| |
| |||||||
Log-Analyse und Auswertung: Run.dll - Module beschädigt? -VPNs funktionieren nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.04.2014, 20:01
| #1 |
| |  Run.dll - Module beschädigt? -VPNs funktionieren nicht mehr Hallo, ich habe vor kurzem einen eigenartigen Prozess im Taskmanager gefunden und beendet, hab dann mal Malwarebytes laufen lassen und alles gefundene entfernen lassen. Seitdem bekomme ich beim Start zwei Meldungen: "Run.dll nbpP wurde nicht gefunden Modul kann nicht gestartet werden" und "Run.dll C:\PROGRA~3\299219~1\fejrse1.cpp wurde nicht gefunden Modul kann nicht gestartet werden" Ob ich das genau richtig zitiere, weiß ich gerade nicht. Jedenfalls können wegen diesen Fehlern VPN-Netzwerke wie Hamachi oder Tunngle nicht mehr gestartet werden, und ich kann meine Netzwerkadapter nicht verwalten (Wenn ich es versuche, hängt es sich auf). Hier sind alle Logs, die laut Anweisungen benötigt werden : Malwarebytes log : Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/04/11 19:53:56 +0200</date>
<log>mbam-log-2014-04-11 (19-44-11).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.04.11.11</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8</osversion>
<arch>x64</arch>
<username>Laptop</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>273588</objects>
<time>576</time>
<processes>0</processes>
<modules>0</modules>
<keys>31</keys>
<values>2</values>
<datas>4</datas>
<folders>0</folders>
<files>19</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0049040.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1ef968c167148fa7f20147468281629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0049040.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1601e247324962d4c132e3aa41c2bf41</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0049040.Sandbox</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>74a3d4554a3130066093f19c3ec511ef</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0049040.Sandbox.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>4dca1c0d304ba492f8fbf895cc37b848</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>e0372603d7a4f541ddf8692fab589b65</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Torntv V7.0</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>001789a024577bbbbffbceaa976b6f91</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\AARTEMISSOFTWARE\aartemishp</path><vendor>PUP.Optional.Aartemis.A</vendor><action>success</action><hash>5abdb3761d5ead89e623205950b2a55b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0049040.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>b7609198d0ab999dbf34c2cb778ced13</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0049040.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>b6614fda66152b0b05eed6b7ec1722de</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0049040.Sandbox</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>c94e31f867149a9c3db68b02a85b6898</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0049040.Sandbox.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>f91e90990a71f24405eea6e7bd466a96</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>031452d7057644f21cb9039521e2926e</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>51c69b8ecfac181e4c165d3124df22de</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>24f3d554700bd0664757f2af748fd12f</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V7.0</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>7f9861c87605b77fde515d14dd256a96</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>df388c9d2f4c54e27955f97d758d25db</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>ae69f633d8a3e74f4ebbe4a9659e22de</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>d93e1910fd7ee05632c2c2cbc43f45bb</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>45d21e0bc6b5e94d3abcdbb260a38c74</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411901140}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411901140}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444904440}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455905540}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466906640}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455905540}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466906640}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444904440}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411901140}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110411901140}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411901140}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<key><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411901140}</path><vendor>PUP.Optional.CrossRider.M</vendor><action>success</action><hash>b760c5646417033338d81e0410f48a76</hash></key>
<value><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0L1K1I1U1StM0U1J</valuedata><hash>ae69f633d8a3e74f4ebbe4a9659e22de</hash></value>
