| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen2 entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.04.2014, 11:17
| #1 |
| |  TR/Crypt.XPACK.Gen2 entfernen? Hey, entwickle derzeit Software für meine Masterarbeit und wollte aus dem Grund FLTK im Release-Modus neu compilieren. Nach dem Compilieren hat sich Avira mit einem Fund in einigen der generierten .exe Dateien gemeldet (shape.exe, CubeView.exe, cube.exe, gl_overlay.exe, fullscreen.exe). Wie sich herausgestellt hat, wurde (und wird wird sobald ich sie neu erstelle/ kompiliere) auf diese Dateien vom Trojaner TR/Crypt.XPACK.Gen2 zugegriffen. Die Dateien sind gelockt, ich kann nicht ohne Adminberechtigung auf diese zugreifen und Avira meldet wenig später, dass es sich bei ihnen ebenfalls um den Trojaner TR/Crypt.XPACK.Gen2 handelt. Hier der Log vom Avira: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 9. April 2014 11:46
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : M4DGUY-PC
Versionsinformationen:
BUILD.DAT : 14.0.3.350 56624 Bytes 25.02.2014 11:41:00
AVSCAN.EXE : 14.0.3.332 1058384 Bytes 18.02.2014 09:45:05
AVSCANRC.DLL : 14.0.2.180 62008 Bytes 12.12.2013 11:07:41
LUKE.DLL : 14.0.3.336 65616 Bytes 18.02.2014 09:45:12
AVSCPLR.DLL : 14.0.3.336 124496 Bytes 18.02.2014 09:45:05
AVREG.DLL : 14.0.3.336 250448 Bytes 18.02.2014 09:45:04
avlode.dll : 14.0.3.336 544848 Bytes 18.02.2014 09:45:04
avlode.rdf : 14.0.3.38 58680 Bytes 13.03.2014 16:27:14
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:39:02
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:42:32
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 16:36:31
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 15:02:11
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 11:27:58
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 22:14:26
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 15:17:28
VBASE007.VDF : 7.11.139.39 2048 Bytes 27.03.2014 15:17:28
VBASE008.VDF : 7.11.139.40 2048 Bytes 27.03.2014 15:17:28
VBASE009.VDF : 7.11.139.41 2048 Bytes 27.03.2014 15:17:28
VBASE010.VDF : 7.11.139.42 2048 Bytes 27.03.2014 15:17:28
VBASE011.VDF : 7.11.139.43 2048 Bytes 27.03.2014 15:17:28
VBASE012.VDF : 7.11.139.44 2048 Bytes 27.03.2014 15:17:28
VBASE013.VDF : 7.11.139.45 2048 Bytes 27.03.2014 15:17:28
VBASE014.VDF : 7.11.139.171 111104 Bytes 28.03.2014 17:30:03
VBASE015.VDF : 7.11.140.23 150016 Bytes 30.03.2014 10:13:18
VBASE016.VDF : 7.11.140.143 222720 Bytes 01.04.2014 10:17:59
VBASE017.VDF : 7.11.140.235 144384 Bytes 03.04.2014 21:04:44
VBASE018.VDF : 7.11.141.81 193536 Bytes 05.04.2014 14:38:11
VBASE019.VDF : 7.11.141.203 241152 Bytes 08.04.2014 14:07:30
VBASE020.VDF : 7.11.141.204 2048 Bytes 08.04.2014 14:07:30
VBASE021.VDF : 7.11.141.205 2048 Bytes 08.04.2014 14:07:30
VBASE022.VDF : 7.11.141.206 2048 Bytes 08.04.2014 14:07:30
VBASE023.VDF : 7.11.141.207 2048 Bytes 08.04.2014 14:07:30
VBASE024.VDF : 7.11.141.208 2048 Bytes 08.04.2014 14:07:30
VBASE025.VDF : 7.11.141.209 2048 Bytes 08.04.2014 14:07:30
VBASE026.VDF : 7.11.141.210 2048 Bytes 08.04.2014 14:07:30
VBASE027.VDF : 7.11.141.211 2048 Bytes 08.04.2014 14:07:30
VBASE028.VDF : 7.11.141.212 2048 Bytes 08.04.2014 14:07:30
VBASE029.VDF : 7.11.141.213 2048 Bytes 08.04.2014 14:07:30
VBASE030.VDF : 7.11.141.214 2048 Bytes 08.04.2014 14:07:30
VBASE031.VDF : 7.11.142.34 152064 Bytes 09.04.2014 08:52:38
Engineversion : 8.3.18.2
AEVDF.DLL : 8.3.0.4 118976 Bytes 20.03.2014 15:39:02
AESCRIPT.DLL : 8.1.4.198 528584 Bytes 28.03.2014 17:30:02
AESCN.DLL : 8.3.0.2 135360 Bytes 20.03.2014 15:39:02
AESBX.DLL : 8.2.20.6 1331575 Bytes 13.01.2014 16:06:15
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 16:48:36
AEPACK.DLL : 8.4.0.16 778440 Bytes 02.04.2014 18:38:00
AEOFFICE.DLL : 8.3.0.2 201084 Bytes 13.03.2014 16:27:13
AEHEUR.DLL : 8.1.4.1004 6643912 Bytes 03.04.2014 21:04:43
AEHELP.DLL : 8.3.0.0 274808 Bytes 11.03.2014 15:35:37
AEGEN.DLL : 8.1.7.24 442743 Bytes 11.03.2014 15:35:37
AEEXP.DLL : 8.4.1.258 512376 Bytes 13.03.2014 16:27:14
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 09:30:30
AECORE.DLL : 8.3.0.6 241864 Bytes 19.03.2014 15:32:51
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 13:19:14
AVWINLL.DLL : 14.0.3.252 23608 Bytes 18.02.2014 09:45:01
AVPREF.DLL : 14.0.3.252 48696 Bytes 18.02.2014 09:45:04
AVREP.DLL : 14.0.3.252 175672 Bytes 18.02.2014 09:45:04
AVARKT.DLL : 14.0.3.336 256080 Bytes 18.02.2014 09:45:01
AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 18.02.2014 09:45:02
SQLITE3.DLL : 3.7.0.1 397704 Bytes 08.04.2013 19:24:16
AVSMTP.DLL : 14.0.3.252 60472 Bytes 18.02.2014 09:45:05
NETNT.DLL : 14.0.3.252 13368 Bytes 18.02.2014 09:45:12
RCIMAGE.DLL : 14.0.3.260 4979256 Bytes 18.02.2014 09:45:01
RCTEXT.DLL : 14.0.3.282 72760 Bytes 18.02.2014 09:45:01
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5345092a\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +, +, +, +, +, +, +,
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Abweichende Gefahrenkategorien........: +PCK,+SPR,
Beginn des Suchlaufs: Mittwoch, 9. April 2014 11:46
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'a2service.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Egishlpsvc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisTicketService.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'CALoadService.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'ReminderFoxUpdater.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchAnonymizerHelper.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '209' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip32.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchUser.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Energy Management.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'utility.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSVNCache.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'S6000Mnt.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisPLTSR.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisTSR.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'pidgin.exe' - '175' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'devenv.exe' - '203' Modul(e) wurden durchsucht
Durchsuche Prozess 'codeblocks.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_12_0_0_77.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_12_0_0_77.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'mspdbsrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSVNCache.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\windows\system32\svchost.exe'
Signiert -> 'C:\windows\system32\winlogon.exe'
Signiert -> 'C:\windows\explorer.exe'
Signiert -> 'C:\windows\system32\smss.exe'
Signiert -> 'C:\windows\system32\wininet.DLL'
Signiert -> 'C:\windows\system32\wsock32.DLL'
Signiert -> 'C:\windows\system32\ws2_32.DLL'
Signiert -> 'C:\windows\system32\services.exe'
Signiert -> 'C:\windows\system32\lsass.exe'
Signiert -> 'C:\windows\system32\csrss.exe'
Signiert -> 'C:\windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\windows\system32\spoolsv.exe'
Signiert -> 'C:\windows\system32\alg.exe'
Signiert -> 'C:\windows\system32\wuauclt.exe'
Signiert -> 'C:\windows\system32\advapi32.DLL'
Signiert -> 'C:\windows\system32\user32.DLL'
Signiert -> 'C:\windows\system32\gdi32.DLL'
Signiert -> 'C:\windows\system32\kernel32.DLL'
Signiert -> 'C:\windows\system32\ntdll.DLL'
Signiert -> 'C:\windows\system32\ntoskrnl.exe'
Signiert -> 'C:\windows\system32\drivers\beep.sys'
Signiert -> 'C:\windows\system32\ctfmon.exe'
Signiert -> 'C:\windows\system32\imm32.dll'
Signiert -> 'C:\windows\system32\dsound.dll'
Signiert -> 'C:\windows\system32\aclui.dll'
Signiert -> 'C:\windows\system32\msvcrt.dll'
Signiert -> 'C:\windows\system32\d3d9.dll'
Signiert -> 'C:\windows\system32\dnsapi.dll'
Signiert -> 'C:\windows\system32\mshtml.dll'
Signiert -> 'C:\windows\system32\regsvr32.exe'
Signiert -> 'C:\windows\system32\rundll32.exe'
Signiert -> 'C:\windows\system32\userinit.exe'
Signiert -> 'C:\windows\system32\reg.exe'
Signiert -> 'C:\windows\regedit.exe'
Die Systemdateien wurden durchsucht ('34' Dateien)
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\FTLK\test\fullscreen.exe'
C:\FTLK\test\fullscreen.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
Beginne mit der Suche in 'C:\FTLK\test\gl_overlay.exe'
C:\FTLK\test\gl_overlay.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
Beginne mit der Suche in 'C:\FTLK\test\shape.exe'
C:\FTLK\test\shape.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
Beginne mit der Desinfektion:
C:\FTLK\test\shape.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[WARNUNG] Die Datei wurde ignoriert.
C:\FTLK\test\gl_overlay.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[WARNUNG] Die Datei wurde ignoriert.
