13:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-30 13:42 - 2014-01-30 13:42 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Macromedia
2014-01-30 13:40 - 2014-02-10 20:02 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Adobe
2014-01-30 13:40 - 2014-02-03 01:27 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-30 13:40 - 2014-01-30 15:49 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-30 13:40 - 2014-01-30 13:40 - 00000000 ____D () C:\WINDOWS\CSC
2014-01-30 13:39 - 2014-02-19 15:27 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Packages
2014-01-30 13:39 - 2014-01-30 15:45 - 00000000 ____D () C:\ProgramData\PRICache
2014-01-30 13:39 - 2014-01-30 15:40 - 01995791 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-01-30 13:39 - 2014-01-30 13:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-248046.txt
2014-01-30 13:39 - 2014-01-30 13:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-245156.txt
2014-01-30 13:39 - 2014-01-30 13:39 - 00000000 ____D () C:\Users\Marvin\AppData\Local\VirtualStore
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Vorlagen
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Startmenü
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Netzwerkumgebung
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Lokale Einstellungen
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Eigene Dateien
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Druckumgebung
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Eigene Musik
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Eigene Bilder
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Local\Verlauf
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Local\Anwendungsdaten
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Anwendungsdaten
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Programme
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-01-30 13:34 - 2014-01-30 13:34 - 00001135 _____ () C:\WINDOWS\system32\netcfg-19515.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000185 _____ () C:\WINDOWS\system32\netcfg-15578.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000164 _____ () C:\WINDOWS\system32\netcfg-14593.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000161 _____ () C:\WINDOWS\system32\netcfg-15468.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000160 _____ () C:\WINDOWS\system32\netcfg-15375.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000160 _____ () C:\WINDOWS\system32\netcfg-15171.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000160 _____ () C:\WINDOWS\system32\netcfg-14953.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000159 _____ () C:\WINDOWS\system32\netcfg-15062.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000157 _____ () C:\WINDOWS\system32\netcfg-15281.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000157 _____ () C:\WINDOWS\system32\netcfg-14703.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000150 _____ () C:\WINDOWS\system32\netcfg-14843.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
|
|
20.02.2014, 15:00
| #6 |
| | Trojaner? PDM:trojan.win32.bazon.aCode:
ATTFilter ==================== One Month Modified Files and Folders =======
2014-02-19 15:27 - 2014-02-19 15:27 - 02153472 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2014-02-19 15:27 - 2014-02-19 15:27 - 00019107 _____ () C:\Users\Marvin\Desktop\FRST.txt
2014-02-19 15:27 - 2014-02-19 15:27 - 00000000 ____D () C:\FRST
2014-02-19 15:27 - 2014-02-12 19:19 - 00000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd
2014-02-19 15:27 - 2014-01-30 15:44 - 02003991 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-19 15:27 - 2014-01-30 13:39 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Packages
2014-02-19 15:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-19 15:27 - 2013-08-22 15:46 - 00301975 _____ () C:\WINDOWS\setupact.log
2014-02-19 15:10 - 2014-01-30 16:42 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-19 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-19 14:43 - 2014-01-30 14:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-19 11:21 - 2014-02-19 11:21 - 00000000 ____D () C:\Users\Marvin\Documents\My Cheat Tables
2014-02-19 11:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-19 11:10 - 2014-02-19 10:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-02-19 10:45 - 2014-02-19 10:45 - 00000859 _____ () C:\Users\Marvin\Desktop\Need for Speed (TM) Rivals 32BIT.lnk
2014-02-19 10:45 - 2014-02-19 10:45 - 00000835 _____ () C:\Users\Marvin\Desktop\Need for Speed (TM) Rivals 64BIT.lnk
2014-02-19 10:39 - 2014-02-19 10:39 - 00000000 ____D () C:\Users\Marvin\Documents\Ghost Games
2014-02-19 10:37 - 2014-01-30 15:19 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client
2014-02-18 20:13 - 2014-02-03 16:46 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Spotify
2014-02-18 20:13 - 2014-01-30 16:37 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2014-02-18 19:31 - 2014-02-02 17:41 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PokerStars.EU