<value><path>HKU\S-1-5-21-2711123623-1081707494-582655949-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>11111111</valuedata><hash>45d21e0bc6b5e94d3abcdbb260a38c74</hash></value>
<data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.Aartemis</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385237976&from=cor&uid=WDCXWD10JPVT-22A1YT0_WD-WXC1E32AXLL9AXLL9</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385237976&from=cor&uid=WDCXWD10JPVT-22A1YT0_WD-WXC1E32AXLL9AXLL9</baddata><gooddata>iexplore.exe</gooddata><hash>d4439b8e3d3ece68b09f859a5fa531cf</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>1cfb7cad84f71b1bf04e66b9d2327987</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.Aartemis</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385237976&from=cor&uid=WDCXWD10JPVT-22A1YT0_WD-WXC1E32AXLL9AXLL9</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385237976&from=cor&uid=WDCXWD10JPVT-22A1YT0_WD-WXC1E32AXLL9AXLL9</baddata><gooddata>iexplore.exe</gooddata><hash>4dca7aafcdaece6875da5dc2e32132ce</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>c45323063a41d85ea39bad72d43059a7</hash></data>
<file><path>C:\ProgramData\2992199F9A\fejrse1.cpp</path><vendor>Trojan.FakeMS.SVSGen</vendor><action>success</action><hash>3add64c50b70ef47ea62f172b24f4db3</hash></file>
<file><path>C:\ProgramData\2992199F9A\Ppbn.faa</path><vendor>Trojan.FakeMS</vendor><action>delete-on-reboot</action><hash>9b7c9a8f0c6f22146cd079f0649d3ec2</hash></file>
<file><path>C:\ProgramData\2992199F9A\1esrjef.faa</path><vendor>Trojan.FakeMS</vendor><action>success</action><hash>50c73eeb5f1c0036063688e1be4307f9</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\utt8274.tmp.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>c156c2679fdc69cd511165b11ee33fc1</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\nsiA2A3.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>71a645e49fdcd1651e08dd3b12ef3dc3</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\nsoE412.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>da3da683750604320620ef292ed3d927</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\DeltaTB.exe</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>bd5af534255611251fa50bf4f30d8a76</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\nsyDE90.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>47d06fbaee8d7cba95917c9c60a127d9</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\Low\nbpP.dll</path><vendor>Trojan.FakeMS.SVSGen</vendor><action>success</action><hash>b85f0326accf1e18f25a422135cc51af</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\{02312170-B41E-4E4D-ACA6-FC3CD9D20386}\Addons\assistant_v3.exe</path><vendor>PUP.Optional.SProtect.A</vendor><action>success</action><hash>35e270b9e39882b4535a36ec48b937c9</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\{02312170-B41E-4E4D-ACA6-FC3CD9D20386}\Addons\helper_setup.exe</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>e03746e3dc9ff73f8b2f48e31de453ad</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\fullpackage_temp1385237964\tmp\eGdpSvc.exe</path><vendor>PUP.Optional.Wsys.A</vendor><action>success</action><hash>2bec042533489f97ce41968a47ba56aa</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\is643178083\171268361_stp\BuzzSearchSetup.exe</path><vendor>PUP.Optional.BuzzSearch.A</vendor><action>success</action><hash>30e742e787f4c76f4108d6dab350748c</hash></file>
<file><path>C:\Users\Laptop\AppData\Local\Temp\is643178083\171268454_stp\cor_aartemis.exe</path><vendor>PUP.Optional.Aartemis.A</vendor><action>success</action><hash>8d8acf5a7efd06309df5a18da95835cb</hash></file>
<file><path>C:\Windows\Tasks\Torntv V7.0-chromeinstaller-dev.job</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>5fb801283447181e08b43048ae5457a9</hash></file>
<file><path>C:\Windows\Tasks\Torntv V7.0-codedownloader.job</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>f324c8612d4e0a2c328a2751ef137d83</hash></file>
<file><path>C:\Windows\Tasks\Torntv V7.0-enabler.job</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>17005ccd81fa04321f9df68261a1fd03</hash></file>
<file><path>C:\Windows\Tasks\Torntv V7.0-firefoxinstaller.job</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>3bdc54d54e2d142235876f09f90913ed</hash></file>
<file><path>C:\Windows\Tasks\Torntv V7.0-updater.job</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>1ff83eeb5b20a78f56663f396c96bf41</hash></file>
</items>
</mbam-log>
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:51 on 12/04/2014 (Laptop)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Hinweis : FRST hat sich beim Scan bei der Datei SA.DAT aufgehangen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Laptop (administrator) on RENOPP-LAPTOP on 12-04-2014 20:14:48
Running from C:\Users\Laptop\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Users\Laptop\Downloads\Defogger.exe
