| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: widevinecdmadapter.dll gefährlich?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.05.2014, 09:18
| #1 |
 |  widevinecdmadapter.dll gefährlich? Heyo, habe siet einiger Zeit nun schon das "Problem" das wenn ich den Browser starte ab und zu eine Nachricht von Norton Security kommt welche zeigt das widevinecdmadapter.dll gedownloaded wurde und als sicher eingestuft wurde. Nun ist meine Frage ob diese datei wirklich sicher ist oder doch schädlich für meinen Pc ist. mfg Thomas |
|
15.05.2014, 11:04
| #2 |
| /// the machine /// TB-Ausbilder    | widevinecdmadapter.dll gefährlich? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.05.2014, 13:25
| #3 |
| | widevinecdmadapter.dll gefährlich?FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Thomas (administrator) on THOMAS-HP on 15-05-2014 14:18:16
Running from C:\Users\Thomas\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5889816 2011-12-07] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4240377317-2580135182-2221074664-1001\...\Run: [Spotify Web Helper] => C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-4240377317-2580135182-2221074664-1001\...\Run: [Google Update] => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-09] (Google Inc.)
HKU\S-1-5-21-4240377317-2580135182-2221074664-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-05-18] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {1797871B-E061-4F91-8041-7DE27A1F01E0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope {FA88498B-E5A1-49F1-8F5C-6EC89AAE1FB6} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - DefaultScope {FA88498B-E5A1-49F1-8F5C-6EC89AAE1FB6} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN27584878021427256&UM=2
SearchScopes: HKCU - {1797871B-E061-4F91-8041-7DE27A1F01E0} URL =
SearchScopes: HKCU - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {DB6A597B-B576-4AAD-A5F8-8ED658837C60} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKCU - {FA88498B-E5A1-49F1-8F5C-6EC89AAE1FB6} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN27584878021427256&UM=2
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-12-02] (EasyBits Software Corp.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml
FF Extension: HDvid Codec - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi [2013-04-17]
FF Extension: Torntv 3 - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013-10-09]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-28]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google-Suche) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (AdBlock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-04]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [2014-05-01]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-12] ()
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4135800 2011-05-15] (INCA Internet Co., Ltd.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-21] ()
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-01-14] (<Turtle Entertainment>)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140514.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-10-24] (Logitech Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140514.034\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140514.034\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 tizekdrv; C:\Users\Thomas\AppData\Roaming\TZAC\tizek64.sys [241848 2012-05-01] ()
S3 tizeqdrv; C:\Users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-06-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Program Files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-15 14:18 - 2014-05-15 14:18 - 00017410 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-05-15 14:17 - 2014-05-15 14:17 - 02066944 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-05-15 00:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 00:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 00:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 00:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 00:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 00:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 23:00 - 2014-05-14 23:53 - 00000000 ____D () C:\Users\Thomas\Desktop\Daylight-SKIDROW
2014-05-14 22:59 - 2014-05-14 22:59 - 00025247 _____ () C:\Users\Thomas\Downloads\[kickass.to]daylight.skidrow.torrent
2014-05-14 10:47 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:47 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:47 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:47 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:47 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:47 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 10:47 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 10:47 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 10:47 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:47 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:47 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 10:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 10:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 10:47 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 00:02 - 2014-05-14 00:58 - 171591140 _____ () C:\Users\Thomas\Downloads\prpi_rog.rar
2014-05-13 12:58 - 2014-05-13 12:58 - 00012265 _____ () C:\Users\Thomas\Downloads\van_helsing_movie.zip
2014-05-13 12:56 - 2014-05-13 12:56 - 00013804 _____ () C:\Users\Thomas\Downloads\dishonor.zip
2014-05-12 17:06 - 2014-05-12 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-12 12:29 - 2014-05-12 12:29 - 00026695 _____ () C:\Users\Thomas\Downloads\p.txt
2014-05-12 08:34 - 2014-05-12 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2014-05-12 08:28 - 2014-05-12 08:28 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks
2014-05-11 23:07 - 2014-05-11 23:07 - 00015028 _____ () C:\Users\Thomas\Downloads\[kickass.to]dishonored.skidrow.torrent
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 __SHD () C:\ProgramData\DSS
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Lionhead Studios
2014-05-11 14:03 - 2014-05-11 14:03 - 00039185 _____ () C:\Users\Thomas\Downloads\[kickass.to]fable.iii.skidrow.fable.3.torrent
2014-05-11 13:32 - 2014-05-11 13:32 - 00001433 _____ () C:\Users\Thomas\Documents\Dragon Age Origins EP1.log
2014-05-10 10:52 - 2014-05-10 10:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2014-05-10 10:52 - 2014-05-10 10:52 - 00000000 ____D () C:\Program Files\Adobe
2014-05-10 10:51 - 2014-05-10 10:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001268 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-05-10 10:45 - 2014-05-10 10:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-10 10:28 - 2014-05-10 10:28 - 00041935 _____ () C:\Users\Thomas\Downloads\[kickass.to]antichamber.v1.0.steam.rip.cracked.richvsm.torrent
2014-05-09 22:39 - 2014-05-09 22:39 - 00099798 _____ () C:\Users\Thomas\Downloads\[kickass.to]ether.one.codex.torrent
2014-05-09 14:40 - 2014-05-09 14:40 - 00000000 ____D () C:\Users\Thomas\AppData\Local\WebPlayer
2014-05-09 14:38 - 2014-05-09 14:38 - 00236936 _____ () C:\Users\Thomas\Downloads\Silent_Hill_2_www_downloader-dd2a24Jw.exe
2014-05-09 13:56 - 2014-05-09 13:56 - 00803691 _____ () C:\Users\Thomas\Downloads\OptiFine 1.7.4.jar
2014-05-09 13:46 - 2014-05-09 13:46 - 00811462 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.2_HD_U_D1.jar
2014-05-08 12:50 - 2014-05-08 12:59 - 141152949 _____ () C:\Users\Thomas\Downloads\voikol.rar
2014-05-08 09:10 - 2014-05-08 09:10 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Curse
2014-05-08 09:08 - 2014-05-08 09:09 - 37746736 _____ (Curse) C:\Users\Thomas\Downloads\CurseClientSetup.exe
2014-05-06 20:55 - 2014-05-15 08:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:39 - 2014-05-06 19:39 - 00008902 _____ () C:\Users\Thomas\Downloads\minecrafter.zip
2014-05-06 19:36 - 2014-05-06 19:36 - 00202293 _____ () C:\Users\Thomas\Downloads\survival_horror.zip
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-05 15:42 - 2014-05-05 15:42 - 02209528 _____ () C:\VirtualDub-1.10.4-AMD64.zip
2014-05-05 15:41 - 2014-05-05 15:41 - 00613200 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\VirtualDub 64 Bit - CHIP-Downloader.exe
2014-05-04 13:52 - 2014-05-04 13:52 - 00000019 _____ () C:\Users\Thomas\Desktop\mc mein haus.txt
2014-05-04 13:48 - 2014-05-04 13:52 - 166667606 _____ () C:\Users\Thomas\Downloads\TrailerVARO2.MP4
2014-05-04 01:01 - 2014-05-04 01:01 - 00018072 _____ () C:\Users\Thomas\Downloads\[kickass.to]prinz.pi.rebell.ohne.grund.de.2011.ysp.torrent
2014-05-03 18:03 - 2014-05-03 18:03 - 02723770 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1060-installer.jar
2014-05-03 18:02 - 2014-05-03 18:02 - 00814735 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-02 21:04 - 2014-05-02 21:04 - 00003398 _____ () C:\Windows\System32\Tasks\{13A7F5EA-CEE8-4E1C-A269-E6A21785CD33}
2014-05-02 12:47 - 2014-05-02 12:47 - 02347187 _____ () C:\Users\Thomas\Downloads\mcpatcher-4.3.2_02.exe
2014-05-02 12:37 - 2014-05-02 12:39 - 10211806 _____ () C:\Users\Thomas\Downloads\willpack3.zip
2014-05-02 11:56 - 2014-05-14 20:17 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\.minecraft