2014-02-18 19:30 - 2014-01-31 01:18 - 00000000 ____D () C:\Program Files (x86)\ruSamsungTVCommunicator
2014-02-18 15:39 - 2014-01-30 14:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1335754230-1967579693-124619293-1001
2014-02-18 14:50 - 2014-01-30 15:18 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\vlc
2014-02-18 08:35 - 2014-01-30 14:35 - 00624224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-02-18 08:35 - 2014-01-30 14:35 - 00115296 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-02-18 08:35 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2014-02-17 16:10 - 2014-02-03 01:28 - 00000000 ___RD () C:\Users\Marvin\Dropbox
2014-02-17 16:10 - 2014-02-03 01:27 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Dropbox
2014-02-17 14:20 - 2014-02-10 18:59 - 00000600 _____ () C:\Users\Marvin\AppData\Local\PUTTY.RND
2014-02-17 11:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-17 11:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-17 11:48 - 2014-01-30 14:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-17 11:47 - 2014-01-30 14:40 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-16 23:51 - 2013-11-14 08:26 - 01788522 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-16 23:51 - 2013-11-14 08:11 - 00768062 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-16 23:51 - 2013-11-14 08:11 - 00160906 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-14 22:19 - 2014-02-07 13:51 - 00000000 ____D () C:\Users\Marvin\Documents\FIFA 14
2014-02-14 22:17 - 2014-02-14 22:17 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-02-14 22:04 - 2014-02-14 22:04 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-14 22:04 - 2014-02-07 13:29 - 00039229 _____ () C:\WINDOWS\DirectX.log
2014-02-14 20:51 - 2014-01-30 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 20:51 - 2014-01-30 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 19:18 - 2014-02-10 20:02 - 00000132 _____ () C:\Users\Marvin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-02-12 19:01 - 2014-02-11 12:36 - 00000000 ____D () C:\Users\Marvin\Desktop\nurrein.de
2014-02-12 17:36 - 2014-02-12 17:36 - 00000000 ____D () C:\Users\Marvin\Documents\Navicat
2014-02-12 17:32 - 2014-02-12 17:32 - 00001217 _____ () C:\Users\Public\Desktop\Navicat Premium.lnk
2014-02-12 17:32 - 2014-02-12 17:32 - 00000000 ____D () C:\Program Files (x86)\PremiumSoft
2014-02-12 17:31 - 2014-02-12 17:30 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-12 17:30 - 2014-02-12 17:30 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\WinRAR
2014-02-12 17:30 - 2014-02-12 17:30 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-12 15:47 - 2014-02-05 15:13 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Apple Computer
2014-02-11 20:52 - 2014-01-30 15:50 - 00000000 __RDO () C:\Users\Marvin\SkyDrive
2014-02-11 20:14 - 2014-02-11 14:04 - 00000000 ____D () C:\ProgramData\VMware
2014-02-11 20:14 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-11 20:14 - 2013-08-22 15:44 - 04995936 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-11 20:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-11 19:20 - 2014-02-11 19:20 - 07208726 _____ () C:\Users\Marvin\Desktop\Unbenannt-2.psd
2014-02-11 19:20 - 2014-02-11 19:20 - 00241514 _____ () C:\Users\Marvin\Desktop\Unbenannt-1.psd
2014-02-11 18:56 - 2014-01-30 14:13 - 00073728 ___SH () C:\Users\Marvin\Desktop\Thumbs.db
2014-02-11 16:44 - 2014-02-11 14:08 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\VMware
2014-02-11 16:44 - 2014-02-11 14:08 - 00000000 ____D () C:\Users\Marvin\AppData\Local\VMware
2014-02-11 15:34 - 2014-02-11 15:24 - 00000000 ____D () C:\Users\Marvin\Documents\Virtual Machines
2014-02-11 14:24 - 2014-02-11 14:24 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-02-11 14:24 - 2014-02-11 14:24 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-02-11 14:24 - 2014-02-11 14:04 - 00001024 _____ () C:\WINDOWS\SysWOW64\%TMP%
2014-02-11 14:24 - 2014-01-30 13:58 - 01807894 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-02-11 14:13 - 2014-01-30 16:41 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Adobe
2014-02-11 02:00 - 2014-01-30 16:53 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-10 20:21 - 2014-02-10 20:21 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\MySQL
2014-02-10 20:21 - 2014-02-10 20:21 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-02-10 20:18 - 2014-02-10 20:18 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\PDAppFlex
2014-02-10 20:02 - 2014-02-10 19:38 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-10 20:02 - 2014-01-30 13:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Adobe
2014-02-10 19:57 - 2014-02-10 19:57 - 00000000 ____D () C:\Users\Marvin\Documents\bebas-neue
2014-02-10 19:38 - 2014-02-10 19:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\NVIDIA
2014-02-10 19:37 - 2014-02-05 15:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-10 19:37 - 2014-02-05 15:03 - 00000000 ____D () C:\Program Files\Adobe