(Arobas Music) C:\Program Files (x86)\Guitar Pro 5\GP5.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2711123623-1081707494-582655949-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-11] (NVIDIA Corporation)
Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1esrjef.lnk
ShortcutTarget: 1esrjef.lnk -> C:\PROGRA~3\299219~1\fejrse1.cpp (No File)
Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ppbn.lnk
ShortcutTarget: Ppbn.lnk -> nbpP.dll,work (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385237976&from=cor&uid=WDCXWD10JPVT-22A1YT0_WD-WXC1E32AXLL9AXLL9&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385237976&from=cor&uid=WDCXWD10JPVT-22A1YT0_WD-WXC1E32AXLL9AXLL9&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385237976&from=cor&uid=WDCXWD10JPVT-22A1YT0_WD-WXC1E32AXLL9AXLL9&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385237976&from=cor&uid=WDCXWD10JPVT-22A1YT0_WD-WXC1E32AXLL9AXLL9&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {11B214FB-9E94-405C-A122-D6F143206117} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {11B214FB-9E94-405C-A122-D6F143206117} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {11B214FB-9E94-405C-A122-D6F143206117} URL =
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Movie2kDownloader - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3937512 2012-10-04] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-13] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
S2 Winmgmt; C:\PROGRA~3\2992199F9A\Ppbn.faa [X]
==================== Drivers (Whitelisted) ====================
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-02-10] (DT Soft Ltd)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-02-26] (LogMeIn Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-13] (Dritek System Inc.)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-12 19:54 - 2014-04-12 20:14 - 00011081 _____ () C:\Users\Laptop\Downloads\Addition.txt
2014-04-12 19:53 - 2014-04-12 20:14 - 00011495 _____ () C:\Users\Laptop\Downloads\FRST.txt
2014-04-12 19:53 - 2014-04-12 19:53 - 00000000 ____D () C:\FRST
2014-04-12 19:52 - 2014-04-12 19:52 - 02157568 _____ (Farbar) C:\Users\Laptop\Downloads\FRST64.exe
2014-04-12 19:51 - 2014-04-12 19:51 - 00050477 _____ () C:\Users\Laptop\Downloads\Defogger.exe
2014-04-12 19:51 - 2014-04-12 19:51 - 00000544 _____ () C:\Users\Laptop\Downloads\defogger_disable.log
2014-04-12 19:51 - 2014-04-12 19:51 - 00000168 _____ () C:\Users\Laptop\defogger_reenable
2014-04-12 19:41 - 2014-04-12 19:51 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Tunngle
2014-04-12 19:41 - 2014-04-12 19:41 - 00000955 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-04-12 19:41 - 2014-04-12 19:41 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-12 19:41 - 2014-04-12 19:41 - 00000000 ____D () C:\Users\Laptop\Documents\Tunngle
2014-04-12 19:41 - 2014-04-12 19:41 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-12 19:41 - 2014-04-12 19:41 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-04-12 19:41 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-04-12 19:38 - 2014-04-12 19:38 - 00000890 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-04-12 19:38 - 2014-04-12 19:38 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-12 19:32 - 2014-04-12 19:32 - 04055968 _____ (Tunngle.net GmbH ) C:\Users\Laptop\Downloads\Tunngle_Setup_v4.5.1.4b.exe
2014-04-12 13:51 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-12 13:51 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-12 13:22 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 13:22 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 13:22 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 13:22 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 13:22 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 13:22 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 13:22 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 13:22 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 13:22 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 13:22 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 13:22 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 13:22 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 13:22 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 13:22 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 13:22 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 13:22 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 13:22 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 13:22 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 13:22 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 13:22 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-12 13:22 - 2013-12-05 01:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-12 13:22 - 2013-12-05 01:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-04-12 13:21 - 2013-10-19 07:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-12 13:21 - 2013-10-19 06:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-12 