C:\FTLK\test\fullscreen.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Mittwoch, 9. April 2014 11:51
Benötigte Zeit: 00:09 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1175 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1172 Dateien ohne Befall
3 Archive wurden durchsucht
3 Warnungen
0 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
Ich habe weder Lust, noch Zeit mein System komplett neu aufzusetzen. Ist es möglich die Nervensäge auf einfachere Art loszuwerden (etwa durch: Windows im abgesicherten Modus starten und anschließender Scan oder: Booten mit einer Unix-Bootdisk und anschließender Scan/ manuelles Löschen des Trojaners)? |
|
09.04.2014, 11:39
| #2 |
  | TR/Crypt.XPACK.Gen2 entfernen? Hallo m4dguy und
__________________ Avira findet hier die Dateien die du compilierst und auf diese wird beim erstellen natürlich zugegriffen um diese zu schreiben.  Das ist nur ein Fehlalarm von Avira.Falls du dein System auf Malware prüfen lassen willst, mache bitte nach folgender Anleitung Logs.
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
09.04.2014, 14:04
| #3 |
| | TR/Crypt.XPACK.Gen2 entfernen? Nachfolgend die Logs:
__________________FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by m4dguy (administrator) on M4DGUY-PC on 09-04-2014 12:57:57
Running from C:\Users\m4dguy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Advanced Micro Devices) C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
() C:\Users\m4dguy\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Alcor) C:\windows\WebCam\S6000\S6000Mnt.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe
() C:\Codeblocks\codeblocks.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Messaging) C:\Program Files\Earlybird\thunderbird.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-11-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-30] (Lenovo)
HKLM\...\Run: [Ocs_SM] - C:\Users\m4dguy\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-12-15] (OCS)
HKLM-x32\...\Run: [S6000Mnt] - C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://easy.box/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D3149374C454E4E&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&k=0
SearchScopes: HKCU - {035159F5-F97F-42CD-A0A8-8F98DA87411E} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4C454E4446382670633D4D414C4E267372633D49452D536561726368426F78&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&k=0
SearchScopes: HKCU - {295B10D2-DB91-422D-905A-1A2F0CE8A2E8} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D3149374C454E4E&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6E1F4F59-9511-4B9F-B8B0-7D5C9B481A7E} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {858872F5-8391-45A7-9B9E-C7D22D78C209} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {979766A9-201E-4CC4-90F0-DD9044C7A23E} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {F9A5C91A-5841-44F4-AB9F-9DEF7C14A723} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=95010877-ccef-496c-9991-9b2453695048&pid=freewarede&mode=bounce&k=0
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: ReminderFox - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.96.7.100 134.96.7.5 134.96.7.99
FireFox:
========
FF ProfilePath: C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default
FF user.js: detected! => C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\user.js
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Disconnect - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\2.0@disconnect.me.xpi [2013-07-15]
FF Extension: Ghostery - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: Grooveshark Unlocker - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-12-14]
FF Extension: Beef Taco (Targeted Advertising Cookie Opt-Out) - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\john@velvetcache.org.xpi [2011-12-15]
FF Extension: NoScript - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-15]
FF Extension: Adblock Plus - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-15]
FF Extension: DownThemAll! - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-22]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-11-30]
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-04-07] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 CALoadService; C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe [66048 2012-04-24] (Advanced Micro Devices)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 ReminderFoxUpdater; C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe [18432 2012-02-02] ()
R2 SearchAnonymizer; C:\Users\m4dguy\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2011-12-15] ()
S2 MBAMScheduler; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-04-07] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 CAPROF; C:\windows\system32\drivers\CAPROF.sys [61648 2012-04-24] (Advanced Micro Devices)
R3 CAUTILITY; C:\windows\system32\drivers\CAUTILITY.sys [16080 2012-04-24] (Advanced Micro Devices)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-22] (DT Soft Ltd)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
R2 SSPORT; C:\windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-12] (Samsung Electronics)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
S3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [X]
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-09 12:57 - 2014-04-09 12:58 - 00020237 _____ () C:\Users\m4dguy\Desktop\FRST.txt
2014-04-09 12:55 - 2014-04-09 12:57 - 00000000 ____D () C:\FRST
2014-04-09 12:54 - 2014-04-09 12:55 - 04260874 _____ () C:\Users\m4dguy\Desktop\fltk-1.3.2-source.tar.gz
2014-04-09 12:48 - 2014-04-09 12:49 - 00000000 ____D () C:\Users\m4dguy\Desktop\GUI
2014-04-09 12:46 - 2014-04-09 12:46 - 02157056 _____ (Farbar) C:\Users\m4dguy\Desktop\FRST64.exe
2014-04-09 12:33 - 2014-04-09 12:33 - 00000171 _____ () C:\Users\m4dguy\Desktop\thread.url
2014-04-09 12:31 - 2014-04-09 12:32 - 00000160 _____ () C:\Users\m4dguy\Desktop\Neue Internetverknüpfung.url
2014-04-09 11:28 - 2014-04-09 11:28 - 00602112 _____ (OldTimer Tools) C:\Users\m4dguy\Desktop\OTL.exe
2014-04-09 11:14 - 2014-04-09 12:57 - 00000000 ____D () C:\Users\m4dguy\Desktop\lib
2014-04-08 18:58 - 2014-04-08 18:59 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\ProgramData\Applications
2014-04-08 18:54 - 2014-04-08 18:54 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-04-08 15:27 - 2014-04-08 15:27 - 00009943 _____ () C:\Users\m4dguy\Desktop\distance.c
2014-04-08 15:21 - 2014-04-08 15:24 - 00000000 ____D () C:\Users\m4dguy\Desktop\DIC
2014-04-07 20:36 - 2014-04-07 22:49 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 19:44 - 2014-04-07 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\EurekaLab s.a.s
2014-04-07 18:00 - 2014-04-07 18:26 - 00000000 ____D () C:\Users\m4dguy\Desktop\results
2014-04-07 16:58 - 2014-04-09 10:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\Users\m4dguy\Documents\Anti-Malware
2014-04-06 14:04 - 2014-04-06 14:06 - 00000000 ____D () C:\Users\m4dguy\Desktop\ex
2014-04-04 11:58 - 2014-04-04 11:59 - 00000000 ____D () C:\Users\m4dguy\Desktop\muenster
2014-04-02 12:13 - 2014-04-04 12:30 - 00000267 _____ () C:\Users\m4dguy\Desktop\quotes.txt
2014-04-01 18:26 - 2014-04-01 18:26 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\DropboxMaster
2014-03-31 11:07 - 2014-04-08 10:01 - 00001182 _____ () C:\windows\PFRO.log
2014-03-30 15:06 - 2014-04-09 11:08 - 00002387 _____ () C:\windows\setupact.log
2014-03-30 15:06 - 2014-03-30 15:06 - 00000000 _____ () C:\windows\setuperr.log
2014-03-30 12:51 - 2014-03-30 12:51 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-03-26 19:59 - 2014-03-26 19:59 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\Skype
2014-03-26 19:58 - 2014-03-26 19:58 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-26 19:58 - 2014-03-26 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-26 11:34 - 2014-03-26 11:34 - 00002972 _____ () C:\windows\System32\Tasks\{D1F67187-D06E-4AF6-B71B-2642A29D9885}
2014-03-26 11:33 - 2014-03-26 11:33 - 00002972 _____ () C:\windows\System32\Tasks\{B1D910A1-EE3D-4954-99F7-1C54F7DA1754}
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2014-03-19 12:37 - 2014-03-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-15 15:22 - 2014-03-15 15:24 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\PearlMountain Image Converter
2014-03-13 23:26 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 23:26 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 23:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 23:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 23:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 23:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 23:26 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 23:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 23:26 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 23:26 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 23:26 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 23:26 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 23:26 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 23:26 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 23:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 23:26 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 23:26 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 23:26 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 23:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 23:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 23:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 23:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 23:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 23:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 23:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 23:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 23:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 23:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 23:26 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 23:26 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 23:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 23:26 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 23:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 23:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 23:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 23:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 23:26 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 23:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 23:26 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 23:26 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 23:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 23:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 23:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 23:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 23:25 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 23:25 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 23:25 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 23:25 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 20:12 - 2014-03-11 20:12 - 00000000 ____D () C:\Program Files\CloudCompare
2014-03-10 11:54 - 2014-03-10 11:54 - 00004096 _____ () C:\windows\d3dx.dat
2014-03-10 11:54 - 2014-03-10 11:54 - 00002974 _____ () C:\windows\System32\Tasks\{EE9EF005-C8D8-4CF6-BBC4-BB619F028DBC}
2014-03-10 11:54 - 2014-03-10 11:54 - 00002974 _____ () C:\windows\System32\Tasks\{BFCA9E93-63F5-4911-8641-4CD8DB875344}
==================== One Month Modified Files and Folders =======
2014-04-09 12:58 - 2014-04-09 12:57 - 00020237 _____ () C:\Users\m4dguy\Desktop\FRST.txt