2014-02-10 19:37 - 2014-01-30 16:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-10 19:35 - 2014-02-10 19:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-02-10 19:35 - 2014-02-10 19:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-02-10 18:04 - 2014-02-10 18:04 - 00000991 _____ () C:\Users\Public\Desktop\WinSCP.lnk
2014-02-10 18:04 - 2014-02-10 18:04 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2014-02-07 13:57 - 2014-02-07 13:57 - 00000000 ____D () C:\Program Files (x86)\Western Digital Corporation
2014-02-07 13:53 - 2013-11-13 23:18 - 00001196 _____ () C:\WINDOWS\PFRO.log
2014-02-07 13:42 - 2014-02-07 13:42 - 00000000 ____D () C:\ProgramData\Origin
2014-02-07 13:41 - 2014-02-07 13:40 - 00000972 _____ () C:\Users\Marvin\Desktop\FIFA 14.lnk
2014-02-07 13:40 - 2013-11-14 08:13 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-02-07 13:39 - 2014-02-07 13:31 - 00000583 _____ () C:\Users\Marvin\Desktop\asdf.vbs
2014-02-07 13:30 - 2014-02-07 13:30 - 00001351 _____ () C:\Users\Marvin\Documents\AutoHotkey.ahk
2014-02-07 13:29 - 2014-02-07 13:29 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-02-07 13:12 - 2014-02-07 13:12 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Notepad++
2014-02-07 13:12 - 2014-02-07 13:12 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-02-07 13:12 - 2014-02-07 13:12 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-02-06 14:06 - 2014-02-03 16:46 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Spotify
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Apple Computer
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Apple
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files\iTunes
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files\iPod
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-05 15:13 - 2014-02-05 15:12 - 00000000 ____D () C:\ProgramData\Apple
2014-02-05 15:12 - 2014-02-05 15:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-05 15:12 - 2014-02-05 15:12 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-05 15:12 - 2014-02-05 15:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-05 11:51 - 2014-02-04 23:47 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker.Eu
2014-02-05 00:07 - 2014-02-05 00:06 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TeamViewer
2014-02-05 00:04 - 2014-02-05 00:04 - 00001178 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-02-05 00:04 - 2014-02-05 00:04 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-04 23:51 - 2014-02-04 23:48 - 00000000 ____D () C:\Users\Marvin\AppData\Local\FullTiltPoker.eu
2014-02-04 23:48 - 2014-02-04 23:45 - 00000000 ____D () C:\Users\Marvin\AppData\Local\cache
2014-02-04 23:47 - 2014-02-04 23:47 - 49649512 _____ () C:\Users\Marvin\AppData\Local\TempFullTiltPokerEuSetup.exe
2014-02-04 23:47 - 2014-02-04 23:45 - 00000000 ____D () C:\Users\Marvin\AppData\Local\FullTiltPoker
2014-02-04 23:47 - 2014-02-04 23:45 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-02-04 20:10 - 2014-01-30 16:42 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 19:32 - 2014-02-02 17:40 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-02-04 00:35 - 2014-02-04 00:35 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\LolClient
2014-02-03 23:54 - 2014-02-03 23:51 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PMB Files
2014-02-03 23:54 - 2014-02-03 23:51 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-03 23:51 - 2014-02-03 23:51 - 00001495 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-02-03 23:51 - 2014-02-03 23:51 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-02-03 23:51 - 2014-02-03 23:51 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-03 23:51 - 2014-02-03 23:48 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Riot Games
2014-02-03 16:46 - 2014-02-03 16:46 - 00001842 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-03 14:56 - 2014-02-03 14:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-02-03 01:28 - 2014-02-03 01:27 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DropboxMaster
2014-02-03 01:28 - 2014-01-30 15:45 - 00000000 ____D () C:\Users\Marvin
2014-02-03 01:27 - 2014-02-03 01:27 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-03 01:27 - 2014-01-30 13:40 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\ProgramData\Sun
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-02 19:39 - 2014-02-02 19:40 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-02-02 19:39 - 2014-02-02 19:40 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-02-02 19:39 - 2014-02-02 19:40 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-02-02 19:39 - 2014-02-02 19:40 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-02-02 19:39 - 2014-02-02 19:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-02 17:41 - 2014-02-02 17:41 - 00001096 _____ () C:\Users\Public\Desktop\PokerStars.eu.lnk