13:21 - 2013-10-10 13:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-04-12 13:21 - 2013-10-10 11:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-12 13:21 - 2013-10-10 11:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-04-12 13:21 - 2013-09-04 05:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-12 13:21 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-12 13:21 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-04-12 13:20 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-12 13:20 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-12 13:20 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-12 13:20 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-12 13:20 - 2013-12-09 02:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-12 13:20 - 2013-12-09 01:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-12 13:20 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-04-12 13:20 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-04-12 13:20 - 2013-10-09 03:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-12 13:20 - 2013-10-09 00:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-04-12 13:20 - 2013-10-09 00:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-04-12 13:20 - 2013-10-09 00:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-04-12 13:20 - 2013-10-09 00:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-04-12 13:20 - 2013-10-09 00:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-12 13:20 - 2013-10-09 00:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-12 13:20 - 2013-10-09 00:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-12 13:20 - 2013-10-09 00:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-12 13:20 - 2013-10-09 00:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-04-12 13:20 - 2013-10-09 00:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-04-12 13:20 - 2013-10-09 00:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-12 13:20 - 2013-10-09 00:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-12 13:20 - 2013-10-05 08:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-04-12 13:20 - 2013-10-03 01:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-12 13:20 - 2013-10-02 04:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-04-12 13:20 - 2013-10-02 00:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-04-12 13:20 - 2013-09-28 07:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-04-12 13:20 - 2013-09-28 05:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-04-12 13:20 - 2013-09-19 09:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-12 13:20 - 2013-08-30 07:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-04-12 13:20 - 2013-08-30 07:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-04-12 13:20 - 2013-08-30 01:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-04-12 13:20 - 2013-08-30 01:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-04-12 13:19 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-04-12 13:19 - 2013-09-14 00:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-04-12 13:19 - 2013-08-30 07:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-04-12 13:19 - 2013-08-30 07:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-04-12 13:19 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-04-12 13:19 - 2013-08-21 08:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-04-12 13:19 - 2013-08-10 08:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2014-04-12 13:19 - 2013-08-10 07:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-04-12 13:19 - 2013-08-10 05:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-04-12 13:19 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-04-12 13:19 - 2013-07-25 01:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-04-12 13:19 - 2013-07-06 00:02 - 00121984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-04-12 13:19 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-12 13:19 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-04-12 13:19 - 2013-07-02 00:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-04-12 13:19 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-04-12 13:19 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-12 13:19 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-12 13:18 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-12 13:18 - 2013-10-02 01:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-04-12 13:18 - 2013-10-02 01:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-12 13:17 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-12 13:17 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 13:17 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 13:17 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-12 13:17 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 13:17 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 13:17 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 