2014-05-02 09:52 - 2014-05-02 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-29 20:54 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 20:54 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 20:53 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 20:53 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 20:53 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 20:53 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 20:53 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 20:53 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 20:53 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 20:53 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 20:53 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 20:53 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 20:53 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 20:53 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 20:53 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 20:53 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 20:53 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 20:53 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 20:53 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 20:53 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 20:53 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 20:53 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 20:53 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 20:53 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 20:53 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 20:53 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 20:53 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 20:53 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 20:53 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 20:53 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 20:53 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 20:53 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 20:53 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 20:53 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 20:53 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 20:53 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 20:53 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 20:53 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 20:53 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 20:53 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 20:53 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 20:53 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 20:53 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 20:53 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 18:56 - 2013-05-15 08:22 - 00937984 _____ () C:\Windows\system32\rads.dll
2014-04-18 15:58 - 2014-04-26 11:22 - 00000000 ____D () C:\Users\Thomas\Desktop\IWBT8b
2014-04-18 09:58 - 2014-04-18 09:58 - 00000000 ____D () C:\Users\Thomas\aTubeCatcher
2014-04-18 09:57 - 2014-04-18 09:57 - 00001192 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-04-18 09:57 - 2014-04-18 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
==================== One Month Modified Files and Folders =======
2014-05-15 14:18 - 2014-05-15 14:18 - 00017410 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-05-15 14:18 - 2013-07-19 16:01 - 00000000 ____D () C:\FRST
2014-05-15 14:17 - 2014-05-15 14:17 - 02066944 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-05-15 14:03 - 2012-11-09 17:55 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job
2014-05-15 13:35 - 2012-05-01 00:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-15 11:28 - 2014-02-06 21:28 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-05-15 08:41 - 2009-07-14 06:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 08:41 - 2009-07-14 06:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 08:40 - 2010-12-02 02:12 - 01381532 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 08:37 - 2013-02-10 02:00 - 00054887 _____ () C:\Windows\setupact.log
2014-05-15 08:36 - 2012-04-30 23:14 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:36 - 2012-04-30 23:14 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 08:32 - 2014-05-06 20:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 00:08 - 2013-08-14 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 00:08 - 2012-05-01 00:49 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 00:06 - 2012-05-15 16:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\BitTorrent
2014-05-14 23:53 - 2014-05-14 23:00 - 00000000 ____D () C:\Users\Thomas\Desktop\Daylight-SKIDROW
2014-05-14 23:00 - 2012-08-13 17:03 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify
2014-05-14 22:59 - 2014-05-14 22:59 - 00025247 _____ () C:\Users\Thomas\Downloads\[kickass.to]daylight.skidrow.torrent
2014-05-14 20:39 - 2012-10-01 19:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-05-14 20:17 - 2014-05-02 11:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\.minecraft
2014-05-14 20:03 - 2012-11-09 17:55 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job
2014-05-14 13:43 - 2012-05-19 19:24 - 00000000 ____D () C:\Users\Thomas\AppData\Local\PMB Files
2014-05-14 10:37 - 2013-02-10 01:19 - 00069088 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-14 10:36 - 2013-02-11 17:44 - 04858760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 00:58 - 2014-05-14 00:02 - 171591140 _____ () C:\Users\Thomas\Downloads\prpi_rog.rar
2014-05-14 00:55 - 2010-12-02 02:37 - 00699876 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 00:55 - 2010-12-02 02:37 - 00149758 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 00:55 - 2009-07-14 07:13 - 01622022 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 12:58 - 2014-05-13 12:58 - 00012265 _____ () C:\Users\Thomas\Downloads\van_helsing_movie.zip
2014-05-13 12:56 - 2014-05-13 12:56 - 00013804 _____ () C:\Users\Thomas\Downloads\dishonor.zip
2014-05-12 17:06 - 2014-05-12 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-12 17:06 - 2013-06-30 08:37 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-12 17:06 - 2013-06-30 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-12 17:06 - 2013-06-30 08:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-12 12:29 - 2014-05-12 12:29 - 00026695 _____ () C:\Users\Thomas\Downloads\p.txt
2014-05-12 08:39 - 2012-07-20 19:08 - 00000000 ____D () C:\Users\Thomas\Documents\My Games
2014-05-12 08:39 - 2012-06-05 23:41 - 00000000 ____D () C:\Users\Thomas\AppData\Local\SKIDROW
2014-05-12 08:34 - 2014-05-12 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2014-05-12 08:28 - 2014-05-12 08:28 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks
2014-05-11 23:07 - 2014-05-11 23:07 - 00015028 _____ () C:\Users\Thomas\Downloads\[kickass.to]dishonored.skidrow.torrent
2014-05-11 23:06 - 2012-05-01 00:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 __SHD () C:\ProgramData\DSS
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Lionhead Studios
2014-05-11 22:24 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-11 19:47 - 2012-05-01 00:04 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\TS3Client
2014-05-11 17:48 - 2012-05-19 19:24 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-11 14:03 - 2014-05-11 14:03 - 00039185 _____ () C:\Users\Thomas\Downloads\[kickass.to]fable.iii.skidrow.fable.3.torrent
2014-05-11 13:32 - 2014-05-11 13:32 - 00001433 _____ () C:\Users\Thomas\Documents\Dragon Age Origins EP1.log
2014-05-11 11:09 - 2012-06-25 13:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2014-05-11 11:07 - 2013-02-11 17:44 - 00682630 _____ () C:\Windows\PFRO.log
2014-05-10 11:11 - 2013-07-07 20:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-05-10 10:52 - 2014-05-10 10:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2014-05-10 10:52 - 2014-05-10 10:52 - 00000000 ____D () C:\Program Files\Adobe
2014-05-10 10:52 - 2012-06-25 13:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-10 10:51 - 2014-05-10 10:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2014-05-10 10:50 - 2012-06-25 13:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-10 10:48 - 2014-05-10 10:48 - 00001268 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-05-10 10:47 - 2012-06-25 13:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-10 10:47 - 2012-04-30 23:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Adobe
2014-05-10 10:45 - 2014-05-10 10:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-10 10:28 - 2014-05-10 10:28 - 00041935 _____ () C:\Users\Thomas\Downloads\[kickass.to]antichamber.v1.0.steam.rip.cracked.richvsm.torrent
2014-05-09 22:39 - 2014-05-09 22:39 - 00099798 _____ () C:\Users\Thomas\Downloads\[kickass.to]ether.one.codex.torrent
2014-05-09 14:40 - 2014-05-09 14:40 - 00000000 ____D () C:\Users\Thomas\AppData\Local\WebPlayer
2014-05-09 14:38 - 2014-05-09 14:38 - 00236936 _____ () C:\Users\Thomas\Downloads\Silent_Hill_2_www_downloader-dd2a24Jw.exe
2014-05-09 13:56 - 2014-05-09 13:56 - 00803691 _____ () C:\Users\Thomas\Downloads\OptiFine 1.7.4.jar
2014-05-09 13:46 - 2014-05-09 13:46 - 00811462 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.2_HD_U_D1.jar
2014-05-09 08:14 - 2014-05-14 10:47 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 10:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:58 - 2012-11-09 17:55 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA
2014-05-08 19:58 - 2012-11-09 17:55 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core
2014-05-08 12:59 - 2014-05-08 12:50 - 141152949 _____ () C:\Users\Thomas\Downloads\voikol.rar
2014-05-08 09:10 - 2014-05-08 09:10 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Curse
2014-05-08 09:09 - 2014-05-08 09:08 - 37746736 _____ (Curse) C:\Users\Thomas\Downloads\CurseClientSetup.exe
2014-05-07 21:39 - 2012-08-13 17:03 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify
2014-05-06 19:39 - 2014-05-06 19:39 - 00008902 _____ () C:\Users\Thomas\Downloads\minecrafter.zip