2014-02-02 06:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-02 06:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-02 06:00 - 2014-02-02 06:00 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-02-01 16:01 - 2014-02-01 16:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-01 16:01 - 2014-02-01 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-31 11:00 - 2014-01-31 11:00 - 00000000 ____D () C:\Users\Marvin\Desktop\BreBa05.2
2014-01-31 01:44 - 2014-01-31 01:44 - 00000000 ____D () C:\Users\Marvin\Desktop\BreBa05.1
2014-01-31 01:18 - 2014-01-31 01:18 - 00001427 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ruSamsungTVCommunicator.lnk
2014-01-30 23:31 - 2014-01-30 15:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 16:55 - 2014-01-30 16:55 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Macromedia
2014-01-30 16:47 - 2014-01-30 16:47 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-01-30 16:47 - 2014-01-30 16:47 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\Program Files\MSBuild
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-01-30 16:45 - 2014-01-30 16:45 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-01-30 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-01-30 16:38 - 2014-01-30 16:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-01-30 15:52 - 2014-01-30 15:52 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-30 15:50 - 2014-01-30 15:49 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PackageStaging
2014-01-30 15:49 - 2014-01-30 15:49 - 00001450 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-30 15:49 - 2014-01-30 15:49 - 00000020 ___SH () C:\Users\Marvin\ntuser.ini
2014-01-30 15:49 - 2014-01-30 15:43 - 00000000 ___DC () C:\WINDOWS\Panther
2014-01-30 15:49 - 2014-01-30 13:40 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-01-30 15:47 - 2014-01-30 15:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-30 15:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-01-30 15:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-01-30 15:47 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-01-30 15:46 - 2014-01-30 15:46 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-01-30 15:46 - 2014-01-30 15:45 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-01-30 15:46 - 2014-01-30 15:45 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-01-30 15:46 - 2014-01-30 15:36 - 00006611 _____ () C:\WINDOWS\comsetup.log
2014-01-30 15:46 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-01-30 15:46 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Vorlagen
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Startmenü
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Netzwerkumgebung
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Lokale Einstellungen
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Eigene Dateien
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Druckumgebung
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Documents\Eigene Musik
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Documents\Eigene Bilder
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\AppData\Local\Verlauf
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\AppData\Local\Anwendungsdaten
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 _SHDL () C:\Users\Marvin\Anwendungsdaten
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-30 15:45 - 2014-01-30 15:45 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-01-30 15:45 - 2014-01-30 15:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-01-30 15:45 - 2014-01-30 15:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-01-30 15:45 - 2014-01-30 15:43 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-30 15:45 - 2014-01-30 13:39 - 00000000 ____D () C:\ProgramData\PRICache
2014-01-30 15:45 - 2013-11-14 08:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-01-30 15:45 - 2013-11-14 08:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-01-30 15:45 - 2013-11-14 08:11 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-01-30 15:45 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-01-30 15:45 - 2013-08-22 16:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2014-01-30 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2014-01-30 15:45 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-01-30 15:45 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2014-01-30 15:44 - 2014-01-30 15:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-30 15:44 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-01-30 15:43 - 2014-01-30 15:43 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-30 15:43 - 2014-01-30 15:43 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-30 15:43 - 2014-01-30 15:43 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-30 15:43 - 2014-01-30 15:43 - 00000000 ____D () C:\Program Files\Intel