2014-04-09 12:57 - 2014-04-09 12:55 - 00000000 ____D () C:\FRST
2014-04-09 12:57 - 2014-04-09 11:14 - 00000000 ____D () C:\Users\m4dguy\Desktop\lib
2014-04-09 12:56 - 2013-09-02 14:00 - 00000000 ____D () C:\FTLK
2014-04-09 12:55 - 2014-04-09 12:54 - 04260874 _____ () C:\Users\m4dguy\Desktop\fltk-1.3.2-source.tar.gz
2014-04-09 12:55 - 2011-12-17 20:10 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\.purple
2014-04-09 12:49 - 2014-04-09 12:48 - 00000000 ____D () C:\Users\m4dguy\Desktop\GUI
2014-04-09 12:49 - 2011-12-16 23:07 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\CodeBlocks
2014-04-09 12:47 - 2012-07-03 21:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 12:46 - 2014-04-09 12:46 - 02157056 _____ (Farbar) C:\Users\m4dguy\Desktop\FRST64.exe
2014-04-09 12:33 - 2014-04-09 12:33 - 00000171 _____ () C:\Users\m4dguy\Desktop\thread.url
2014-04-09 12:32 - 2014-04-09 12:31 - 00000160 _____ () C:\Users\m4dguy\Desktop\Neue Internetverknüpfung.url
2014-04-09 12:12 - 2013-04-06 09:23 - 01540416 _____ () C:\windows\WindowsUpdate.log
2014-04-09 11:38 - 2012-04-25 18:42 - 00000000 ____D () C:\Users\m4dguy\Documents\Visual Studio 2008
2014-04-09 11:28 - 2014-04-09 11:28 - 00602112 _____ (OldTimer Tools) C:\Users\m4dguy\Desktop\OTL.exe
2014-04-09 11:08 - 2014-03-30 15:06 - 00002387 _____ () C:\windows\setupact.log
2014-04-09 11:04 - 2011-12-17 20:06 - 00000000 ____D () C:\Users\m4dguy\Desktop\Projekte
2014-04-09 10:55 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:55 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:52 - 2011-11-18 21:55 - 17762632 _____ () C:\windows\system32\perfh007.dat
2014-04-09 10:52 - 2011-11-18 21:55 - 05699426 _____ () C:\windows\system32\perfc007.dat
2014-04-09 10:52 - 2009-07-14 07:13 - 00006514 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-09 10:48 - 2014-04-07 16:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-09 10:47 - 2012-04-17 15:31 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\TSVNCache
2014-04-09 10:47 - 2011-11-30 07:59 - 00608577 _____ () C:\windows\system32\fastboot.set
2014-04-09 10:47 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-08 21:59 - 2011-12-15 19:05 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Skype
2014-04-08 18:59 - 2014-04-08 18:58 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\ProgramData\Applications
2014-04-08 18:54 - 2014-04-08 18:54 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-04-08 15:27 - 2014-04-08 15:27 - 00009943 _____ () C:\Users\m4dguy\Desktop\distance.c
2014-04-08 15:24 - 2014-04-08 15:21 - 00000000 ____D () C:\Users\m4dguy\Desktop\DIC
2014-04-08 10:01 - 2014-03-31 11:07 - 00001182 _____ () C:\windows\PFRO.log
2014-04-08 00:02 - 2011-12-15 14:53 - 00000000 ___RD () C:\Users\m4dguy\Desktop\Progamme
2014-04-07 22:49 - 2014-04-07 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 19:45 - 2012-06-18 19:48 - 00000000 ___RD () C:\Users\m4dguy\Dropbox
2014-04-07 19:44 - 2014-04-07 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\EurekaLab s.a.s
2014-04-07 19:16 - 2011-12-15 20:15 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Dropbox
2014-04-07 18:26 - 2014-04-07 18:00 - 00000000 ____D () C:\Users\m4dguy\Desktop\results
2014-04-07 17:57 - 2013-08-14 15:07 - 00000000 ____D () C:\Users\m4dguy\Desktop\Master
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\Users\m4dguy\Documents\Anti-Malware
2014-04-07 12:31 - 2011-12-26 13:21 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\vlc
2014-04-06 22:53 - 2011-12-15 20:23 - 00000000 ____D () C:\Users\m4dguy\Desktop\tmp
2014-04-06 14:06 - 2014-04-06 14:04 - 00000000 ____D () C:\Users\m4dguy\Desktop\ex
2014-04-04 12:30 - 2014-04-02 12:13 - 00000267 _____ () C:\Users\m4dguy\Desktop\quotes.txt
2014-04-04 12:28 - 2013-12-16 18:40 - 00000520 _____ () C:\Users\m4dguy\Desktop\en.dct
2014-04-04 11:59 - 2014-04-04 11:58 - 00000000 ____D () C:\Users\m4dguy\Desktop\muenster
2014-04-04 11:57 - 2014-02-16 22:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\adt-bundle-windows-x86_64-20131030
2014-04-01 18:26 - 2014-04-01 18:26 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\DropboxMaster
2014-04-01 18:26 - 2011-12-15 20:16 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-31 22:37 - 2013-11-21 11:45 - 00000000 ____D () C:\Users\m4dguy\Desktop\eBay
2014-03-31 14:09 - 2011-12-15 21:18 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Notepad++
2014-03-30 15:06 - 2014-03-30 15:06 - 00000000 _____ () C:\windows\setuperr.log
2014-03-30 12:54 - 2013-06-03 12:30 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\inkscape
2014-03-30 12:54 - 2011-12-14 18:51 - 00000000 ____D () C:\Users\m4dguy
2014-03-30 12:51 - 2014-03-30 12:51 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-03-30 12:51 - 2011-12-15 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-26 19:59 - 2014-03-26 19:59 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\Skype
2014-03-26 19:59 - 2011-12-15 19:05 - 00000000 ____D () C:\ProgramData\Skype
2014-03-26 19:58 - 2014-03-26 19:58 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-26 19:58 - 2014-03-26 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-26 11:34 - 2014-03-26 11:34 - 00002972 _____ () C:\windows\System32\Tasks\{D1F67187-D06E-4AF6-B71B-2642A29D9885}
2014-03-26 11:33 - 2014-03-26 11:33 - 00002972 _____ () C:\windows\System32\Tasks\{B1D910A1-EE3D-4954-99F7-1C54F7DA1754}
2014-03-25 17:34 - 2011-12-21 13:40 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2014-03-21 14:55 - 2011-12-15 21:10 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-03-21 14:23 - 2011-12-19 18:14 - 00000000 ____D () C:\Users\m4dguy\.thumbnails
2014-03-19 18:42 - 2012-05-03 21:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 12:38 - 2014-03-19 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 00:17 - 2013-07-13 22:44 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 00:14 - 2011-12-15 14:53 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-16 01:25 - 2011-12-15 20:56 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\uTorrent
2014-03-16 01:25 - 2011-12-15 20:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-15 15:24 - 2014-03-15 15:22 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\PearlMountain Image Converter
2014-03-15 13:11 - 2011-12-15 19:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-14 16:46 - 2009-07-14 06:45 - 00317872 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 16:45 - 2013-03-13 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 16:45 - 2013-03-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:03 - 2011-12-15 19:06 - 00000000 ____D () C:\Users\m4dguy\Documents\Youcam
2014-03-12 15:47 - 2012-07-03 21:25 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 15:47 - 2012-03-31 09:45 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:47 - 2011-12-14 19:26 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:12 - 2014-03-11 20:12 - 00000000 ____D () C:\Program Files\CloudCompare
2014-03-10 11:54 - 2014-03-10 11:54 - 00004096 _____ () C:\windows\d3dx.dat
2014-03-10 11:54 - 2014-03-10 11:54 - 00002974 _____ () C:\windows\System32\Tasks\{EE9EF005-C8D8-4CF6-BBC4-BB619F028DBC}
2014-03-10 11:54 - 2014-03-10 11:54 - 00002974 _____ () C:\windows\System32\Tasks\{BFCA9E93-63F5-4911-8641-4CD8DB875344}
Some content of TEMP:
====================
C:\Users\m4dguy\AppData\Local\Temp\avgnt.exe
C:\Users\m4dguy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptpswlq.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 00:18
==================== End Of Log ============================
--- --- --- --- --- --- Addtion.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by m4dguy at 2014-04-09 12:59:06
Running from C:\Users\m4dguy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMD CodeAnalyst Performance Analyzer v3.6 (HKLM\...\{82B42DAD-5E8B-4172-9010-2053E0EEE3D2}) (Version: 3.6.1197.1031 - Ihr Firmenname)
ArcSoft PhotoStudio 5 (HKLM-x32\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - )
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version: - )
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Blender (HKLM\...\Blender) (Version: 2.70 - Blender Foundation)
BootDreams (HKLM-x32\...\BootDreams) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CloudCompare 2.5.3 (HKLM\...\{4DE0A2C8-03F9-4B3F-BAFC-1D5F2141464B}_is1) (Version: 2.5.3 - Daniel Girardeau-Montaut)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3623 - CyberLink Corp.) Hidden
Cytoscape 2.8.2 (HKLM\...\5211-3645-3154-2580) (Version: 2.8.2 - Cytoscape Consortium)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DC++ 0.830 (HKLM-x32\...\DC++) (Version: 0.830 - Jacek Sieka)
doxygen 1.8.6 (HKLM\...\doxygen_is1) (Version: 1.8.6 - Dimitri van Heesch)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.25 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Earlybird 7.0 (x64 en-US) (HKLM\...\Earlybird 7.0 (x64 en-US)) (Version: 7.0 - Mozilla)
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Git version 1.8.1.2-preview20130201 (HKLM-x32\...\Git_is1) (Version: 1.8.1.2-preview20130201 - The Git Development Community)
GnuWin32: Tiff-3.8.2-1 (HKLM-x32\...\Tiff-3.8.2-1_is1) (Version: 3.8.2-1 - GnuWin32)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 5 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle)
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
Java-Editor 11.15, 2012.05.21 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version: - Gerhard Röhner)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 SDK (HKLM-x32\...\{2222706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JetBrains PyCharm Community Edition 3.0.1 (HKLM-x32\...\PyCharm Community Edition 3.0.1) (Version: 131.339 - JetBrains s.r.o.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{FC9B811E-39BC-4813-9E29-B83CCF700010}) (Version: 2.16.23.3 - Alcor)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.4.8 - Hermann Schinagl)
Lua for Windows 5.1.4-46 (HKLM-x32\...\Lua_is1) (Version: 5.1.4.46 - The Lua for Windows Project and Lua and Tecgraf, PUC-Rio)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.60130.00 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{64D5BBC6-5270-3711-AA39-31C1087AF4E6}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5294.17011 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MinGW-Get version 0.4-alpha-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.4-alpha-1 - MinGW)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{AF348C2E-7596-481B-92E0-B211836AB949}) (Version: 1.2.4 - Thorvald Natvig)
MySQL Installer (HKLM-x32\...\{7293D767-036E-46F2-960C-C017280D589E}) (Version: 1.0.19.0 - Oracle Corporation)
Nero 7 Essentials (HKLM-x32\...\{C3CF41F1-0373-4DD7-BE99-F33B00E51031}) (Version: 7.03.1084 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
paint.net 4.0 Pre-Release (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.207.0 - Tracker Software Products Ltd)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.1 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Python 2.7 numpy-1.8.0 (HKLM-x32\...\numpy-py2.7) (Version: - )
Python 2.7 scipy-0.13.0 (HKLM-x32\...\scipy-py2.7) (Version: - )
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Qt OpenSource 4.8.4 (HKLM-x32\...\Qt OpenSource 4.8.4 - C:_Qt_4.8.4) (Version: 4.8.4 - Digia Plc)
R for Windows 2.15.3 (HKLM\...\R for Windows 2.15.3_is1) (Version: 2.15.3 - R Core Team)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Scan Assistant (HKLM-x32\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.013 - Samsung Electronics Co., Ltd.)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Secure Download Manager (HKLM-x32\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - Samsung Electronics Co., Ltd.)