2014-05-06 19:36 - 2014-05-06 19:36 - 00202293 _____ () C:\Users\Thomas\Downloads\survival_horror.zip
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-06 06:40 - 2014-05-15 00:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 00:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 00:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 00:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 15:42 - 2014-05-05 15:42 - 02209528 _____ () C:\VirtualDub-1.10.4-AMD64.zip
2014-05-05 15:41 - 2014-05-05 15:41 - 00613200 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\VirtualDub 64 Bit - CHIP-Downloader.exe
2014-05-04 13:52 - 2014-05-04 13:52 - 00000019 _____ () C:\Users\Thomas\Desktop\mc mein haus.txt
2014-05-04 13:52 - 2014-05-04 13:48 - 166667606 _____ () C:\Users\Thomas\Downloads\TrailerVARO2.MP4
2014-05-04 11:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-04 01:01 - 2014-05-04 01:01 - 00018072 _____ () C:\Users\Thomas\Downloads\[kickass.to]prinz.pi.rebell.ohne.grund.de.2011.ysp.torrent
2014-05-03 18:03 - 2014-05-03 18:03 - 02723770 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1060-installer.jar
2014-05-03 18:02 - 2014-05-03 18:02 - 00814735 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-02 22:57 - 2012-10-01 19:15 - 00000000 ____D () C:\ProgramData\Skype
2014-05-02 21:04 - 2014-05-02 21:04 - 00003398 _____ () C:\Windows\System32\Tasks\{13A7F5EA-CEE8-4E1C-A269-E6A21785CD33}
2014-05-02 12:47 - 2014-05-02 12:47 - 02347187 _____ () C:\Users\Thomas\Downloads\mcpatcher-4.3.2_02.exe
2014-05-02 12:39 - 2014-05-02 12:37 - 10211806 _____ () C:\Users\Thomas\Downloads\willpack3.zip
2014-05-02 12:01 - 2012-05-06 12:39 - 00000000 ____D () C:\Users\Thomas\Desktop\.minecraft
2014-05-02 11:44 - 2014-05-02 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 06:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-26 11:22 - 2014-04-18 15:58 - 00000000 ____D () C:\Users\Thomas\Desktop\IWBT8b
2014-04-20 19:10 - 2013-01-31 17:14 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-04-18 16:59 - 2013-10-11 18:35 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Battle.net
2014-04-18 16:40 - 2013-05-26 12:36 - 00000000 ____D () C:\Users\Thomas\Documents\StarCraft II
2014-04-18 16:24 - 2013-05-26 12:36 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-04-18 16:21 - 2013-12-19 16:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-18 16:20 - 2012-06-14 17:28 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-04-18 09:58 - 2014-04-18 09:58 - 00000000 ____D () C:\Users\Thomas\aTubeCatcher
2014-04-18 09:58 - 2012-04-30 23:06 - 00000000 ____D () C:\Users\Thomas
2014-04-18 09:57 - 2014-04-18 09:57 - 00001192 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-04-18 09:57 - 2014-04-18 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-04-18 09:57 - 2012-05-04 16:25 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-04-16 12:52 - 2012-05-01 04:02 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-16 12:52 - 2012-05-01 04:01 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-14 10:47] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 00:48
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by Thomas at 2014-05-15 14:24:28
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton 360 Online (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Online (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe After Effects CS4 (HKLM-x32\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.2.202.233 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0405.2205.37728 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0405.2205.37728 - Ihr Firmenname) Hidden
Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.2 - Frictional Games)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version: - Ubisoft Montreal)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
aTube Toolbar (HKLM-x32\...\atube) (Version: 1.0.0.12 - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - BestGameEver)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version: - DICE)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30739 - BitTorrent Inc.)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Counter-Strike Global Offensive Beta - Dedicated Server (HKLM-x32\...\Steam App 740) (Version: - )
Counter-Strike: Global Offensive Beta (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dishonored (HKLM-x32\...\Dishonored_is1) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Bethesda Softworks)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FIFA 12 (c) EA version 1 (HKLM-x32\...\FIFA 12 (c) EA_is1) (Version: 1 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
From Dust (HKLM-x32\...\{578485F8-60F3-4C61-9183-0698E581B902}) (Version: 1.0.0 - Ubisoft)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Gyazo 1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Toshiyuki Masui)
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version: - MadMan Theory Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{319E272A-B5DB-4939-99D0-1F1F0C55699E}) (Version: 5.0.11.16 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.166.0 - ATI Technologies Inc.) Hidden
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Java(TM) 7 Update 4 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.40 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Logitech Gaming Software (Version: 8.20.74 - Logitech Inc.) Hidden
Logitech Gaming Software 8.20 (HKLM\...\Logitech Gaming Software) (Version: 8.20.74 - Logitech Inc.)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.7 - www.leaguereplays.com)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.1 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.1 - Red Giant Software) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
MATLAB Component Runtime 7.7 (HKLM-x32\...\{7AF35DB0-6833-4780-95AA-5FE2904D51A1}) (Version: 7.7 - The MathWorks)
MediaInfo 0.7.67 (HKLM\...\MediaInfo) (Version: 0.7.67 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)
MKVToolNix 6.7.0 [20140102-565] (HKLM-x32\...\MKVToolNix) (Version: 6.7.0 - Moritz Bunkus)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.5 - Hewlett-Packard)
My Game Long Name (HKLM\...\UDK-7e86ae0f-5ddd-4b03-9aaa-827f3bb19b96) (Version: - Epic Games, Inc.)
Nether (HKLM-x32\...\Steam App 247730) (Version: - Phosphor Games)
Norton 360 (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Wizard 2012.2.0 (HKLM-x32\...\PC Wizard 2012_is1) (Version: - CPUID)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.2 r1116 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6132 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
RPG Maker 2003 v1.08 (HKLM-x32\...\RPG Maker 2003_is1) (Version: - Enterbrain, Inc.)
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version: - )
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TERA (HKLM-x32\...\{A2S166A0-F031-4E27-A057-C69733219434}_is1) (Version: 19.04.02.03.hf3 - Gameforge Productions GmbH)
The Walking Dead (c) 3 version 1 (HKLM-x32\...\The Walking Dead (c) 3_is1) (Version: 1 - )
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
TZAC ANTICHEAT 2 (HKLM-x32\...\TZAC ANTICHEAT) (Version: 2 - Tomislav Zubcic)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Universal AntiCheat 3 v1.081 r2 (HKLM-x32\...\{99BEB67F-B288-44F5-8B2A-23F5A52FA1AE}_is1) (Version: - DExUS)
Vegas Pro 10.0 (64-bit) (HKLM\...\{7B8F9BF0-A1D5-11E0-B4E5-0013D3D69929}) (Version: 10.0.738 - Sony)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
XSplit (HKLM-x32\...\{70184743-6B98-4DEA-A847-9B8B3F6F56ED}) (Version: 1.1.1209.0601 - SplitMediaLabs)
ZoomEx (HKLM\...\{3CAA8F9F-F843-4DAC-AF47-B061E749AD69}) (Version: 1.0 - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
12-05-2014 22:00:01 Geplanter Prüfpunkt
14-05-2014 22:06:46 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-07-20 13:19 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0506CAFF-B409-4CB7-9C39-55CE64F1FD60} - System32\Tasks\{4B058D46-4E13-42AA-A958-47C57A55EB2D} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {0E8042EE-45B0-4866-9016-71175193D4B4} - System32\Tasks\{AC27E048-A0D5-44A2-BCB5-2C6E240B1D39} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {10D6D9B7-E6B8-4A8B-B180-319FB42FAB7A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {142A4635-F749-4CB4-A82F-B3457937DBEE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {19A7BC0E-E671-4C94-B92A-3AD32219D38B} - System32\Tasks\{BB21EA02-8F78-42FB-BDAB-D8F52AE12437} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {1E0AF271-83CB-4C42-95BD-A14E8F59FEBF} - System32\Tasks\{C2FB6E04-D7A2-4AB5-8F34-69601B1C3ECB} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {353749CA-12D1-4691-82F6-204DD655FA56} - System32\Tasks\{6195DA7A-9123-4002-B8D4-BE995932FC98} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe
Task: {4877E900-016A-4FD2-9415-D6FDA891C975} - System32\Tasks\{DBBECB5E-92C1-4F69-A453-294BBE75BE4A} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {4F458284-799F-449E-BC69-2FD5D7403BBC} - System32\Tasks\{13A7F5EA-CEE8-4E1C-A269-E6A21785CD33} => Chrome.exe hxxp://ui.skype.com/ui/0/4.1.0.179.161/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {53266036-4171-40EF-A73A-170046BE3C2F} - System32\Tasks\{D98A728C-9280-4150-8140-246856147BF1} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {5A2CD3B8-203E-4FF2-90A9-5CBAB5E33EC3} - System32\Tasks\{332D1F18-3C9B-43ED-8CDB-1BB11E9CC084} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe
Task: {5B7A5AFC-95E9-4AEC-89EF-3F65D526A255} - System32\Tasks\{7C0C073B-EF12-4E9E-AFDC-0230BBDAF335} => G:\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {5C50A6BB-7F85-4751-825E-09CAE0AE2500} - System32\Tasks\{B6B47F50-62CD-4F5F-AD2A-B9AFD1D25F96} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe
Task: {664A0DA9-AA9C-48A4-9EA0-CA629FEC1225} - System32\Tasks\{1AE1C097-21B6-4F7D-AACD-52E7D3F37C48} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlds.exe
Task: {7023A11B-3C1C-42B8-8380-444B92AE111E} - System32\Tasks\{DE3201B3-5506-4309-8B7D-8C5D5C43AACC} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {7CC9AAFA-494A-44A0-985E-212607EDD13A} - System32\Tasks\{3541458F-6A3A-47DE-9A59-5B4D5FBED56B} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.161/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {7E76DBD0-DF74-4629-B4ED-7648F85365A0} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {7FFEF84E-68C7-4B23-85CB-BF373785296C} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {85928B67-E76B-4393-84BA-89A6083B3516} - System32\Tasks\{31E78281-B712-40C6-9CA9-34B259C9653C} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe
Task: {8A54ED3B-2604-4108-B7BB-CD1D12518FE7} - System32\Tasks\{1B624F83-E6F3-4843-A760-F6380B4B214F} => C:\Program Files (x86)\Metro Last Light\MetroLL.exe
Task: {8CD92F97-2F1C-401F-B104-AD875D60C44D} - System32\Tasks\{31CF1282-D6DB-4D97-9037-4A00E1E676AF} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {90CCF17C-FDE3-45F4-B7B1-149767426907} - System32\Tasks\{62FF4330-6143-4217-82E5-E41BC134C85E} => Chrome.exe
Task: {94371FF7-BB38-4A2C-9B5C-AEEE893A1927} - System32\Tasks\{7A265765-3807-4542-A510-89E7F613B51B} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {9B5B95D8-C095-4929-A269-1324C7705EE2} - System32\Tasks\{3007051E-A6AD-4856-B51E-E5047D05BE25} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {A34EEE9B-660B-409A-9F2C-106405F0FFAE} - System32\Tasks\{9EFDB496-3F35-4201-94FC-0C21DBA3B8AD} => G:\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {ADCB2EC0-A8D6-4DFF-8334-00F4BAF88946} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {B4342D9F-89B1-4174-900B-8458659A22A7} - System32\Tasks\{7A2D8C2C-3DBB-4BE5-B7DD-AAE8D5E03124} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {B443C4D4-2F2C-4620-B5D1-C6C8884764DE} - System32\Tasks\{D44CEBB5-5D6D-4A31-ABCB-D858F1068CF1} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe
Task: {B4D3C018-C956-4833-9753-5831BF9F6897} - System32\Tasks\RunAsStdUser Task => C:\Users\Thomas\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe <==== ATTENTION
Task: {B935756A-19FD-40D2-B861-7992CCD0EBFE} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {B95D05AC-7D77-4191-8556-310794DF53A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2010-06-11] (Hewlett-Packard Company)
Task: {B9ACD865-1CB7-475B-B4ED-393EE2BDD1CD} - System32\Tasks\{00D7E840-C0EF-4BCB-AF65-9F0E0D638EFA} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {BCD4A7D1-1E8F-459D-B4DA-EBB425D04AC1} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
Task: {C1025E50-1FA6-479E-B0EC-A0827B107BCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {C31769DC-7D4C-4EE3-9E42-173936669B88} - System32\Tasks\{E764AAB2-291F-48CD-B5BD-C0F074FABA37} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe
Task: {C3ED11FF-B035-4C06-AA12-E761E82C3CC8} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
Task: {C45BEC25-938B-470E-A263-71EFA89A6586} - System32\Tasks\{919192AE-2B82-4672-84ED-4F0B300EC2A9} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe
Task: {C7E0359F-DFCB-4997-A59D-13A85664C928} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {C8FC9037-E815-4AD1-8E30-EE510BE21661} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {CDB18136-A53E-4E33-80C7-019561BCB908} - System32\Tasks\{D3A55335-6357-4820-8290-BEDFDCD19779} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {CEE6DC7A-B929-4C11-8F50-37E40C8124A8} - System32\Tasks\{6E78D882-B5AF-4FFD-8A61-470E12A4DB6C} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe
Task: {D432A645-12DD-4F5D-8E6E-5C13950A4C09} - System32\Tasks\{D59F5E6C-E026-45CF-A6A5-EE285B4651E3} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {D587C4C9-2802-4461-98C5-F7E342324E3D} - System32\Tasks\{CD6A54F4-1D52-4014-AC68-9D317A05E377} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlds.exe
Task: {DD02B20C-DCAF-4A08-90A0-2C5250E4CD35} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-31] (Adobe Systems Incorporated)
Task: {DEF3182D-F2E7-4D6F-A9F3-754FB140F5AB} - System32\Tasks\{8D938569-FD2F-47BE-963B-2C9E800CC5A8} => G:\Counter-Strike 1.6 Mini\hl.exe
Task: {E17173A3-FF46-46DC-BF6A-DFE3DF7805DF} - System32\Tasks\{8F52A8C5-B29D-42A9-B9EB-A0D204FA21D7} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {E43D9B6C-A128-4114-BD55-5A07D82C0B28} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E5516DA9-59FB-4EE3-9528-3AB55B56E25B} - System32\Tasks\{6D8E6FC0-2DEA-4C3E-AA72-953C10BC3BBD} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {E66B2770-2F36-4C33-B732-DCC188B000E1} - System32\Tasks\{9D2E3F92-3C44-4C34-BCB7-B53FF4011EAC} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {E9DA47F3-A900-4C32-A976-0052ED2EDE14} - System32\Tasks\{63522A55-1FF7-407D-9424-93010766DB64} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {EEA01C15-293D-40B8-8A80-2DD1D785011D} - System32\Tasks\{655A8288-41C6-4CC3-A365-1FCF3A6243BE} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {F1F695C3-8F31-4F85-9A04-F7CCDCB66B66} - System32\Tasks\{16A6CAEA-2E76-406C-900F-064FCEE11455} => C:\Program Files (x86)\Metro Last Light\MetroLL.exe
Task: {F5B14410-26A3-4B68-9D45-0863540AB0FD} - System32\Tasks\{5B91C125-B450-4E29-9851-F70F76C130BD} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlds.exe
Task: {FA490460-1196-4031-A312-F85D5F59834B} - System32\Tasks\{E9C8BB16-3278-45AF-B83B-10BDCFC219EE} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: {FC8B9057-7BA1-48A2-8EF7-B356680AB92A} - System32\Tasks\{4B7ADB9A-9409-4BC4-94DF-6364C4B3389D} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-09-30 17:03 - 2013-06-11 11:52 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2012-09-30 17:03 - 2013-07-09 13:12 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2012-05-01 04:01 - 2014-02-21 21:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-08 15:32 - 2012-01-08 15:32 - 00107720 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2012-01-08 15:32 - 2012-01-08 15:32 - 00809672 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2012-05-01 02:33 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-01 23:28 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.5.0.28\wincfi39.dll
2014-05-15 09:14 - 2014-05-08 01:29 - 00065352 _____ () C:\Users\Thomas\AppData\Local\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-15 09:14 - 2014-05-08 01:29 - 00674632 _____ () C:\Users\Thomas\AppData\Local\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-15 09:14 - 2014-05-08 01:29 - 00093000 _____ () C:\Users\Thomas\AppData\Local\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-15 09:14 - 2014-05-08 01:29 - 04081480 _____ () C:\Users\Thomas\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-15 09:14 - 2014-05-08 01:29 - 00390472 _____ () C:\Users\Thomas\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-15 09:14 - 2014-05-08 01:29 - 01647432 _____ () C:\Users\Thomas\AppData\Local\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: Guard.Mail.ru => 2
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: ICQ Service => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: nSvcIp => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech blank Produktregistrierung.lnk => C:\Windows\pss\Logitech blank Produktregistrierung.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: ESL Wire => "C:\Program Files\EslWire\wire.exe" --tray
MSCONFIG\startupreg: Google Update => "C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Spotify => "C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2014 10:27:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/14/2014 10:26:53 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/14/2014 10:25:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/14/2014 02:01:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotify.exe, Version 0.9.8.296 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: de8
Startzeit: 01cf6f530ef7eee0
Endzeit: 24
Anwendungspfad: C:\Users\Thomas\AppData\Roaming\Spotify\spotify.exe
Berichts-ID: 7086bfb1-db5f-11e3-bcb9-7071bcb8416c
Error: (05/13/2014 00:59:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/13/2014 00:58:54 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/13/2014 00:58:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/12/2014 08:23:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm pcsx2-r5875.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6ac
Startzeit: 01cf6daaaab9d4d8
Endzeit: 12
Anwendungspfad: C:\Program Files (x86)\PCSX2 1.2.1\pcsx2-r5875.exe
Berichts-ID: f1cab389-d99d-11e3-b5bf-7071bcb8416c
Error: (05/12/2014 02:57:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/12/2014 02:57:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (05/12/2014 03:20:04 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/11/2014 10:02:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/20/2014 07:14:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/20/2014 07:10:51 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/20/2014 07:10:51 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/20/2014 10:30:22 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Komponente: AMD Northbridge
Fehlerquelle: 3
Fehlertyp: 2
Prozessor-ID: 0
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (04/18/2014 10:34:18 AM) (Source: volsnap) (EventID: 25) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.