13:17 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 13:17 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-12 13:17 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-12 13:17 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 13:17 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 13:17 - 2013-11-26 01:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-12 13:17 - 2013-10-31 07:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-04-12 13:17 - 2013-10-31 07:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-04-12 13:17 - 2013-10-31 06:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-04-12 13:17 - 2013-10-31 05:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-04-12 13:17 - 2013-10-28 07:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-04-12 13:17 - 2013-10-28 06:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-04-12 13:17 - 2013-10-13 22:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-04-12 13:17 - 2013-09-24 00:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-12 13:17 - 2013-09-24 00:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-04-12 13:17 - 2013-08-27 07:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-12 13:17 - 2013-08-27 07:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-12 13:17 - 2013-08-27 00:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-04-12 13:17 - 2013-08-27 00:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-04-12 13:17 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-12 13:17 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-04-12 13:17 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-12 13:17 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-12 13:17 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-04-12 13:17 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-12 13:17 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-12 13:17 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 13:17 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 13:17 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-12 13:17 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-12 13:17 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-12 13:17 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-12 13:17 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-12 13:17 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 13:17 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-12 13:17 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 13:17 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 13:16 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-12 13:16 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-12 13:16 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-12 13:16 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-12 13:16 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-12 13:16 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 13:16 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 13:16 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-12 13:16 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-12 13:16 - 2014-01-13 01:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-12 13:16 - 2014-01-13 01:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-12 13:16 - 2013-11-20 02:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-12 13:16 - 2013-11-20 01:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-12 13:16 - 2013-10-10 11:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-04-12 13:16 - 2013-10-10 11:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-04-12 13:16 - 2013-10-10 11:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-04-12 13:16 - 2013-10-10 11:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-12 13:16 - 2013-10-10 11:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-12 13:16 - 2013-10-10 11:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-04-12 13:16 - 2013-10-10 11:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-12 13:16 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-12 13:16 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-12 13:16 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-04-12 13:16 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-04-12 13:16 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-12 13:16 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-12 13:16 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-12 13:16 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-12 13:16 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-12 13:16 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-12 13:15 - 2013-09-28 05:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-12 13:15 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-04-12 13:15 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-04-12 13:15 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-04-12 13:15 