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strawberry Perl (64-bit) (HKLM\...\{61719A5F-6C9C-1014-8F19-DDB236F7176A}) (Version: 5.18.1001 - strawberryperl.com project)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
TortoiseSVN 1.7.6.22632 (64 bit) (HKLM\...\{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}) (Version: 1.7.22632 - TortoiseSVN)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (HKLM-x32\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB972221) (Version: 1 - Microsoft Corporation)
Update for Microsoft Visual Studio Web Authoring Component (KB945140) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{F9DE79A2-9049-4589-9787-815147371581}) (Version: - Microsoft)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual Assist X (HKLM-x32\...\Visual Assist X) (Version: - )
Visual C++ 2008 IA64 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM-x32\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148) (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Visual C++ 2008 x64 Runtime - (v9.0.30729.6161) (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Hidden
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM-x32\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM-x32\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148) (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729.6161) (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM-x32\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM-x32\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.30729 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wartung Samsung CLX-3180 Series (HKLM-x32\...\Samsung CLX-3180 Series) (Version: - Samsung Electronics Co., Ltd.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.5 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.4 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
==================== Restore Points =========================
25-03-2014 09:16:56 Windows Update
28-03-2014 11:41:47 Windows Update
01-04-2014 11:14:53 Windows Update
04-04-2014 16:50:06 Windows Update
08-04-2014 08:10:14 Windows Update
08-04-2014 16:58:03 Installed Windows Phone app for desktop
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {13E94410-A5E3-427E-9C31-5CFCF92637D0} - System32\Tasks\{72D62FCB-5803-49CC-B3F7-A11C63D6F04C} => C:\Users\m4dguy\Desktop\UT2004_installed\System\Setup.exe
Task: {1C508EA7-F823-48C9-8EA8-690F1C80712A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {223618B8-C39A-40EF-AF25-AB5C2000B879} - System32\Tasks\{BFCA9E93-63F5-4911-8641-4CD8DB875344} => C:\Users\m4dguy\Desktop\Typing of the Dead\Tod_e.exe
Task: {443DE312-6DD8-43A8-A763-34F535FCC7E1} - System32\Tasks\{EE9EF005-C8D8-4CF6-BBC4-BB619F028DBC} => C:\Users\m4dguy\Desktop\Typing of the Dead\Tod_e.exe
Task: {4E270FE0-88B4-406D-B6D3-8C8A459A72F0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {8F5DED23-1A0A-46E6-817C-B4271E8FA9FA} - System32\Tasks\{0EE48E0C-C70C-49FA-9E00-C3DB60F94330} => C:\Users\m4dguy\Desktop\tmp\Xpadder5-3\Xpadder.exe [2009-03-21] ()
Task: {A40A9D5F-2E4E-45CC-8A65-8C6975400A89} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {A413D865-6555-4290-AB4B-AD0FE9E2305C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {ADB25F11-2CAF-41F9-9A30-7B5FB9496650} - System32\Tasks\{D2B5EBB8-C1F7-4F39-99EC-8E238A2DBE0B} => E:\Programme\Xpadder5-3\Xpadder.exe
Task: {B8812AEF-A834-45B0-83AC-34587FC7BFF0} - System32\Tasks\{FB4E6095-4388-4317-8CD4-DAAC0C5F679A} => Firefox.exe hxxp://ui.skype.com/ui/0/5.6.59.110/de/abandoninstall?source=lightinstaller&page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {BE34B1F3-3F1C-481B-BC65-9235A271D65E} - System32\Tasks\{403890C9-8D69-4F0C-AC20-B88A3CE0C12C} => C:\Users\m4dguy\Desktop\WindowsXPInstalled\WindowsXPInstalled.exe
Task: {C1E406FE-7961-44C9-9F05-FE36D3C7599B} - System32\Tasks\{B1D910A1-EE3D-4954-99F7-1C54F7DA1754} => C:\Users\m4dguy\Desktop\msdos\v11object\EXE2BIN.EXE
Task: {C7FE56B9-A5A6-4EDB-8354-0E55BB48F8CA} - System32\Tasks\{D1F67187-D06E-4AF6-B71B-2642A29D9885} => C:\Users\m4dguy\Desktop\msdos\v11object\EXE2BIN.EXE
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2009-01-21 18:45 - 2009-01-21 18:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2011-12-16 22:50 - 2009-08-27 11:25 - 00027648 _____ () C:\windows\System32\sst2cl6.dll
2012-02-02 15:32 - 2012-02-02 15:32 - 00018432 _____ () C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
2011-12-15 14:48 - 2011-12-15 14:48 - 00040960 _____ () C:\Users\m4dguy\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2012-03-08 20:45 - 2012-03-08 20:45 - 00088856 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2013-04-29 14:26 - 2013-02-01 10:27 - 00718322 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2011-04-15 07:28 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 05:20 - 2011-11-30 07:56 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 05:20 - 2011-11-30 07:56 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00934400 _____ () C:\Codeblocks\codeblocks.exe
2011-12-15 14:52 - 2011-10-17 10:36 - 00191488 _____ () C:\Program Files\Earlybird\NSLDAP32V60.dll
2011-12-15 14:52 - 2011-10-17 10:36 - 00018432 _____ () C:\Program Files\Earlybird\NSLDAPPR32V60.dll
2013-04-08 22:40 - 2013-04-08 21:24 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00582656 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00143096 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00535264 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00219305 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00055808 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00482872 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00095189 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
2011-12-15 01:48 - 2011-12-15 01:48 - 01213633 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00014574 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00007899 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00019058 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00010860 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00008793 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00013528 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00007511 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00012665 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00012177 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00010232 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00256017 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00073584 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00184224 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00011163 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00079922 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00301681 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00121476 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00088548 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00092138 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00096443 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2011-12-15 01:48 - 2011-12-15 01:48 - 00173805 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00149384 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2011-12-15 01:48 - 2011-12-15 01:48 - 02719062 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2011-12-15 01:48 - 2011-12-15 01:48 - 01206642 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00045348 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00017519 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00338072 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00018502 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00194434 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00014951 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00039509 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00014905 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00009126 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00022335 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00011669 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2012-09-09 15:17 - 2012-09-09 15:17 - 00472576 _____ () C:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00023390 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00010026 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00010075 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00010203 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00063229 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00019854 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00007162 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00010624 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00024487 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00024106 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00013589 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00017951 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00022901 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00023455 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00030333 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2011-12-15 01:50 - 2011-12-15 01:50 - 00036068 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2011-12-15 01:48 - 2011-12-15 01:48 - 00417501 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2012-02-14 16:35 - 2012-02-14 16:35 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2012-04-24 04:26 - 2012-04-24 04:26 - 00032768 _____ () C:\Program Files (x86)\AMD\CodeAnalyst\bin\1033\AMD CA ToolUI.dll
2012-04-24 04:26 - 2012-04-24 04:26 - 00532480 _____ () C:\Program Files (x86)\AMD\CodeAnalyst\bin\libOclt.dll
2012-04-24 04:25 - 2012-04-24 04:25 - 01233408 _____ () C:\Program Files (x86)\AMD\CodeAnalyst\bin\QtCore4.dll
2012-04-24 04:25 - 2012-04-24 04:25 - 04873728 _____ () C:\Program Files (x86)\AMD\CodeAnalyst\bin\QtGui4.dll
2012-04-24 04:25 - 2012-04-24 04:25 - 00260096 _____ () C:\Program Files (x86)\AMD\CodeAnalyst\bin\QtXml4.dll
2012-04-24 04:26 - 2012-04-24 04:26 - 00089600 _____ () C:\Program Files (x86)\AMD\CodeAnalyst\bin\CSSQuery.dll
2012-03-08 20:11 - 2012-03-08 20:11 - 00070424 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 04833280 _____ () C:\Codeblocks\codeblocks.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00418304 _____ () C:\Codeblocks\exchndl.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00114688 _____ () C:\Codeblocks\share\codeblocks\plugins\abbreviations.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00734208 _____ () C:\Codeblocks\share\codeblocks\plugins\astyle.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00095232 _____ () C:\Codeblocks\share\codeblocks\plugins\autosave.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00289792 _____ () C:\Codeblocks\share\codeblocks\plugins\AutoVersioning.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00266752 _____ () C:\Codeblocks\share\codeblocks\plugins\BrowseTracker.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00187904 _____ () C:\Codeblocks\share\codeblocks\plugins\byogames.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00115712 _____ () C:\Codeblocks\share\codeblocks\plugins\cb_koders.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00074240 _____ () C:\Codeblocks\share\codeblocks\plugins\Cccc.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00162816 _____ () C:\Codeblocks\share\codeblocks\plugins\classwizard.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00987136 _____ () C:\Codeblocks\share\codeblocks\plugins\codecompletion.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 01324032 _____ () C:\Codeblocks\share\codeblocks\plugins\codesnippets.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00120832 _____ () C:\Codeblocks\share\codeblocks\plugins\codestat.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 01671168 _____ () C:\Codeblocks\share\codeblocks\plugins\compiler.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00098816 _____ () C:\Codeblocks\share\codeblocks\plugins\copystrings.