Error: (04/18/2014 00:20:21 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.
Error: (04/18/2014 00:20:21 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.
Error: (04/18/2014 00:20:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.
Microsoft Office Sessions:
=========================
Error: (05/14/2014 10:27:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (05/14/2014 10:26:53 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (05/14/2014 10:25:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe
Error: (05/14/2014 02:01:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotify.exe0.9.8.296de801cf6f530ef7eee024C:\Users\Thomas\AppData\Roaming\Spotify\spotify.exe7086bfb1-db5f-11e3-bcb9-7071bcb8416c
Error: (05/13/2014 00:59:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (05/13/2014 00:58:54 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (05/13/2014 00:58:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe
Error: (05/12/2014 08:23:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: pcsx2-r5875.exe0.0.0.06ac01cf6daaaab9d4d812C:\Program Files (x86)\PCSX2 1.2.1\pcsx2-r5875.exef1cab389-d99d-11e3-b5bf-7071bcb8416c
Error: (05/12/2014 02:57:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (05/12/2014 02:57:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
CodeIntegrity Errors:
===================================
Date: 2013-07-20 11:40:23.688
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-07-20 11:40:23.610
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-12 17:27:41.060
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Thomas\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-12 17:27:41.007
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Thomas\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-12 17:27:40.709
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-12 17:27:40.657
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-12 13:36:06.344
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-12 13:36:06.289
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-12 13:21:39.308
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-12 13:21:39.215
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 6143.3 MB
Available physical RAM: 3523.43 MB
Total Pagefile: 12284.79 MB
Available Pagefile: 9761.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.82 GB) (Free:280.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:13.6 GB) (Free:1.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 6D6010DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.05.2014, 11:13
| #4 |
| /// the machine /// TB-Ausbilder | widevinecdmadapter.dll gefährlich? Die Datei gehört zu Google und ist sauber, trotzdem ist da en bissl Arbeit auf dem Rechner. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.05.2014, 14:37
| #5 |
| | widevinecdmadapter.dll gefährlich?Code:
ATTFilter ComboFix 14-05-16.01 - Thomas 16.05.2014 15:25:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6143.4174 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Downloads\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 Online *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Online *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\update.exe
c:\windows\apppatch\AppLoc.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-16 bis 2014-05-16 ))))))))))))))))))))))))))))))
.
.
2014-05-16 13:33 . 2014-05-16 13:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-16 13:33 . 2014-05-16 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-15 13:35 . 2014-05-15 13:35 -------- d-----w- c:\program files (x86)\Zombie Studios
2014-05-14 22:10 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 22:10 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 22:10 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 22:10 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-12 06:28 . 2014-05-12 06:28 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2014-05-11 20:26 . 2014-05-11 20:26 -------- d-sh--w- c:\programdata\DSS
2014-05-11 20:26 . 2014-05-11 20:26 -------- d-----w- c:\users\Thomas\AppData\Roaming\Lionhead Studios
2014-05-10 08:52 . 2014-05-10 08:52 -------- d-----w- c:\program files\Adobe
2014-05-10 08:47 . 2014-05-10 08:47 -------- d-----w- c:\program files (x86)\Adobe Media Player
2014-05-10 08:45 . 2014-05-10 08:45 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-05-09 12:40 . 2014-05-09 12:40 -------- d-----w- c:\users\Thomas\AppData\Local\WebPlayer
2014-05-08 07:10 . 2014-05-08 07:10 -------- d-----w- c:\users\Thomas\AppData\Roaming\Curse
2014-05-06 18:55 . 2014-05-15 06:32 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 16:56 . 2014-05-06 16:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-05-03 11:31 . 2014-05-03 11:31 -------- d-sh--w- c:\users\Thomas\AppData\Local\EmieUserList
2014-05-03 11:31 . 2014-05-03 11:31 -------- d-sh--w- c:\users\Thomas\AppData\Local\EmieSiteList
2014-05-02 20:57 . 2014-05-02 20:57 -------- d-----w- c:\users\Thomas\AppData\Local\Skype
2014-05-02 20:57 . 2014-05-02 20:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-02 20:57 . 2014-05-02 20:57 -------- d-----r- c:\program files (x86)\Skype
2014-05-02 09:56 . 2014-05-15 19:51 -------- d-----w- c:\users\Thomas\AppData\Roaming\.minecraft
2014-05-02 07:52 . 2014-05-02 09:44 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-05-01 21:28 . 2014-05-12 15:06 -------- d-----w- c:\windows\system32\drivers\N360x64\1405000.01C
2014-04-29 18:54 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-29 18:54 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-29 18:54 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-04-20 16:56 . 2013-05-15 06:22 937984 ----a-w- c:\windows\system32\rads.dll
2014-04-18 07:58 . 2014-04-18 07:58 -------- d-----w- c:\users\Thomas\aTubeCatcher
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 22:08 . 2012-04-30 22:49 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-05 13:42 . 2014-05-05 13:42 2209528 ----a-w- C:\VirtualDub-1.10.4-AMD64.zip
2014-04-16 10:52 . 2012-05-01 02:02 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-16 10:52 . 2012-05-01 02:01 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-17 14:44 . 2014-03-17 14:44 875472 ----a-w- c:\program files (x86)\msvcr110.dll
2014-03-17 14:44 . 2014-03-17 14:44 830976 ----a-w- c:\program files (x86)\Qt5Network.dll
2014-03-17 14:44 . 2014-03-17 14:44 535008 ----a-w- c:\program files (x86)\msvcp110.dll
2014-03-17 14:44 . 2014-03-17 14:44 4602880 ----a-w- c:\program files (x86)\Qt5Core.dll
2014-03-17 14:44 . 2014-03-17 14:44 4380160 ----a-w- c:\program files (x86)\Qt5Widgets.dll
2014-03-17 14:44 . 2014-03-17 14:44 2860032 ----a-w- c:\program files (x86)\Qt5Gui.dll
2014-03-17 14:44 . 2014-03-17 14:44 269824 ----a-w- c:\program files (x86)\ssleay32.dll
2014-03-17 14:44 . 2014-03-17 14:44 171008 ----a-w- c:\program files (x86)\Qt5Sql.dll
2014-03-17 14:44 . 2014-03-17 14:44 148480 ----a-w- c:\program files (x86)\quazip.dll
2014-03-17 14:44 . 2014-03-17 14:44 1175552 ----a-w- c:\program files (x86)\libeay32.dll
2014-03-17 14:44 . 2013-09-16 13:56 1060128 ----a-w- c:\program files (x86)\OverwolfTeamSpeakInstaller.exe
2014-03-17 14:44 . 2012-04-20 09:18 9266120 ----a-w- c:\program files (x86)\ts3client_win32.exe
2014-03-17 14:44 . 2012-04-20 09:18 231368 ----a-w- c:\program files (x86)\package_inst.exe
2014-03-17 14:44 . 2012-04-20 09:18 200648 ----a-w- c:\program files (x86)\error_report.exe
2014-03-04 09:44 . 2014-04-09 09:38 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 09:38 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 09:38 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 09:38 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 09:38 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 09:38 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 09:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 09:38 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 09:38 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 09:38 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 09:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-03-04 07:37 . 2014-03-07 15:25 226 ----a-w- c:\program files (x86)\update-southpark.bat
2014-02-21 22:08 . 2012-05-01 02:02 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-02-21 19:11 . 2012-05-01 02:01 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-04 20:39 . 2014-02-07 18:19 82 ----a-w- c:\program files (x86)\update-Outlast.bat
2013-03-25 18:33 . 2013-04-05 10:28 84 ----a-w- c:\program files (x86)\update-bioshock_Inf.bat
2013-03-05 20:49 . 2012-10-23 15:09 187904 ----a-w- c:\program files (x86)\QtSql4.dll
2013-03-05 20:49 . 2012-04-20 09:18 856576 ----a-w- c:\program files (x86)\QtNetwork4.dll
2013-03-05 20:49 . 2012-04-20 09:18 8040960 ----a-w- c:\program files (x86)\QtGui4.dll
2013-03-05 20:49 . 2012-04-20 09:18 2449408 ----a-w- c:\program files (x86)\QtCore4.dll
2012-11-03 12:57 . 2013-01-17 17:02 83 ----a-w- c:\program files (x86)\update-Conviction.bat
2012-07-03 14:41 . 2012-06-21 21:05 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
2012-06-21 17:39 . 2012-04-20 09:18 110106 ----a-w- c:\program files (x86)\createfileassoc.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
2011-10-31 11:02 81920 ----a-w- c:\program files (x86)\atube\atubeX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bfc39e47-d643-4dc2-aa1d-61377501c844}"= "c:\program files (x86)\atube\atubeX.dll" [2011-10-31 81920]
.