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-04-12 13:15 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-04-12 13:15 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-04-12 13:15 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-04-12 13:15 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-04-12 13:15 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-04-12 13:15 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-04-12 13:15 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-12 13:15 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-12 13:15 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-04-12 13:15 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-04-12 13:15 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-04-12 13:15 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-04-12 13:15 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-04-12 13:15 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-04-12 13:15 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-04-11 22:43 - 2002-04-29 20:34 - 00004096 _____ () C:\Windows\system32\Run32.dll
2014-04-11 22:42 - 2014-04-11 22:42 - 00001875 _____ () C:\Users\Laptop\Downloads\run32.zip
2014-04-11 22:19 - 2014-04-11 22:36 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-04-11 22:19 - 2014-04-11 22:34 - 00000430 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-04-11 22:19 - 2014-04-11 22:34 - 00000412 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-04-11 22:19 - 2014-04-11 22:19 - 00003314 _____ () C:\Windows\System32\Tasks\PC Health Advisor
2014-04-11 22:19 - 2014-04-11 22:19 - 00003286 _____ () C:\Windows\System32\Tasks\PC Health Advisor Defrag
2014-04-11 22:19 - 2014-04-11 22:19 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2014-04-11 21:52 - 2014-04-11 21:52 - 03224200 _____ (WiseCleaner.com ) C:\Users\Laptop\Downloads\WRCFree_7.94.exe
2014-04-11 21:52 - 2014-04-11 21:52 - 03224200 _____ (WiseCleaner.com ) C:\Users\Laptop\Downloads\WRCFree_7.94 (1).exe
2014-04-11 20:25 - 2014-04-12 14:33 - 00000000 ____D () C:\Users\Laptop\AppData\Local\CrashDumps
2014-04-11 19:57 - 2014-04-11 19:57 - 02347384 _____ (ESET) C:\Users\Laptop\Downloads\esetsmartinstaller_enu.exe
2014-04-11 19:43 - 2014-04-11 19:43 - 00000000 ____D () C:\Windows\pss
2014-04-11 19:41 - 2014-04-11 22:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-11 19:41 - 2014-04-11 19:41 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-11 19:41 - 2014-04-11 19:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-11 19:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-11 19:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-11 19:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-11 19:21 - 2014-04-12 19:39 - 00000000 ____D () C:\Users\Laptop\AppData\Local\LogMeIn Hamachi
2014-04-11 19:17 - 2014-04-11 19:17 - 08216576 _____ () C:\Users\Laptop\Downloads\hamachi_2.2.0.173 (1).msi
2014-04-11 18:05 - 2014-04-11 19:54 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-08 15:04 - 2014-04-08 15:04 - 01176576 _____ () C:\Users\Laptop\Downloads\0. Einfuhrung.ppt
2014-04-08 14:25 - 2014-04-08 14:25 - 00144260 _____ (RRZK) C:\Users\Laptop\Downloads\RRZK-WLAN-Konfig.exe
2014-04-06 16:31 - 2014-04-06 16:33 - 08925031 _____ () C:\Users\Laptop\Downloads\TEAVSRP.zip
2014-03-31 15:33 - 2014-03-31 15:33 - 00290336 _____ () C:\Windows\Minidump\033114-19265-01.dmp
2014-03-31 06:03 - 2014-03-31 06:03 - 00301376 _____ () C:\Windows\Minidump\033114-27921-01.dmp
2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-23 15:56 - 2014-03-23 16:02 - 160391417 _____ () C:\Users\Laptop\Downloads\starmade-build_20140317_031738.zip
2014-03-22 00:03 - 2014-03-22 00:05 - 00000000 ____D () C:\Program Files (x86)\NetherGame
2014-03-22 00:03 - 2014-03-22 00:03 - 00000000 ____D () C:\Program Files (x86)\UDKGame
2014-03-22 00:03 - 2014-03-22 00:03 - 00000000 ____D () C:\Program Files (x86)\Engine
2014-03-21 18:10 - 2014-03-21 18:11 - 00000000 ____D () C:\Program Files (x86)\Kerbal Space Program multy
2014-03-21 18:09 - 2014-03-21 18:09 - 00000222 _____ () C:\Users\Laptop\Desktop\Nether.url
2014-03-19 22:26 - 2014-03-19 22:26 - 00301432 _____ () C:\Windows\Minidump\031914-21531-01.dmp
2014-03-17 18:55 - 2014-04-10 09:24 - 00000000 ____D () C:\Users\Laptop\Documents\Universität
2014-03-16 17:10 - 2014-03-16 18:37 - 148499705 _____ () C:\Users\Laptop\Downloads\03-06_REVEGION-EMILY-BLOOM-by-ARKISI_8cc10_high.zip
2014-03-14 21:34 - 2014-03-14 21:34 - 08216576 _____ () C:\Users\Laptop\Downloads\hamachi_2.2.0.173.msi
==================== One Month Modified Files and Folders =======
2014-04-12 20:14 - 2014-04-12 19:54 - 00011081 _____ () C:\Users\Laptop\Downloads\Addition.txt
2014-04-12 20:14 - 2014-04-12 19:53 - 00011495 _____ () C:\Users\Laptop\Downloads\FRST.txt
2014-04-12 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-12 19:53 - 2014-04-12 19:53 - 00000000 ____D () C:\FRST
2014-04-12 19:52 - 2014-04-12 19:52 - 02157568 _____ (Farbar) C:\Users\Laptop\Downloads\FRST64.exe