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00092672 _____ () C:\Codeblocks\share\codeblocks\plugins\CppCheck.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00151040 _____ () C:\Codeblocks\share\codeblocks\plugins\Cscope.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00578048 _____ () C:\Codeblocks\share\codeblocks\plugins\debugger.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00124416 _____ () C:\Codeblocks\share\codeblocks\plugins\defaultmimehandler.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00247808 _____ () C:\Codeblocks\share\codeblocks\plugins\devpakupdater.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00393728 _____ () C:\Codeblocks\share\codeblocks\plugins\DoxyBlocks.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00151040 _____ () C:\Codeblocks\share\codeblocks\plugins\DragScroll.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00143360 _____ () C:\Codeblocks\share\codeblocks\plugins\EditorTweaks.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00169984 _____ () C:\Codeblocks\share\codeblocks\plugins\envvars.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 02263040 _____ () C:\Codeblocks\share\codeblocks\plugins\Exporter.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00707072 _____ () C:\Codeblocks\share\codeblocks\plugins\FileManager.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00855552 _____ () C:\Codeblocks\share\codeblocks\plugins\headerfixup.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00905216 _____ () C:\Codeblocks\share\codeblocks\plugins\help_plugin.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00894976 _____ () C:\Codeblocks\share\codeblocks\plugins\HexEditor.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00118784 _____ () C:\Codeblocks\share\codeblocks\plugins\IncrementalSearch.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00233984 _____ () C:\Codeblocks\share\codeblocks\plugins\keybinder.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00449024 _____ () C:\Codeblocks\share\codeblocks\plugins\lib_finder.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00374272 _____ () C:\Codeblocks\wxflatnotebook.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00081920 _____ () C:\Codeblocks\share\codeblocks\plugins\MouseSap.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00969728 _____ () C:\Codeblocks\share\codeblocks\plugins\NassiShneiderman.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00084992 _____ () C:\Codeblocks\share\codeblocks\plugins\openfileslist.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00142848 _____ () C:\Codeblocks\share\codeblocks\plugins\Profiler.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00209920 _____ () C:\Codeblocks\share\codeblocks\plugins\projectsimporter.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00121344 _____ () C:\Codeblocks\share\codeblocks\plugins\RegExTestbed.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00118272 _____ () C:\Codeblocks\share\codeblocks\plugins\ReopenEditor.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00336896 _____ () C:\Codeblocks\share\codeblocks\plugins\scriptedwizard.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00644608 _____ () C:\Codeblocks\share\codeblocks\plugins\SpellChecker.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00138752 _____ () C:\Codeblocks\share\codeblocks\plugins\SymTab.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00314368 _____ () C:\Codeblocks\share\codeblocks\plugins\ThreadSearch.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00091136 _____ () C:\Codeblocks\wxcustombutton.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00205824 _____ () C:\Codeblocks\share\codeblocks\plugins\todo.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00267776 _____ () C:\Codeblocks\share\codeblocks\plugins\ToolsPlus.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00066048 _____ () C:\Codeblocks\share\codeblocks\plugins\wxsmith.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 02582016 _____ () C:\Codeblocks\wxsmithlib.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00671232 _____ () C:\Codeblocks\wxpropgrid.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00358400 _____ () C:\Codeblocks\share\codeblocks\plugins\wxSmithAui.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00195072 _____ () C:\Codeblocks\share\codeblocks\plugins\wxSmithContribItems.dll
2011-12-16 23:06 - 2011-10-30 08:27 - 00189440 _____ () C:\Codeblocks\wxchartctrl.dll
2011-12-16 23:06 - 2011-10-30 08:28 - 00073216 _____ () C:\Codeblocks\share\codeblocks\plugins\xpmanifest.dll
2014-03-19 12:37 - 2014-03-19 12:38 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 15:47 - 2014-03-12 15:47 - 16276872 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/09/2014 10:52:27 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (04/09/2014 10:52:27 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (04/09/2014 10:52:27 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (04/09/2014 10:48:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/09/2014 10:47:15 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
Error: (04/09/2014 10:47:15 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.
Error: (04/09/2014 00:37:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (04/08/2014 06:58:08 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (04/08/2014 06:58:08 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (04/08/2014 06:58:08 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (04/09/2014 10:47:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/09/2014 10:47:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (04/09/2014 10:47:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/09/2014 10:47:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (04/09/2014 10:47:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/08/2014 06:53:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/08/2014 06:53:09 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SearchAnonymizer erreicht.
Error: (04/08/2014 06:52:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/08/2014 06:52:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (04/08/2014 06:52:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (04/09/2014 10:52:27 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (04/09/2014 10:52:27 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (04/09/2014 10:52:27 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (04/09/2014 10:48:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/09/2014 10:47:15 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: -1
Error: (04/09/2014 10:47:15 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description:
Error: (04/09/2014 00:37:25 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.3\Tcl\bin64\tk85.dllc:\program files\R\r-2.15.3\Tcl\bin64\tk85.dll9
Error: (04/08/2014 06:58:08 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (04/08/2014 06:58:08 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (04/08/2014 06:58:08 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 4010.14 MB
Available physical RAM: 1510.91 MB
Total Pagefile: 8018.46 MB
Available Pagefile: 4606.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:421.81 GB) (Free:315.87 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 43ED0BCF)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
==================== End Of Log ============================
Vermutlich wäre es besser Avira zu entfernen, da es ohnehin nur Systembremse und Snake Oil ist. Gibt es noch Anmerkungen eurerseits? |
|
09.04.2014, 14:44
| #4 | |
| | TR/Crypt.XPACK.Gen2 entfernen? Hast nur etwas Adware. Zitat:
Schritt 1 Klicke bitte auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Hier kannst du nun folgende Programm deinstallieren.
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 ESET Online Scanner
Schritt 5 Starte noch einmal FRST.
Hast du nun irgendwelche Probleme? |
|
10.04.2014, 11:14
| #5 |
| | TR/Crypt.XPACK.Gen2 entfernen? Entschuldigung wegen der Verspätung. die Scans haben viel Zeit in Anspruch genommen. Soweit gab es keine Funde. Die Logs... AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 09/04/2014 um 19:10:03
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : m4dguy - M4DGUY-PC
# Gestartet von : C:\Users\m4dguy\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\m4dguy\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\m4dguy\AppData\Roaming\OCS
Datei Gelöscht : C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_warning-forever_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_warning-forever_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2084 octets] - [09/04/2014 19:06:42]
AdwCleaner[S0].txt - [1963 octets] - [09/04/2014 19:10:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2023 octets] ##########
mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.04.2014 Suchlauf-Zeit: 20:20:58 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.09.07 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: m4dguy Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 280079 Verstrichene Zeit: 47 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0678bc76d7b93a4dbe5daba789bd0682
# engine=17817
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-09 11:02:35
# local_time=2014-04-10 01:02:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 139863 148714405 0 0
# scanned=519967
# found=0
# cleaned=0
# scan_time=15599
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by m4dguy (administrator) on M4DGUY-PC on 10-04-2014 12:09:40
Running from C:\Users\m4dguy\Desktop\Progamme
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Advanced Micro Devices) C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Alcor) C:\windows\WebCam\S6000\S6000Mnt.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-11-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-30] (Lenovo)
HKLM-x32\...\Run: [S6000Mnt] - C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://easy.box/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: ReminderFox - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.96.7.100 134.96.7.5 134.96.7.99
FireFox:
========
FF ProfilePath: C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Disconnect - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\2.0@disconnect.me.xpi [2013-07-15]
FF Extension: Ghostery - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: Grooveshark Unlocker - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-12-14]
FF Extension: Beef Taco (Targeted Advertising Cookie Opt-Out) - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\john@velvetcache.org.xpi [2011-12-15]
FF Extension: NoScript - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-15]
FF Extension: Adblock Plus - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-15]
FF Extension: DownThemAll! - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-22]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-11-30]
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-04-07] (Emsisoft GmbH)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 CALoadService; C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe [66048 2012-04-24] (Advanced Micro Devices)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 ReminderFoxUpdater; C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe [18432 2012-02-02] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-04-07] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 CAPROF; C:\windows\system32\drivers\CAPROF.sys [61648 2012-04-24] (Advanced Micro Devices)
R3 CAUTILITY; C:\windows\system32\drivers\CAUTILITY.sys [16080 2012-04-24] (Advanced Micro Devices)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-22] (DT Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
R2 SSPORT; C:\windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-12] (Samsung Electronics)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-10 12:09 - 2014-04-10 01:02 - 00000654 _____ () C:\Users\m4dguy\Desktop\eset.txt
2014-04-10 12:07 - 2014-04-10 12:08 - 00000000 ____D () C:\Users\m4dguy\Desktop\bafög