2014-01-30 15:43 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-01-30 15:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-30 15:42 - 2014-01-30 15:42 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-30 15:42 - 2014-01-30 15:42 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-30 15:42 - 2014-01-30 15:42 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-30 15:42 - 2014-01-30 15:42 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-30 15:42 - 2014-01-30 15:42 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-30 15:42 - 2014-01-30 15:42 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-01-30 15:42 - 2014-01-30 15:42 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-30 15:42 - 2014-01-30 15:42 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-30 15:42 - 2014-01-30 15:42 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-30 15:42 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-01-30 15:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-01-30 15:40 - 2014-01-30 13:39 - 01995791 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-01-30 15:26 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-01-30 15:19 - 2014-01-30 15:19 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-01-30 15:18 - 2014-01-30 15:18 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-30 14:42 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2014-01-30 14:42 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2014-01-30 14:42 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klelam.sys
2014-01-30 14:36 - 2014-01-30 14:36 - 00001325 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-01-30 14:35 - 2014-01-30 14:35 - 00000167 _____ () C:\WINDOWS\system32\netcfg-2381765.txt
2014-01-30 14:35 - 2014-01-30 14:35 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-01-30 14:35 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-30 13:59 - 2014-01-30 13:59 - 00001949 _____ () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk
2014-01-30 13:57 - 2014-01-30 13:57 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Intel Corporation
2014-01-30 13:55 - 2014-01-30 13:55 - 00000304 _____ () C:\WINDOWS\system32\netcfg-1213421.txt
2014-01-30 13:55 - 2014-01-30 13:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1218312.txt
2014-01-30 13:55 - 2014-01-30 13:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1213171.txt
2014-01-30 13:54 - 2014-01-30 13:54 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-01-30 13:54 - 2014-01-30 13:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-30 13:53 - 2014-01-30 13:51 - 00000000 ____D () C:\Users\Marvin\AppData\Local\NVIDIA
2014-01-30 13:52 - 2014-01-30 13:52 - 00000000 ____D () C:\Users\Marvin\AppData\Local\NVIDIA Corporation
2014-01-30 13:51 - 2014-01-30 13:51 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-01-30 13:49 - 2014-01-30 13:49 - 00000000 ____D () C:\NVIDIA
2014-01-30 13:48 - 2014-01-30 13:48 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\InstallShield
2014-01-30 13:48 - 2014-01-30 13:48 - 00000000 ____D () C:\Program Files\ASRock Utility
2014-01-30 13:48 - 2014-01-30 13:48 - 00000000 ____D () C:\Program Files (x86)\ASRock Utility
2014-01-30 13:48 - 2014-01-30 13:44 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-01-30 13:44 - 2014-01-30 13:44 - 00000000 ____D () C:\Intel
2014-01-30 13:43 - 2014-01-30 13:43 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Mozilla
2014-01-30 13:43 - 2014-01-30 13:43 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Mozilla
2014-01-30 13:43 - 2014-01-30 13:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-30 13:42 - 2014-01-30 13:42 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Macromedia
2014-01-30 13:40 - 2014-01-30 13:40 - 00000000 ____D () C:\WINDOWS\CSC
2014-01-30 13:39 - 2014-01-30 13:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-248046.txt
2014-01-30 13:39 - 2014-01-30 13:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-245156.txt
2014-01-30 13:39 - 2014-01-30 13:39 - 00000000 ____D () C:\Users\Marvin\AppData\Local\VirtualStore
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Vorlagen
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Startmenü
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Netzwerkumgebung
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Lokale Einstellungen
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Eigene Dateien
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Druckumgebung
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Eigene Musik
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Eigene Bilder
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Local\Verlauf
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Local\Anwendungsdaten
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Users\Default.migrated\Anwendungsdaten
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Programme