[HKEY_CLASSES_ROOT\clsid\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-15 1176632]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-05-18 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys;c:\program files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tizekdrv;tizekdrv;c:\users\Thomas\AppData\Roaming\TZAC\tizek64.sys;c:\users\Thomas\AppData\Roaming\TZAC\tizek64.sys [x]
R3 tizeqdrv;tizeqdrv;c:\users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys;c:\users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140515.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140515.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1405000.01C\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 17:36]
.
2014-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job
- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09 15:55]
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job
- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09 15:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-SP_5dec30d7 - c:\program files (x86)\ZoomEx\uninstall.exe
AddRemove-TeamSpeak 3 Client - c:\program files (x86)\uninstall.exe
AddRemove-{319E272A-B5DB-4939-99D0-1F1F0C55699E} - c:\program files (x86)\InstallShield Installation Information\{319E272A-B5DB-4939-99D0-1F1F0C55699E}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-16 15:35:26
ComboFix-quarantined-files.txt 2014-05-16 13:35
ComboFix2.txt 2013-07-20 11:36
.
Vor Suchlauf: 24 Verzeichnis(se), 344.520.757.248 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 355.061.870.592 Bytes frei
.
- - End Of File - - EE51748185931317BE7F55F7404ADCBF
9C21F523E72C7EDF0A4D5F9DDDCC5E3C
|
|
17.05.2014, 13:40
| #6 |
| /// the machine /// TB-Ausbilder | widevinecdmadapter.dll gefährlich? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> widevinecdmadapter.dll gefährlich? |
|
17.05.2014, 16:56
| #7 |
| | widevinecdmadapter.dll gefährlich?Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.05.2014 Suchlauf-Zeit: 17:33:20 Logdatei: asd.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.17.09 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Thomas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 282411 Verstrichene Zeit: 11 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bicnnkjibmphdeigoodpjlcklcnaobdj, In Quarantäne, [3a4351012f4c84b2f57b008e2fd3aa56], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 2 PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy, In Quarantäne, [0a7375dd760549edf154521f12f009f7], PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy\5F3032BCBF304FC6B05AE7E0B0354CA2, In Quarantäne, [0a7375dd760549edf154521f12f009f7], Dateien: 3 PUP.Optional.Conduit.A, C:\Users\Thomas\AppData\Roaming\OpenCandy\5F3032BCBF304FC6B05AE7E0B0354CA2\mconduitinstaller.exe, In Quarantäne, [b3cabe94c9b210261e84c45a38c8837d], PUP.Optional.SweetIM, C:\Windows\Installer\12d5f7e.msi, In Quarantäne, [fd80ec6698e356e0068bc8a71fe59868], PUP.Optional.SweetIM, C:\Windows\Installer\12d5f84.msi, In Quarantäne, [dca1aba781fafd39038e204f3ec609f7], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 17/05/2014 um 17:41:09
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Thomas - THOMAS-HP
# Gestartet von : C:\Users\Thomas\Downloads\adwcleaner_3.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Thomas\Documents\PC Speed Maximizer
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qvo6.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_5dec30d7
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_atube-catcher_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_atube-catcher_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bittorrent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bittorrent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slender_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slender_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Webplayer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\hdcode
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v
-\\ Google Chrome v
[ Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=116210&tt=4712_6&babsrc=SP_ss&mntrId=c411a0ec0000000000007071bcb8416c
Gelöscht [Search Provider] : hxxp://searchab.com/?aff=7&uid=b9651e40-5daf-11e2-bc63-7071bcb8416c&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119779&tt=gc_&babsrc=SP_ss&mntrId=C4117071BCB8416C
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
*************************
AdwCleaner[R0].txt - [4629 octets] - [17/05/2014 17:40:03]
AdwCleaner[S0].txt - [4398 octets] - [17/05/2014 17:41:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4458 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Thomas on 17.05.2014 at 17:47:50,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355305536}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355555578}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366306636}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366556678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355555578}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366556678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA88498B-E5A1-49F1-8F5C-6EC89AAE1FB6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1797871B-E061-4F91-8041-7DE27A1F01E0}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.05.2014 at 17:51:22,70
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Thomas (administrator) on THOMAS-HP on 17-05-2014 17:53:21
Running from C:\Users\Thomas\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5889816 2011-12-07] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {1797871B-E061-4F91-8041-7DE27A1F01E0} URL =
SearchScopes: HKCU - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {DB6A597B-B576-4AAD-A5F8-8ED658837C60} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-12-02] (EasyBits Software Corp.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml
FF Extension: HDvid Codec - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi [2013-04-17]
FF Extension: Torntv 3 - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013-10-09]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-28]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google-Suche) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (AdBlock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-04]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-12] ()
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4135800 2011-05-15] (INCA Internet Co., Ltd.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-21] ()
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-01-14] (<Turtle Entertainment>)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-10-24] (Logitech Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140516.016\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140516.016\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 tizekdrv; C:\Users\Thomas\AppData\Roaming\TZAC\tizek64.sys [241848 2012-05-01] ()
S3 tizeqdrv; C:\Users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-06-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Program Files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-17 17:53 - 2014-05-17 17:53 - 00000000 ____D () C:\Users\Thomas\Downloads\FRST-OlderVersion
2014-05-17 17:44 - 2014-05-17 17:44 - 01016261 _____ (Thisisu) C:\Users\Thomas\Downloads\JRT.exe
2014-05-17 17:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-17 17:39 - 2014-05-17 17:41 - 00000000 ____D () C:\AdwCleaner
2014-05-17 17:37 - 2014-05-17 17:37 - 01325827 _____ () C:\Users\Thomas\Downloads\adwcleaner_3.208.exe
2014-05-17 17:21 - 2014-05-17 17:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 17:21 - 2014-05-17 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-17 17:21 - 2014-05-17 17:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-17 17:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 17:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 17:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 17:19 - 2014-05-17 17:20 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 10:29 - 2014-05-17 10:29 - 00000000 ____D () C:\Users\Thomas\Desktop\DreadOut-CODEX
2014-05-17 10:27 - 2014-05-17 10:27 - 00237433 _____ () C:\Users\Thomas\Downloads\[kickass.to]dreadout.codex (1).torrent
2014-05-16 16:38 - 2014-05-16 16:38 - 00237433 _____ () C:\Users\Thomas\Downloads\[kickass.to]dreadout.codex.torrent
2014-05-16 15:35 - 2014-05-16 15:35 - 00025693 _____ () C:\ComboFix.txt
2014-05-16 15:20 - 2014-05-16 15:21 - 05200990 ____R (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe
2014-05-16 13:23 - 2014-05-16 13:23 - 00003080 _____ () C:\{065CBA12-259C-4AF9-95B2-3DCA78C52D71}
2014-05-15 21:43 - 2014-05-15 21:43 - 00066321 _____ () C:\Users\Thomas\Downloads\SEUS-v10.1-Ultra.zip
2014-05-15 21:39 - 2014-05-15 21:39 - 00186201 _____ () C:\Users\Thomas\Downloads\ShadersModCore-v2.2.2-mc1.6.4-f965.jar