2014-04-10 10:36 - 2014-04-10 10:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\CellDetect
2014-04-09 20:40 - 2014-04-09 20:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 20:39 - 2014-04-09 20:39 - 00001148 _____ () C:\Users\m4dguy\Desktop\mbam.txt
2014-04-09 19:15 - 2014-04-09 19:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-09 19:15 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-09 19:15 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-09 19:15 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-09 19:12 - 2014-04-09 19:12 - 00002103 _____ () C:\Users\m4dguy\Desktop\AdwCleaner[S0].txt
2014-04-09 19:06 - 2014-04-09 19:10 - 00000000 ____D () C:\AdwCleaner
2014-04-09 19:05 - 2014-04-09 19:05 - 00000000 ____D () C:\windows\system32\IO
2014-04-09 16:36 - 2014-04-09 16:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\FLTK
2014-04-09 14:36 - 2014-04-09 16:04 - 00000000 ____D () C:\FLTK
2014-04-09 13:48 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-09 13:48 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-09 13:48 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-09 13:48 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 13:48 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 13:48 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 13:48 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 13:48 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 13:48 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 13:48 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 13:48 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 13:48 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 13:48 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 13:48 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 13:48 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 13:48 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-09 12:55 - 2014-04-10 12:09 - 00000000 ____D () C:\FRST
2014-04-09 12:48 - 2014-04-09 16:27 - 00000000 ____D () C:\Users\m4dguy\Desktop\GUI
2014-04-09 12:33 - 2014-04-09 12:33 - 00000171 _____ () C:\Users\m4dguy\Desktop\thread.url
2014-04-09 12:31 - 2014-04-09 12:32 - 00000160 _____ () C:\Users\m4dguy\Desktop\Neue Internetverknüpfung.url
2014-04-09 11:28 - 2014-04-09 11:28 - 00602112 _____ (OldTimer Tools) C:\Users\m4dguy\Desktop\OTL.exe
2014-04-08 18:58 - 2014-04-08 18:59 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\ProgramData\Applications
2014-04-08 18:54 - 2014-04-08 18:54 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-04-08 15:27 - 2014-04-08 15:27 - 00009943 _____ () C:\Users\m4dguy\Desktop\distance.c
2014-04-08 15:21 - 2014-04-08 15:24 - 00000000 ____D () C:\Users\m4dguy\Desktop\DIC
2014-04-07 20:36 - 2014-04-09 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 19:44 - 2014-04-07 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\EurekaLab s.a.s
2014-04-07 18:00 - 2014-04-07 18:26 - 00000000 ____D () C:\Users\m4dguy\Desktop\results
2014-04-07 16:58 - 2014-04-10 10:36 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\Users\m4dguy\Documents\Anti-Malware
2014-04-06 14:04 - 2014-04-06 14:06 - 00000000 ____D () C:\Users\m4dguy\Desktop\ex
2014-04-04 11:58 - 2014-04-04 11:59 - 00000000 ____D () C:\Users\m4dguy\Desktop\muenster
2014-04-02 12:13 - 2014-04-04 12:30 - 00000267 _____ () C:\Users\m4dguy\Desktop\quotes.txt
2014-04-01 18:26 - 2014-04-01 18:26 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\DropboxMaster
2014-03-31 11:07 - 2014-04-09 19:00 - 00001512 _____ () C:\windows\PFRO.log
2014-03-30 15:06 - 2014-04-10 10:34 - 00002667 _____ () C:\windows\setupact.log
2014-03-30 15:06 - 2014-03-30 15:06 - 00000000 _____ () C:\windows\setuperr.log
2014-03-30 12:51 - 2014-03-30 12:51 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-03-26 19:59 - 2014-03-26 19:59 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\Skype
2014-03-26 19:58 - 2014-03-26 19:58 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-26 19:58 - 2014-03-26 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-26 11:34 - 2014-03-26 11:34 - 00002972 _____ () C:\windows\System32\Tasks\{D1F67187-D06E-4AF6-B71B-2642A29D9885}
2014-03-26 11:33 - 2014-03-26 11:33 - 00002972 _____ () C:\windows\System32\Tasks\{B1D910A1-EE3D-4954-99F7-1C54F7DA1754}
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2014-03-19 12:37 - 2014-03-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-15 15:22 - 2014-03-15 15:24 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\PearlMountain Image Converter
2014-03-13 23:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 23:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 23:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 23:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 23:26 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 23:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 23:26 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 23:26 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 23:26 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 23:26 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 23:26 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 23:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 23:26 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 23:26 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 23:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 23:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 23:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 23:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 23:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 23:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 23:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 23:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 23:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 23:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 23:26 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 23:26 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 23:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 23:26 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 23:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 23:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 23:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 23:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 23:26 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 23:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 23:26 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 23:26 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 23:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 23:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 23:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 23:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 23:25 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 23:25 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 23:25 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 23:25 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 20:12 - 2014-03-11 20:12 - 00000000 ____D () C:\Program Files\CloudCompare
==================== One Month Modified Files and Folders =======
2014-04-10 12:09 - 2014-04-09 12:55 - 00000000 ____D () C:\FRST
2014-04-10 12:09 - 2011-12-15 14:53 - 00000000 ___RD () C:\Users\m4dguy\Desktop\Progamme
2014-04-10 12:08 - 2014-04-10 12:07 - 00000000 ____D () C:\Users\m4dguy\Desktop\bafög
2014-04-10 12:04 - 2012-07-03 21:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 10:50 - 2013-04-06 09:23 - 02017218 _____ () C:\windows\WindowsUpdate.log
2014-04-10 10:42 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 10:42 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 10:40 - 2011-11-18 21:55 - 17807548 _____ () C:\windows\system32\perfh007.dat
2014-04-10 10:40 - 2011-11-18 21:55 - 05714174 _____ () C:\windows\system32\perfc007.dat
2014-04-10 10:40 - 2009-07-14 07:13 - 00006514 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-10 10:36 - 2014-04-10 10:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\CellDetect
2014-04-10 10:36 - 2014-04-07 16:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-10 10:35 - 2012-04-17 15:31 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\TSVNCache
2014-04-10 10:35 - 2011-11-30 07:59 - 00553225 _____ () C:\windows\system32\fastboot.set
2014-04-10 10:34 - 2014-03-30 15:06 - 00002667 _____ () C:\windows\setupact.log
2014-04-10 10:34 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-10 01:02 - 2014-04-10 12:09 - 00000654 _____ () C:\Users\m4dguy\Desktop\eset.txt
2014-04-10 00:26 - 2011-12-17 20:10 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\.purple
2014-04-10 00:26 - 2011-12-15 19:05 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Skype
2014-04-09 20:40 - 2014-04-09 20:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 20:39 - 2014-04-09 20:39 - 00001148 _____ () C:\Users\m4dguy\Desktop\mbam.txt
2014-04-09 19:33 - 2014-04-07 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 19:15 - 2014-04-09 19:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-09 19:12 - 2014-04-09 19:12 - 00002103 _____ () C:\Users\m4dguy\Desktop\AdwCleaner[S0].txt
2014-04-09 19:10 - 2014-04-09 19:06 - 00000000 ____D () C:\AdwCleaner
2014-04-09 19:05 - 2014-04-09 19:05 - 00000000 ____D () C:\windows\system32\IO
2014-04-09 19:00 - 2014-03-31 11:07 - 00001512 _____ () C:\windows\PFRO.log
2014-04-09 17:03 - 2013-07-13 22:44 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 17:03 - 2011-12-15 14:53 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 16:36 - 2014-04-09 16:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\FLTK
2014-04-09 16:27 - 2014-04-09 12:48 - 00000000 ____D () C:\Users\m4dguy\Desktop\GUI
2014-04-09 16:27 - 2011-12-16 23:07 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\CodeBlocks
2014-04-09 16:04 - 2014-04-09 14:36 - 00000000 ____D () C:\FLTK
2014-04-09 12:33 - 2014-04-09 12:33 - 00000171 _____ () C:\Users\m4dguy\Desktop\thread.url
2014-04-09 12:32 - 2014-04-09 12:31 - 00000160 _____ () C:\Users\m4dguy\Desktop\Neue Internetverknüpfung.url
2014-04-09 11:38 - 2012-04-25 18:42 - 00000000 ____D () C:\Users\m4dguy\Documents\Visual Studio 2008
2014-04-09 11:28 - 2014-04-09 11:28 - 00602112 _____ (OldTimer Tools) C:\Users\m4dguy\Desktop\OTL.exe
2014-04-09 11:04 - 2011-12-17 20:06 - 00000000 ____D () C:\Users\m4dguy\Desktop\Projekte
2014-04-08 18:59 - 2014-04-08 18:58 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\ProgramData\Applications
2014-04-08 18:54 - 2014-04-08 18:54 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-04-08 15:27 - 2014-04-08 15:27 - 00009943 _____ () C:\Users\m4dguy\Desktop\distance.c
2014-04-08 15:24 - 2014-04-08 15:21 - 00000000 ____D () C:\Users\m4dguy\Desktop\DIC
2014-04-07 19:45 - 2012-06-18 19:48 - 00000000 ___RD () C:\Users\m4dguy\Dropbox
2014-04-07 19:44 - 2014-04-07 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\EurekaLab s.a.s
2014-04-07 19:16 - 2011-12-15 20:15 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Dropbox
2014-04-07 18:26 - 2014-04-07 18:00 - 00000000 ____D () C:\Users\m4dguy\Desktop\results
2014-04-07 17:57 - 2013-08-14 15:07 - 00000000 ____D () C:\Users\m4dguy\Desktop\Master
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\Users\m4dguy\Documents\Anti-Malware
2014-04-07 12:31 - 2011-12-26 13:21 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\vlc
2014-04-06 22:53 - 2011-12-15 20:23 - 00000000 ____D () C:\Users\m4dguy\Desktop\tmp
2014-04-06 14:06 - 2014-04-06 14:04 - 00000000 ____D () C:\Users\m4dguy\Desktop\ex
2014-04-04 12:30 - 2014-04-02 12:13 - 00000267 _____ () C:\Users\m4dguy\Desktop\quotes.txt
2014-04-04 12:28 - 2013-12-16 18:40 - 00000520 _____ () C:\Users\m4dguy\Desktop\en.dct
2014-04-04 11:59 - 2014-04-04 11:58 - 00000000 ____D () C:\Users\m4dguy\Desktop\muenster
2014-04-04 11:57 - 2014-02-16 22:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\adt-bundle-windows-x86_64-20131030