2014-04-12 19:51 - 2014-04-12 19:51 - 00050477 _____ () C:\Users\Laptop\Downloads\Defogger.exe
2014-04-12 19:51 - 2014-04-12 19:51 - 00000544 _____ () C:\Users\Laptop\Downloads\defogger_disable.log
2014-04-12 19:51 - 2014-04-12 19:51 - 00000168 _____ () C:\Users\Laptop\defogger_reenable
2014-04-12 19:51 - 2014-04-12 19:41 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Tunngle
2014-04-12 19:51 - 2013-01-22 22:21 - 00000000 ____D () C:\Users\Laptop
2014-04-12 19:50 - 2013-01-22 21:25 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Skype
2014-04-12 19:49 - 2013-01-22 22:21 - 01049917 _____ () C:\Windows\WindowsUpdate.log
2014-04-12 19:41 - 2014-04-12 19:41 - 00000955 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-04-12 19:41 - 2014-04-12 19:41 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-12 19:41 - 2014-04-12 19:41 - 00000000 ____D () C:\Users\Laptop\Documents\Tunngle
2014-04-12 19:41 - 2014-04-12 19:41 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-12 19:41 - 2014-04-12 19:41 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-04-12 19:39 - 2014-04-11 19:21 - 00000000 ____D () C:\Users\Laptop\AppData\Local\LogMeIn Hamachi
2014-04-12 19:38 - 2014-04-12 19:38 - 00000890 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-04-12 19:38 - 2014-04-12 19:38 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-12 19:32 - 2014-04-12 19:32 - 04055968 _____ (Tunngle.net GmbH ) C:\Users\Laptop\Downloads\Tunngle_Setup_v4.5.1.4b.exe
2014-04-12 18:24 - 2013-01-22 22:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2711123623-1081707494-582655949-1002
2014-04-12 14:33 - 2014-04-11 20:25 - 00000000 ____D () C:\Users\Laptop\AppData\Local\CrashDumps
2014-04-12 13:51 - 2013-01-22 22:22 - 00000000 ___RD () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-12 13:51 - 2013-01-22 22:22 - 00000000 ___RD () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-12 13:50 - 2012-11-02 05:02 - 00047676 _____ () C:\Windows\PFRO.log
2014-04-12 13:50 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-12 13:49 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-12 13:49 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-12 13:48 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-12 13:48 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-12 13:48 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-12 13:48 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-12 13:32 - 2013-09-24 12:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 13:28 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-12 13:23 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-04-11 22:52 - 2014-04-11 19:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-11 22:42 - 2014-04-11 22:42 - 00001875 _____ () C:\Users\Laptop\Downloads\run32.zip
2014-04-11 22:37 - 2013-07-23 17:39 - 00000000 ____D () C:\Program Files (x86)\Cube World
2014-04-11 22:36 - 2014-04-11 22:19 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-04-11 22:36 - 2013-12-10 01:44 - 00000000 ____D () C:\Program Files (x86)\Reise nach Nordland
2014-04-11 22:34 - 2014-04-11 22:19 - 00000430 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-04-11 22:34 - 2014-04-11 22:19 - 00000412 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-04-11 22:19 - 2014-04-11 22:19 - 00003314 _____ () C:\Windows\System32\Tasks\PC Health Advisor
2014-04-11 22:19 - 2014-04-11 22:19 - 00003286 _____ () C:\Windows\System32\Tasks\PC Health Advisor Defrag
2014-04-11 22:19 - 2014-04-11 22:19 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2014-04-11 21:52 - 2014-04-11 21:52 - 03224200 _____ (WiseCleaner.com ) C:\Users\Laptop\Downloads\WRCFree_7.94.exe
2014-04-11 21:52 - 2014-04-11 21:52 - 03224200 _____ (WiseCleaner.com ) C:\Users\Laptop\Downloads\WRCFree_7.94 (1).exe
2014-04-11 21:52 - 2013-08-18 01:09 - 00825856 ___SH () C:\Users\Laptop\Downloads\Thumbs.db
2014-04-11 21:51 - 2013-12-21 22:15 - 00041472 ___SH () C:\Users\Laptop\Desktop\Thumbs.db
2014-04-11 20:33 - 2013-01-22 22:22 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\lm
2014-04-11 19:57 - 2014-04-11 19:57 - 02347384 _____ (ESET) C:\Users\Laptop\Downloads\esetsmartinstaller_enu.exe
2014-04-11 19:54 - 2014-04-11 18:05 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-11 19:43 - 2014-04-11 19:43 - 00000000 ____D () C:\Windows\pss
2014-04-11 19:41 - 2014-04-11 19:41 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-11 19:41 - 2014-04-11 19:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-11 19:41 - 2013-04-22 16:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 19:17 - 2014-04-11 19:17 - 08216576 _____ () C:\Users\Laptop\Downloads\hamachi_2.2.0.173 (1).msi
2014-04-11 19:14 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-11 19:09 - 2013-01-24 00:45 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\vlc