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-01-30 13:35 - 2014-01-30 13:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-01-30 13:34 - 2014-01-30 13:34 - 00001135 _____ () C:\WINDOWS\system32\netcfg-19515.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000185 _____ () C:\WINDOWS\system32\netcfg-15578.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000164 _____ () C:\WINDOWS\system32\netcfg-14593.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000161 _____ () C:\WINDOWS\system32\netcfg-15468.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000160 _____ () C:\WINDOWS\system32\netcfg-15375.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000160 _____ () C:\WINDOWS\system32\netcfg-15171.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000160 _____ () C:\WINDOWS\system32\netcfg-14953.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000159 _____ () C:\WINDOWS\system32\netcfg-15062.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000157 _____ () C:\WINDOWS\system32\netcfg-15281.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000157 _____ () C:\WINDOWS\system32\netcfg-14703.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000150 _____ () C:\WINDOWS\system32\netcfg-14843.txt
2014-01-30 13:34 - 2014-01-30 13:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-01-21 03:53 - 2014-01-30 13:51 - 01179576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-01-21 03:53 - 2014-01-30 13:51 - 01048152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\bassmod.dll
C:\Users\Marvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptk_vf2.dll
C:\Users\Marvin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marvin\AppData\Local\Temp\ICReinstall_JDownloaderSetup_jdownloader.org.exe
C:\Users\Marvin\AppData\Local\Temp\proxy_vole6098351480579686170.dll
C:\Users\Marvin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Marvin\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-17 00:02
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Marvin at 2014-02-19 15:28:02
Running from C:\Users\Marvin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.1 - Adobe Systems)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (x32 Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 5.3 64-bit (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASRock eXtreme Tuner v0.1.248 (x32 Version: - )
ASRock XFast RAM v2.0.9 (Version: - ASRock Inc.)
AutoHotkey 1.1.14.02 (Version: 1.1.14.02 - Lexikos)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (x32 Version: - Valve)
Data Lifeguard Diagnostic for Windows 1.24 (x32 Version: - Western Digital Corporation)
Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.)
FIFA 14 (x32 Version: 1.0 - Electronic Arts)
FIFA 14 (x32 Version: 1.0.0.0 - Electronic Arts)
Full Tilt Poker (x32 Version: 5.4.26.WIN.FullTilt.COM - )
Full Tilt Poker.Eu (x32 Version: 5.4.26.WIN.FullTilt.EU - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel(R) Processor Graphics (x32 Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.7.0.1013 - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (Version: 2.0 - AppWork GmbH)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
League of Legends (x32 Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0 - Microsoft)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 de) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
MySQL Workbench 6.0 CE (x32 Version: 6.0.9 - Oracle Corporation)
Need for Speed (TM) Rivals German Edition 1.2.0.0 (x32 Version: - )
Notepad++ (x32 Version: 6.5.3 - Notepad++ Team)
NVIDIA GeForce Experience 1.8.2 (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20 - NVIDIA Corporation)
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PokerStars.eu (x32 Version: - PokerStars.eu)
PremiumSoft Navicat Premium 11.0 (x32 Version: 11.0.8 - PremiumSoft CyberTech Ltd.)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (x32 Version: - Valve Corporation)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 8 (x32 Version: 8.0.20935 - TeamViewer)
tools-freebsd (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden
VMware Workstation (x32 Version: 10.0.1 - VMware, Inc)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.1 (x32 Version: 5.5.1 - Martin Prikryl)
==================== Restore Points =========================
07-02-2014 12:28:57 DirectX wurde installiert
10-02-2014 19:21:36 Installed MySQL Workbench 6.0 CE
14-02-2014 21:04:19 DirectX wurde installiert
17-02-2014 10:48:59 Windows Modules Installer
17-02-2014 10:49:10 Windows Modules Installer
==================== Hosts content: ==========================
2013-08-22 14:25 - 2014-02-05 15:01 - 00000852 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A8606FB-4A81-4F1F-9F1C-32491B7321F4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {79E5636A-7B55-4AA3-890F-D3049A12BD7E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-17] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C0BA6ADF-A077-4414-8D07-59024D358867} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-30 15:44 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-18 12:10 - 2013-10-18 12:10 - 14405200 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-15 00:02 - 2013-12-08 01:55 - 01462784 _____ () C:\Users\Marvin\AppData\Local\Temp\Rar$EXa0.958\Shairport4w.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-10-18 12:46 - 2013-10-18 12:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-02-02 06:02 - 2014-02-02 06:02 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\324e0f5ab97406eb8de7230c15db1067\PSIClient.ni.dll