2014-04-03 09:51 - 2014-04-09 19:15 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-09 19:15 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-09 19:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-01 18:26 - 2014-04-01 18:26 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\DropboxMaster
2014-04-01 18:26 - 2011-12-15 20:16 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-31 22:37 - 2013-11-21 11:45 - 00000000 ____D () C:\Users\m4dguy\Desktop\eBay
2014-03-31 14:09 - 2011-12-15 21:18 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Notepad++
2014-03-31 03:16 - 2014-04-09 13:48 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 13:48 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 13:48 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 13:48 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-30 15:06 - 2014-03-30 15:06 - 00000000 _____ () C:\windows\setuperr.log
2014-03-30 12:54 - 2013-06-03 12:30 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\inkscape
2014-03-30 12:54 - 2011-12-14 18:51 - 00000000 ____D () C:\Users\m4dguy
2014-03-30 12:51 - 2014-03-30 12:51 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-03-30 12:51 - 2011-12-15 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-26 19:59 - 2014-03-26 19:59 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\Skype
2014-03-26 19:59 - 2011-12-15 19:05 - 00000000 ____D () C:\ProgramData\Skype
2014-03-26 19:58 - 2014-03-26 19:58 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-26 19:58 - 2014-03-26 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-26 11:34 - 2014-03-26 11:34 - 00002972 _____ () C:\windows\System32\Tasks\{D1F67187-D06E-4AF6-B71B-2642A29D9885}
2014-03-26 11:33 - 2014-03-26 11:33 - 00002972 _____ () C:\windows\System32\Tasks\{B1D910A1-EE3D-4954-99F7-1C54F7DA1754}
2014-03-25 17:34 - 2011-12-21 13:40 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2014-03-21 14:55 - 2011-12-15 21:10 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-03-21 14:23 - 2011-12-19 18:14 - 00000000 ____D () C:\Users\m4dguy\.thumbnails
2014-03-19 18:42 - 2012-05-03 21:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 12:38 - 2014-03-19 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-16 01:25 - 2011-12-15 20:56 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\uTorrent
2014-03-16 01:25 - 2011-12-15 20:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-15 15:24 - 2014-03-15 15:22 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\PearlMountain Image Converter
2014-03-15 13:11 - 2011-12-15 19:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-14 16:46 - 2009-07-14 06:45 - 00317872 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 16:45 - 2013-03-13 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 16:45 - 2013-03-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:03 - 2011-12-15 19:06 - 00000000 ____D () C:\Users\m4dguy\Documents\Youcam
2014-03-12 15:47 - 2012-07-03 21:25 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 15:47 - 2012-03-31 09:45 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:47 - 2011-12-14 19:26 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:12 - 2014-03-11 20:12 - 00000000 ____D () C:\Program Files\CloudCompare
Some content of TEMP:
====================
C:\Users\m4dguy\AppData\Local\Temp\avgnt.exe
C:\Users\m4dguy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptpswlq.dll
C:\Users\m4dguy\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 00:18
==================== End Of Log ============================
--- --- --- |
|
10.04.2014, 12:47
| #6 |
| | TR/Crypt.XPACK.Gen2 entfernen? http://www.trojaner-board.de/152253-...ml#post1282525 ---------------- Noch etwas reste. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter () C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
BHO-x32: ReminderFox - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch)
R2 ReminderFoxUpdater; C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe [18432 2012-02-02] ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
|
|
10.04.2014, 12:56
| #7 |
| | TR/Crypt.XPACK.Gen2 entfernen? Ist erledigt. Das resultierende Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by m4dguy (administrator) on M4DGUY-PC on 10-04-2014 13:53:30
Running from C:\Users\m4dguy\Desktop\Progamme
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Advanced Micro Devices) C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Alcor) C:\windows\WebCam\S6000\S6000Mnt.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Mozilla Messaging) C:\Program Files\Earlybird\thunderbird.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-11-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-30] (Lenovo)
HKLM-x32\...\Run: [S6000Mnt] - C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://easy.box/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.96.7.100 134.96.7.5 134.96.7.99
FireFox:
========
FF ProfilePath: C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Disconnect - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\2.0@disconnect.me.xpi [2013-07-15]
FF Extension: Ghostery - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: Grooveshark Unlocker - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-12-14]
FF Extension: Beef Taco (Targeted Advertising Cookie Opt-Out) - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\john@velvetcache.org.xpi [2011-12-15]
FF Extension: NoScript - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-15]
FF Extension: Adblock Plus - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-15]
FF Extension: DownThemAll! - C:\Users\m4dguy\AppData\Roaming\Mozilla\Firefox\Profiles\1gg30ooq.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-22]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-11-30]
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-04-07] (Emsisoft GmbH)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 CALoadService; C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe [66048 2012-04-24] (Advanced Micro Devices)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-04-07] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 CAPROF; C:\windows\system32\drivers\CAPROF.sys [61648 2012-04-24] (Advanced Micro Devices)
R3 CAUTILITY; C:\windows\system32\drivers\CAUTILITY.sys [16080 2012-04-24] (Advanced Micro Devices)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-22] (DT Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 SSPORT; C:\windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-12] (Samsung Electronics)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-10 12:07 - 2014-04-10 12:08 - 00000000 ____D () C:\Users\m4dguy\Desktop\bafög
2014-04-10 10:36 - 2014-04-10 10:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\CellDetect
2014-04-09 20:40 - 2014-04-09 20:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 19:15 - 2014-04-09 19:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-09 19:15 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-09 19:15 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-09 19:15 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-09 19:06 - 2014-04-09 19:10 - 00000000 ____D () C:\AdwCleaner
2014-04-09 19:05 - 2014-04-09 19:05 - 00000000 ____D () C:\windows\system32\IO
2014-04-09 16:36 - 2014-04-09 16:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\FLTK
2014-04-09 14:36 - 2014-04-09 16:04 - 00000000 ____D () C:\FLTK
2014-04-09 13:48 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-09 13:48 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-09 13:48 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-09 13:48 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 13:48 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 13:48 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 13:48 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 13:48 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 13:48 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 13:48 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 13:48 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 13:48 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 13:48 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 13:48 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 13:48 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 13:48 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 13:48 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-09 12:55 - 2014-04-10 13:53 - 00000000 ____D () C:\FRST
2014-04-09 12:48 - 2014-04-09 16:27 - 00000000 ____D () C:\Users\m4dguy\Desktop\GUI
2014-04-09 12:33 - 2014-04-09 12:33 - 00000171 _____ () C:\Users\m4dguy\Desktop\thread.url
2014-04-09 12:31 - 2014-04-09 12:32 - 00000160 _____ () C:\Users\m4dguy\Desktop\Neue Internetverknüpfung.url
2014-04-09 11:28 - 2014-04-09 11:28 - 00602112 _____ (OldTimer Tools) C:\Users\m4dguy\Desktop\OTL.exe
2014-04-08 18:58 - 2014-04-08 18:59 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\ProgramData\Applications
2014-04-08 18:54 - 2014-04-08 18:54 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-04-08 15:27 - 2014-04-08 15:27 - 00009943 _____ () C:\Users\m4dguy\Desktop\distance.c
2014-04-08 15:21 - 2014-04-08 15:24 - 00000000 ____D () C:\Users\m4dguy\Desktop\DIC
2014-04-07 20:36 - 2014-04-09 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 19:44 - 2014-04-07 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\EurekaLab s.a.s
2014-04-07 18:00 - 2014-04-07 18:26 - 00000000 ____D () C:\Users\m4dguy\Desktop\results
2014-04-07 16:58 - 2014-04-10 10:36 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\Users\m4dguy\Documents\Anti-Malware
2014-04-06 14:04 - 2014-04-06 14:06 - 00000000 ____D () C:\Users\m4dguy\Desktop\ex
2014-04-04 11:58 - 2014-04-04 11:59 - 00000000 ____D () C:\Users\m4dguy\Desktop\muenster
2014-04-02 12:13 - 2014-04-04 12:30 - 00000267 _____ () C:\Users\m4dguy\Desktop\quotes.txt
2014-04-01 18:26 - 2014-04-01 18:26 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\DropboxMaster
2014-03-31 11:07 - 2014-04-09 19:00 - 00001512 _____ () C:\windows\PFRO.log
2014-03-30 15:06 - 2014-04-10 12:27 - 00002779 _____ () C:\windows\setupact.log
2014-03-30 15:06 - 2014-03-30 15:06 - 00000000 _____ () C:\windows\setuperr.log
2014-03-30 12:51 - 2014-03-30 12:51 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-03-26 19:59 - 2014-03-26 19:59 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\Skype
2014-03-26 19:58 - 2014-03-26 19:58 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-26 19:58 - 2014-03-26 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-26 11:34 - 2014-03-26 11:34 - 00002972 _____ () C:\windows\System32\Tasks\{D1F67187-D06E-4AF6-B71B-2642A29D9885}
2014-03-26 11:33 - 2014-03-26 11:33 - 00002972 _____ () C:\windows\System32\Tasks\{B1D910A1-EE3D-4954-99F7-1C54F7DA1754}
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2014-03-19 12:37 - 2014-03-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-15 15:22 - 2014-03-15 15:24 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\PearlMountain Image Converter