2014-04-10 19:03 - 2013-06-27 22:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-10 09:24 - 2014-03-17 18:55 - 00000000 ____D () C:\Users\Laptop\Documents\Universität
2014-04-09 21:31 - 2012-12-13 08:48 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-04-09 21:31 - 2012-12-13 08:48 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-04-09 21:31 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 18:23 - 2013-01-22 23:16 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\.minecraft
2014-04-08 15:04 - 2014-04-08 15:04 - 01176576 _____ () C:\Users\Laptop\Downloads\0. Einfuhrung.ppt
2014-04-08 14:25 - 2014-04-08 14:25 - 00144260 _____ (RRZK) C:\Users\Laptop\Downloads\RRZK-WLAN-Konfig.exe
2014-04-06 16:33 - 2014-04-06 16:31 - 08925031 _____ () C:\Users\Laptop\Downloads\TEAVSRP.zip
2014-04-04 20:26 - 2013-03-08 22:56 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\TS3Client
2014-04-03 09:51 - 2014-04-11 19:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-11 19:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-11 19:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 22:25 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2014-04-12 13:51 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2014-04-12 13:51 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 18:16 - 2014-03-06 19:48 - 00000000 ____D () C:\Users\Laptop\Documents\Praktikum
2014-03-31 15:33 - 2014-03-31 15:33 - 00290336 _____ () C:\Windows\Minidump\033114-19265-01.dmp
2014-03-31 15:33 - 2013-01-28 17:34 - 434562513 _____ () C:\Windows\MEMORY.DMP
2014-03-31 15:33 - 2013-01-28 17:34 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 06:03 - 2014-03-31 06:03 - 00301376 _____ () C:\Windows\Minidump\033114-27921-01.dmp
2014-03-31 03:51 - 2013-01-27 19:46 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-23 16:06 - 2013-12-06 22:16 - 00000000 ____D () C:\Users\Laptop\Desktop\STARMADE
2014-03-23 16:02 - 2014-03-23 15:56 - 160391417 _____ () C:\Users\Laptop\Downloads\starmade-build_20140317_031738.zip
2014-03-22 00:10 - 2013-03-23 20:54 - 00000000 ____D () C:\Users\Laptop\Documents\My Games
2014-03-22 00:05 - 2014-03-22 00:03 - 00000000 ____D () C:\Program Files (x86)\NetherGame
2014-03-22 00:05 - 2013-10-31 23:38 - 00000000 ____D () C:\Program Files (x86)\Binaries
2014-03-22 00:03 - 2014-03-22 00:03 - 00000000 ____D () C:\Program Files (x86)\UDKGame
2014-03-22 00:03 - 2014-03-22 00:03 - 00000000 ____D () C:\Program Files (x86)\Engine
2014-03-22 00:02 - 2013-01-22 17:50 - 00168880 _____ () C:\Windows\DirectX.log
2014-03-21 18:11 - 2014-03-21 18:10 - 00000000 ____D () C:\Program Files (x86)\Kerbal Space Program multy
2014-03-21 18:09 - 2014-03-21 18:09 - 00000222 _____ () C:\Users\Laptop\Desktop\Nether.url
2014-03-19 22:26 - 2014-03-19 22:26 - 00301432 _____ () C:\Windows\Minidump\031914-21531-01.dmp
2014-03-16 00:11 - 2013-03-08 22:56 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-03-14 21:34 - 2014-03-14 21:34 - 08216576 _____ () C:\Users\Laptop\Downloads\hamachi_2.2.0.173.msi
2014-03-14 18:47 - 2013-04-16 15:00 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\Temp\AcerCloudDocsSetup.exe
C:\Users\Laptop\AppData\Local\Temp\AcerCloudSetup.exe
C:\Users\Laptop\AppData\Local\Temp\bdfilters.dll
C:\Users\Laptop\AppData\Local\Temp\borlndlm.dll
C:\Users\Laptop\AppData\Local\Temp\CheatEngine63Clean.exe
C:\Users\Laptop\AppData\Local\Temp\ICReinstall_installer.exe
C:\Users\Laptop\AppData\Local\Temp\inst.exe
C:\Users\Laptop\AppData\Local\Temp\NGMDll.dll
C:\Users\Laptop\AppData\Local\Temp\NGMResource.dll
C:\Users\Laptop\AppData\Local\Temp\NGMSetup.exe
C:\Users\Laptop\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Laptop\AppData\Local\Temp\Tsu0A970D2E.dll
C:\Users\Laptop\AppData\Local\Temp\unicows.dll
C:\Users\Laptop\AppData\Local\Temp\uttB01.tmp.exe
C:\Users\Laptop\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Laptop\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Laptop\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Laptop\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Laptop\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Laptop\AppData\Local\Temp\vlc-2.1.3-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Vielen Dank schon mal im Voraus und falls ich irgendwas vergessen habe schreibt mir das bitte. Viele Grüße, Renopp |
|
12.04.2014, 21:16
| #2 | |
| | Run.dll - Module beschädigt? -VPNs funktionieren nicht mehrZitat:
|
|
18.04.2014, 14:24
| #3 |
| /// the machine /// TB-Ausbilder    | Run.dll - Module beschädigt? -VPNs funktionieren nicht mehr keine Probleme mehr?
__________________
__________________ |
|
| Themen zu Run.dll - Module beschädigt? -VPNs funktionieren nicht mehr |
| .dll, adobe, appdatalow, defender, desktop, entfernen, explorer, fehler, helper, hängt, icreinstall, iexplore.exe, internet, internet explorer, launch, minidump, mozilla, msiexec.exe, prozess, realtek, registry, scan, services.exe, software, svchost.exe, system, taskmanager, teamspeak, temp, trojan.fakems.svsgen, windows |
Linear-Darstellung