2014-05-15 21:31 - 2014-05-15 21:32 - 02269863 _____ () C:\Users\Thomas\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2014-05-15 21:21 - 2014-05-15 21:21 - 02771496 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1082-installer-win.exe
2014-05-15 21:19 - 2014-05-15 21:21 - 11122883 _____ () C:\Users\Thomas\Downloads\LifeInTheWoodsBasic.zip
2014-05-15 16:36 - 2014-05-15 16:36 - 00000000 ____D () C:\Users\Thomas\Documents\Daylight
2014-05-15 15:35 - 2014-05-15 15:35 - 00000000 ____D () C:\Program Files (x86)\Zombie Studios
2014-05-15 14:24 - 2014-05-15 14:25 - 00060655 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-05-15 14:18 - 2014-05-17 17:53 - 00015521 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-05-15 14:17 - 2014-05-17 17:53 - 02067456 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-05-15 00:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 00:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 00:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 00:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 00:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 00:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:59 - 2014-05-14 22:59 - 00025247 _____ () C:\Users\Thomas\Downloads\[kickass.to]daylight.skidrow.torrent
2014-05-14 10:47 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:47 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:47 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:47 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:47 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:47 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 10:47 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 10:47 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 10:47 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:47 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:47 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 10:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 10:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 10:47 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 00:02 - 2014-05-14 00:58 - 171591140 _____ () C:\Users\Thomas\Downloads\prpi_rog.rar
2014-05-13 12:58 - 2014-05-13 12:58 - 00012265 _____ () C:\Users\Thomas\Downloads\van_helsing_movie.zip
2014-05-13 12:56 - 2014-05-13 12:56 - 00013804 _____ () C:\Users\Thomas\Downloads\dishonor.zip
2014-05-12 17:06 - 2014-05-12 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-12 12:29 - 2014-05-12 12:29 - 00026695 _____ () C:\Users\Thomas\Downloads\p.txt
2014-05-12 08:34 - 2014-05-12 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2014-05-12 08:28 - 2014-05-12 08:28 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks
2014-05-11 23:07 - 2014-05-11 23:07 - 00015028 _____ () C:\Users\Thomas\Downloads\[kickass.to]dishonored.skidrow.torrent
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 __SHD () C:\ProgramData\DSS
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Lionhead Studios
2014-05-11 14:03 - 2014-05-11 14:03 - 00039185 _____ () C:\Users\Thomas\Downloads\[kickass.to]fable.iii.skidrow.fable.3.torrent
2014-05-11 13:32 - 2014-05-11 13:32 - 00001433 _____ () C:\Users\Thomas\Documents\Dragon Age Origins EP1.log
2014-05-10 10:52 - 2014-05-10 10:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2014-05-10 10:52 - 2014-05-10 10:52 - 00000000 ____D () C:\Program Files\Adobe
2014-05-10 10:51 - 2014-05-10 10:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001268 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-05-10 10:45 - 2014-05-10 10:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-10 10:28 - 2014-05-10 10:28 - 00041935 _____ () C:\Users\Thomas\Downloads\[kickass.to]antichamber.v1.0.steam.rip.cracked.richvsm.torrent
2014-05-09 22:39 - 2014-05-09 22:39 - 00099798 _____ () C:\Users\Thomas\Downloads\[kickass.to]ether.one.codex.torrent
2014-05-09 13:56 - 2014-05-09 13:56 - 00803691 _____ () C:\Users\Thomas\Downloads\OptiFine 1.7.4.jar
2014-05-09 13:46 - 2014-05-09 13:46 - 00811462 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.2_HD_U_D1.jar
2014-05-08 12:50 - 2014-05-08 12:59 - 141152949 _____ () C:\Users\Thomas\Downloads\voikol.rar
2014-05-08 09:10 - 2014-05-08 09:10 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Curse
2014-05-08 09:08 - 2014-05-08 09:09 - 37746736 _____ (Curse) C:\Users\Thomas\Downloads\CurseClientSetup.exe
2014-05-06 20:55 - 2014-05-15 08:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:39 - 2014-05-06 19:39 - 00008902 _____ () C:\Users\Thomas\Downloads\minecrafter.zip
2014-05-06 19:36 - 2014-05-06 19:36 - 00202293 _____ () C:\Users\Thomas\Downloads\survival_horror.zip
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-05 15:42 - 2014-05-05 15:42 - 02209528 _____ () C:\VirtualDub-1.10.4-AMD64.zip
2014-05-05 15:41 - 2014-05-05 15:41 - 00613200 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\VirtualDub 64 Bit - CHIP-Downloader.exe
2014-05-04 13:52 - 2014-05-04 13:52 - 00000019 _____ () C:\Users\Thomas\Desktop\mc mein haus.txt
2014-05-04 13:48 - 2014-05-04 13:52 - 166667606 _____ () C:\Users\Thomas\Downloads\TrailerVARO2.MP4
2014-05-04 01:01 - 2014-05-04 01:01 - 00018072 _____ () C:\Users\Thomas\Downloads\[kickass.to]prinz.pi.rebell.ohne.grund.de.2011.ysp.torrent
2014-05-03 18:03 - 2014-05-03 18:03 - 02723770 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1060-installer.jar
2014-05-03 18:02 - 2014-05-03 18:02 - 00814735 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-02 21:04 - 2014-05-02 21:04 - 00003398 _____ () C:\Windows\System32\Tasks\{13A7F5EA-CEE8-4E1C-A269-E6A21785CD33}
2014-05-02 12:47 - 2014-05-02 12:47 - 02347187 _____ () C:\Users\Thomas\Downloads\mcpatcher-4.3.2_02.exe
2014-05-02 12:37 - 2014-05-02 12:39 - 10211806 _____ () C:\Users\Thomas\Downloads\willpack3.zip
2014-05-02 11:56 - 2014-05-15 21:51 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\.minecraft
2014-05-02 09:52 - 2014-05-02 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-29 20:54 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 20:54 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 20:53 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 20:53 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 20:53 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 20:53 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 20:53 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 20:53 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 20:53 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 20:53 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 20:53 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 20:53 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 20:53 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 20:53 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 20:53 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 20:53 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 20:53 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 20:53 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 20:53 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 20:53 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 20:53 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 20:53 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 20:53 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 20:53 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 20:53 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 20:53 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 20:53 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 20:53 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 20:53 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 20:53 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 20:53 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 20:53 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 20:53 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 20:53 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 20:53 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 20:53 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 20:53 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 20:53 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 20:53 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 20:53 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 20:53 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 20:53 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 20:53 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 20:53 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 18:56 - 2013-05-15 08:22 - 00937984 _____ () C:\Windows\system32\rads.dll
2014-04-18 15:58 - 2014-04-26 11:22 - 00000000 ____D () C:\Users\Thomas\Desktop\IWBT8b
2014-04-18 09:58 - 2014-04-18 09:58 - 00000000 ____D () C:\Users\Thomas\aTubeCatcher