2014-03-13 23:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 23:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 23:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 23:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 23:26 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 23:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 23:26 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 23:26 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 23:26 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 23:26 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 23:26 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 23:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 23:26 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 23:26 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 23:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 23:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 23:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 23:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 23:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 23:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 23:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 23:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 23:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 23:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 23:26 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 23:26 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 23:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 23:26 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 23:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 23:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 23:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 23:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 23:26 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 23:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 23:26 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 23:26 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 23:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 23:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 23:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 23:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 23:25 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 23:25 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 23:25 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 23:25 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 20:12 - 2014-03-11 20:12 - 00000000 ____D () C:\Program Files\CloudCompare
==================== One Month Modified Files and Folders =======
2014-04-10 13:53 - 2014-04-09 12:55 - 00000000 ____D () C:\FRST
2014-04-10 13:53 - 2011-12-15 14:53 - 00000000 ___RD () C:\Users\m4dguy\Desktop\Progamme
2014-04-10 13:49 - 2011-12-17 20:10 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\.purple
2014-04-10 13:47 - 2012-07-03 21:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 13:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-10 13:07 - 2013-04-06 09:23 - 02018911 _____ () C:\windows\WindowsUpdate.log
2014-04-10 12:27 - 2014-03-30 15:06 - 00002779 _____ () C:\windows\setupact.log
2014-04-10 12:08 - 2014-04-10 12:07 - 00000000 ____D () C:\Users\m4dguy\Desktop\bafög
2014-04-10 10:42 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 10:42 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 10:40 - 2011-11-18 21:55 - 17807548 _____ () C:\windows\system32\perfh007.dat
2014-04-10 10:40 - 2011-11-18 21:55 - 05714174 _____ () C:\windows\system32\perfc007.dat
2014-04-10 10:40 - 2009-07-14 07:13 - 00006514 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-10 10:36 - 2014-04-10 10:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\CellDetect
2014-04-10 10:36 - 2014-04-07 16:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-10 10:35 - 2012-04-17 15:31 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\TSVNCache
2014-04-10 10:35 - 2011-11-30 07:59 - 00553225 _____ () C:\windows\system32\fastboot.set
2014-04-10 10:34 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-10 00:26 - 2011-12-15 19:05 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Skype
2014-04-09 20:40 - 2014-04-09 20:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 19:33 - 2014-04-07 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 19:15 - 2014-04-09 19:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-09 19:10 - 2014-04-09 19:06 - 00000000 ____D () C:\AdwCleaner
2014-04-09 19:05 - 2014-04-09 19:05 - 00000000 ____D () C:\windows\system32\IO
2014-04-09 19:00 - 2014-03-31 11:07 - 00001512 _____ () C:\windows\PFRO.log
2014-04-09 17:06 - 2013-07-13 22:44 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 17:03 - 2011-12-15 14:53 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 16:36 - 2014-04-09 16:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\FLTK
2014-04-09 16:27 - 2014-04-09 12:48 - 00000000 ____D () C:\Users\m4dguy\Desktop\GUI
2014-04-09 16:27 - 2011-12-16 23:07 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\CodeBlocks
2014-04-09 16:04 - 2014-04-09 14:36 - 00000000 ____D () C:\FLTK
2014-04-09 12:33 - 2014-04-09 12:33 - 00000171 _____ () C:\Users\m4dguy\Desktop\thread.url
2014-04-09 12:32 - 2014-04-09 12:31 - 00000160 _____ () C:\Users\m4dguy\Desktop\Neue Internetverknüpfung.url
2014-04-09 11:38 - 2012-04-25 18:42 - 00000000 ____D () C:\Users\m4dguy\Documents\Visual Studio 2008
2014-04-09 11:28 - 2014-04-09 11:28 - 00602112 _____ (OldTimer Tools) C:\Users\m4dguy\Desktop\OTL.exe
2014-04-09 11:04 - 2011-12-17 20:06 - 00000000 ____D () C:\Users\m4dguy\Desktop\Projekte
2014-04-08 18:59 - 2014-04-08 18:58 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-04-08 18:57 - 2014-04-08 18:57 - 00000000 ____D () C:\ProgramData\Applications
2014-04-08 18:54 - 2014-04-08 18:54 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-04-08 15:27 - 2014-04-08 15:27 - 00009943 _____ () C:\Users\m4dguy\Desktop\distance.c
2014-04-08 15:24 - 2014-04-08 15:21 - 00000000 ____D () C:\Users\m4dguy\Desktop\DIC
2014-04-07 19:45 - 2012-06-18 19:48 - 00000000 ___RD () C:\Users\m4dguy\Dropbox
2014-04-07 19:44 - 2014-04-07 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\EurekaLab s.a.s
2014-04-07 19:16 - 2011-12-15 20:15 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Dropbox
2014-04-07 18:26 - 2014-04-07 18:00 - 00000000 ____D () C:\Users\m4dguy\Desktop\results
2014-04-07 17:57 - 2013-08-14 15:07 - 00000000 ____D () C:\Users\m4dguy\Desktop\Master
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\Users\m4dguy\Documents\Anti-Malware
2014-04-07 12:31 - 2011-12-26 13:21 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\vlc
2014-04-06 22:53 - 2011-12-15 20:23 - 00000000 ____D () C:\Users\m4dguy\Desktop\tmp
2014-04-06 14:06 - 2014-04-06 14:04 - 00000000 ____D () C:\Users\m4dguy\Desktop\ex
2014-04-04 12:30 - 2014-04-02 12:13 - 00000267 _____ () C:\Users\m4dguy\Desktop\quotes.txt
2014-04-04 12:28 - 2013-12-16 18:40 - 00000520 _____ () C:\Users\m4dguy\Desktop\en.dct
2014-04-04 11:59 - 2014-04-04 11:58 - 00000000 ____D () C:\Users\m4dguy\Desktop\muenster
2014-04-04 11:57 - 2014-02-16 22:36 - 00000000 ____D () C:\Users\m4dguy\Desktop\adt-bundle-windows-x86_64-20131030
2014-04-03 09:51 - 2014-04-09 19:15 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-09 19:15 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-09 19:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-01 18:26 - 2014-04-01 18:26 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\DropboxMaster
2014-04-01 18:26 - 2011-12-15 20:16 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-31 22:37 - 2013-11-21 11:45 - 00000000 ____D () C:\Users\m4dguy\Desktop\eBay
2014-03-31 14:09 - 2011-12-15 21:18 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\Notepad++
2014-03-31 03:16 - 2014-04-09 13:48 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 13:48 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 13:48 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 13:48 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-30 15:06 - 2014-03-30 15:06 - 00000000 _____ () C:\windows\setuperr.log
2014-03-30 12:54 - 2013-06-03 12:30 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\inkscape
2014-03-30 12:54 - 2011-12-14 18:51 - 00000000 ____D () C:\Users\m4dguy
2014-03-30 12:51 - 2014-03-30 12:51 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-03-30 12:51 - 2011-12-15 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-26 19:59 - 2014-03-26 19:59 - 00000000 ____D () C:\Users\m4dguy\AppData\Local\Skype
2014-03-26 19:59 - 2011-12-15 19:05 - 00000000 ____D () C:\ProgramData\Skype
2014-03-26 19:58 - 2014-03-26 19:58 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-26 19:58 - 2014-03-26 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-26 11:34 - 2014-03-26 11:34 - 00002972 _____ () C:\windows\System32\Tasks\{D1F67187-D06E-4AF6-B71B-2642A29D9885}
2014-03-26 11:33 - 2014-03-26 11:33 - 00002972 _____ () C:\windows\System32\Tasks\{B1D910A1-EE3D-4954-99F7-1C54F7DA1754}
2014-03-25 17:34 - 2011-12-21 13:40 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2014-03-21 14:55 - 2011-12-15 21:10 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-03-21 14:23 - 2011-12-19 18:14 - 00000000 ____D () C:\Users\m4dguy\.thumbnails
2014-03-19 18:42 - 2012-05-03 21:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 12:38 - 2014-03-19 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-16 01:25 - 2011-12-15 20:56 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\uTorrent
2014-03-16 01:25 - 2011-12-15 20:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-15 15:24 - 2014-03-15 15:22 - 00000000 ____D () C:\Users\m4dguy\AppData\Roaming\PearlMountain Image Converter
2014-03-15 13:11 - 2011-12-15 19:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-14 16:46 - 2009-07-14 06:45 - 00317872 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 16:45 - 2013-03-13 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 16:45 - 2013-03-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:03 - 2011-12-15 19:06 - 00000000 ____D () C:\Users\m4dguy\Documents\Youcam
2014-03-12 15:47 - 2012-07-03 21:25 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 15:47 - 2012-03-31 09:45 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:47 - 2011-12-14 19:26 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:12 - 2014-03-11 20:12 - 00000000 ____D () C:\Program Files\CloudCompare
Some content of TEMP:
====================
C:\Users\m4dguy\AppData\Local\Temp\avgnt.exe
C:\Users\m4dguy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptpswlq.dll
C:\Users\m4dguy\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 00:18
==================== End Of Log ============================
|
|
10.04.2014, 12:57
| #8 |
| | TR/Crypt.XPACK.Gen2 entfernen? Was ist mit der Fixlog.txt aus Schritt 1? |
|
10.04.2014, 13:00
| #9 |
| | TR/Crypt.XPACK.Gen2 entfernen? Entschuldigung, habe ich vergessen zu posten: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by m4dguy at 2014-04-10 13:52:58 Run:1
Running from C:\Users\m4dguy\Desktop\Progamme
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
() C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
BHO-x32: ReminderFox - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch)
R2 ReminderFoxUpdater; C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe [18432 2012-02-02] ()
*****************
[872] C:\Users\m4dguy\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe => Process closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} => Key deleted successfully.
ReminderFoxUpdater => Service deleted successfully.
==== End of Fixlog ====
|
|
10.04.2014, 14:38
| #10 |
| | TR/Crypt.XPACK.Gen2 entfernen? Wenn du kein neues Problem hast wären wir fertig. Updates Klicke nun auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java-Versionen. Falls du Java brauchst kannst du es wieder herunter laden:
Wenn du zufrieden bist, kannst du mir hier gerne danken. Ich sehe in deinen Logs nichts gefährliches mehr. Cleanup Die Reihenfolge ist hier entscheidend.
Tipps  Welches Antiviren-Programm soll ich nehmen?Es gibt kein Antiviren-Programm, dass alle Schädlinge findet und du kannst dich nicht 100%-ig auf das Programm verlassen. Es hängt immer noch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte außerdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das das Programm die neuen Infektionen nicht finden.
Zusätzlich zu deinem Antiviren-Programm kannst du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im Gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Was sollte ich vor dem Runterladen beachten?
Sonstige Tipps
Wenn du das Trojaner-Board unterstützten willst, kannst du gerne Spenden. Ich wünsche dir noch eine schöne Zeit. |
|
| Themen zu TR/Crypt.XPACK.Gen2 entfernen? |
| avira, booten, desktop, dnsapi.dll, entfernen, home, log, lsass.exe, löschen, modul, neu, ntdll.dll, pmmupdate.exe, programm, prozesse, rundll, services.exe, software, starten, svchost.exe, temp, tr/crypt.xpack.gen, trojaner, warnung, windows, winlogon.exe, wmp, wuauclt.exe |
Linear-Darstellung