2014-02-11 20:53 - 2014-02-11 20:53 - 00041984 _____ () c:\users\marvin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptk_vf2.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Marvin\AppData\Roaming\Dropbox\bin\libcef.dll
2011-09-05 18:05 - 2011-09-05 18:05 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-01-30 13:43 - 2014-02-14 20:51 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Marvin\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/18/2014 08:14:29 AM) (Source: Bonjour Service) (User: )
Description: 452: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:29 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 08:14:28 AM) (Source: Bonjour Service) (User: )
Description: 816: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:28 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service) (User: )
Description: 816: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service) (User: )
Description: 836: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service) (User: )
Description: 468: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
System errors:
=============
Error: (02/19/2014 10:00:01 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/18/2014 03:52:36 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Error: (02/18/2014 03:52:27 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Error: (02/18/2014 03:52:21 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Error: (02/18/2014 03:52:13 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Error: (02/18/2014 03:52:12 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Error: (02/18/2014 03:52:11 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Error: (02/18/2014 03:52:10 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Error: (02/18/2014 03:52:09 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Error: (02/18/2014 03:52:08 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "F:" wurde eine Beschädigung erkannt.
Eine Datei auf dem Volume ist nicht mehr von ihrem übergeordneten Verzeichnis aus erreichbar. Die Referenznummer der übergeordneten Datei ist 0x5000000000005. Der Name des übergeordneten Verzeichnisses ist "<Dateiname kann nicht bestimmt werden>". Das übergeordnete Indexattribut ist ":$I30:$INDEX_ALLOCATION". Die Referenznummer der Datei, die erneut verbunden werden muss, ist 0x9000000000009. Möglicherweise befinden sich auf dem Volume weitere Dateien, die ebenfalls wieder mit dem übergeordneten Verzeichnis verbunden werden müssen.
Microsoft Office Sessions:
=========================
Error: (02/18/2014 08:14:29 AM) (Source: Bonjour Service)(User: )
Description: 452: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:29 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 08:14:28 AM) (Source: Bonjour Service)(User: )
Description: 816: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:28 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service)(User: )
Description: 816: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service)(User: )
Description: 836: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service)(User: )
Description: 468: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/18/2014 08:14:27 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
==================== Memory info ===========================
Percentage of memory in use: 29%
Total physical RAM: 8079.24 MB
Available physical RAM: 5708.32 MB
Total Pagefile: 9951.24 MB
Available Pagefile: 6965.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.45 GB) (Free:57.5 GB) NTFS
Drive d: (Files) (Fixed) (Total:596.17 GB) (Free:181.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:1397.26 GB) (Free:31.85 GB) NTFS
Drive h: (Volume) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: DB1EE53F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: F24A4A8D)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: B3228D88)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 60DEE954)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Virustotal: https://www.virustotal.com/de/file/e9d4aa824c6b65ef1d6459f58eceabede0592c14670027e6bd41b95e2b2a447b/analysis/1392904763/ |
|
21.02.2014, 10:59
| #7 |
| /// the machine /// TB-Ausbilder | Trojaner? PDM:trojan.win32.bazon.a Ich würd meinen das ist ein Fehlalarm 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.02.2014, 12:03
| #8 |
| | Trojaner? PDM:trojan.win32.bazon.a Super, danke. Also kann ich das Update bedenkenlos installieren? |
|
22.02.2014, 13:21
| #9 |
| /// the machine /// TB-Ausbilder | Trojaner? PDM:trojan.win32.bazon.a jap
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner? PDM:trojan.win32.bazon.a |
| administrator, adobe, computer, crypt, dnsapi.dll, explorer, file, hotkey, internet, internet explorer, msn, ntdll.dll, registry, secur, secure, security, software, system, temp, trojaner, trojaner?, udp, windows, windows xp, winlogon, winsock, wshtcpip.dll |
Linear-Darstellung