2014-04-18 09:57 - 2014-04-18 09:57 - 00001192 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-04-18 09:57 - 2014-04-18 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
==================== One Month Modified Files and Folders =======
2014-05-17 17:53 - 2014-05-17 17:53 - 00000000 ____D () C:\Users\Thomas\Downloads\FRST-OlderVersion
2014-05-17 17:53 - 2014-05-15 14:18 - 00015521 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-05-17 17:53 - 2014-05-15 14:17 - 02067456 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-05-17 17:53 - 2013-07-19 16:01 - 00000000 ____D () C:\FRST
2014-05-17 17:47 - 2013-02-10 02:00 - 00055447 _____ () C:\Windows\setupact.log
2014-05-17 17:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 17:46 - 2010-12-02 02:12 - 01447940 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 17:46 - 2009-07-14 06:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 17:46 - 2009-07-14 06:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 17:44 - 2014-05-17 17:44 - 01016261 _____ (Thisisu) C:\Users\Thomas\Downloads\JRT.exe
2014-05-17 17:42 - 2013-02-11 17:44 - 00686830 _____ () C:\Windows\PFRO.log
2014-05-17 17:42 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-17 17:41 - 2014-05-17 17:39 - 00000000 ____D () C:\AdwCleaner
2014-05-17 17:41 - 2012-05-12 10:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-17 17:37 - 2014-05-17 17:37 - 01325827 _____ () C:\Users\Thomas\Downloads\adwcleaner_3.208.exe
2014-05-17 17:35 - 2014-05-17 17:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 17:34 - 2012-05-15 16:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\BitTorrent
2014-05-17 17:28 - 2012-05-19 19:24 - 00000000 ____D () C:\Users\Thomas\AppData\Local\PMB Files
2014-05-17 17:21 - 2014-05-17 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-17 17:21 - 2014-05-17 17:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-17 17:21 - 2013-07-19 12:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 17:20 - 2014-05-17 17:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 17:18 - 2012-10-01 19:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-05-17 17:03 - 2012-11-09 17:55 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job
2014-05-17 16:35 - 2012-05-01 00:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 13:32 - 2012-05-19 19:24 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-17 11:13 - 2014-02-06 21:28 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-05-17 10:29 - 2014-05-17 10:29 - 00000000 ____D () C:\Users\Thomas\Desktop\DreadOut-CODEX
2014-05-17 10:27 - 2014-05-17 10:27 - 00237433 _____ () C:\Users\Thomas\Downloads\[kickass.to]dreadout.codex (1).torrent
2014-05-16 20:03 - 2012-11-09 17:55 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job
2014-05-16 16:38 - 2014-05-16 16:38 - 00237433 _____ () C:\Users\Thomas\Downloads\[kickass.to]dreadout.codex.torrent
2014-05-16 16:26 - 2012-05-01 00:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-16 15:35 - 2014-05-16 15:35 - 00025693 _____ () C:\ComboFix.txt
2014-05-16 15:35 - 2013-07-20 11:26 - 00000000 ____D () C:\Qoobox
2014-05-16 15:33 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 15:21 - 2014-05-16 15:20 - 05200990 ____R (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe
2014-05-16 14:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 13:23 - 2014-05-16 13:23 - 00003080 _____ () C:\{065CBA12-259C-4AF9-95B2-3DCA78C52D71}
2014-05-15 22:05 - 2012-08-13 17:03 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify
2014-05-15 21:51 - 2014-05-02 11:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\.minecraft
2014-05-15 21:43 - 2014-05-15 21:43 - 00066321 _____ () C:\Users\Thomas\Downloads\SEUS-v10.1-Ultra.zip
2014-05-15 21:39 - 2014-05-15 21:39 - 00186201 _____ () C:\Users\Thomas\Downloads\ShadersModCore-v2.2.2-mc1.6.4-f965.jar
2014-05-15 21:32 - 2014-05-15 21:31 - 02269863 _____ () C:\Users\Thomas\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2014-05-15 21:21 - 2014-05-15 21:21 - 02771496 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1082-installer-win.exe
2014-05-15 21:21 - 2014-05-15 21:19 - 11122883 _____ () C:\Users\Thomas\Downloads\LifeInTheWoodsBasic.zip
2014-05-15 20:30 - 2012-08-13 17:03 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify
2014-05-15 19:54 - 2012-12-10 21:54 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\SoftGrid Client
2014-05-15 16:36 - 2014-05-15 16:36 - 00000000 ____D () C:\Users\Thomas\Documents\Daylight
2014-05-15 16:36 - 2012-06-05 23:41 - 00000000 ____D () C:\Users\Thomas\AppData\Local\SKIDROW
2014-05-15 15:57 - 2014-04-02 21:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-15 15:35 - 2014-05-15 15:35 - 00000000 ____D () C:\Program Files (x86)\Zombie Studios
2014-05-15 14:25 - 2014-05-15 14:24 - 00060655 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-05-15 08:36 - 2012-04-30 23:14 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:36 - 2012-04-30 23:14 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:32 - 2014-05-06 20:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 00:09 - 2013-08-14 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 00:08 - 2012-05-01 00:49 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:59 - 2014-05-14 22:59 - 00025247 _____ () C:\Users\Thomas\Downloads\[kickass.to]daylight.skidrow.torrent
2014-05-14 10:37 - 2013-02-10 01:19 - 00069088 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-14 10:36 - 2013-02-11 17:44 - 04858760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 00:58 - 2014-05-14 00:02 - 171591140 _____ () C:\Users\Thomas\Downloads\prpi_rog.rar
2014-05-14 00:55 - 2010-12-02 02:37 - 00699876 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 00:55 - 2010-12-02 02:37 - 00149758 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 00:55 - 2009-07-14 07:13 - 01622022 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 12:58 - 2014-05-13 12:58 - 00012265 _____ () C:\Users\Thomas\Downloads\van_helsing_movie.zip
2014-05-13 12:56 - 2014-05-13 12:56 - 00013804 _____ () C:\Users\Thomas\Downloads\dishonor.zip
2014-05-12 17:06 - 2014-05-12 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-12 17:06 - 2013-06-30 08:37 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-12 17:06 - 2013-06-30 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-12 17:06 - 2013-06-30 08:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-12 12:29 - 2014-05-12 12:29 - 00026695 _____ () C:\Users\Thomas\Downloads\p.txt
2014-05-12 08:39 - 2012-07-20 19:08 - 00000000 ____D () C:\Users\Thomas\Documents\My Games
2014-05-12 08:34 - 2014-05-12 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2014-05-12 08:28 - 2014-05-12 08:28 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks
2014-05-11 23:07 - 2014-05-11 23:07 - 00015028 _____ () C:\Users\Thomas\Downloads\[kickass.to]dishonored.skidrow.torrent
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 __SHD () C:\ProgramData\DSS
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Lionhead Studios
2014-05-11 22:24 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-11 19:47 - 2012-05-01 00:04 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\TS3Client
2014-05-11 14:03 - 2014-05-11 14:03 - 00039185 _____ () C:\Users\Thomas\Downloads\[kickass.to]fable.iii.skidrow.fable.3.torrent
2014-05-11 13:32 - 2014-05-11 13:32 - 00001433 _____ () C:\Users\Thomas\Documents\Dragon Age Origins EP1.log
2014-05-11 11:09 - 2012-06-25 13:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2014-05-10 11:11 - 2013-07-07 20:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-05-10 10:52 - 2014-05-10 10:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2014-05-10 10:52 - 2014-05-10 10:52 - 00000000 ____D () C:\Program Files\Adobe
2014-05-10 10:52 - 2012-06-25 13:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-10 10:51 - 2014-05-10 10:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2014-05-10 10:50 - 2012-06-25 13:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-10 10:48 - 2014-05-10 10:48 - 00001268 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-05-10 10:47 - 2012-06-25 13:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-10 10:47 - 2012-04-30 23:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Adobe
2014-05-10 10:45 - 2014-05-10 10:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-10 10:28 - 2014-05-10 10:28 - 00041935 _____ () C:\Users\Thomas\Downloads\[kickass.to]antichamber.v1.0.steam.rip.cracked.richvsm.torrent
2014-05-09 22:39 - 2014-05-09 22:39 - 00099798 _____ () C:\Users\Thomas\Downloads\[kickass.to]ether.one.codex.torrent
2014-05-09 13:56 - 2014-05-09 13:56 - 00803691 _____ () C:\Users\Thomas\Downloads\OptiFine 1.7.4.jar
2014-05-09 13:46 - 2014-05-09 13:46 - 00811462 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.2_HD_U_D1.jar
2014-05-09 08:14 - 2014-05-14 10:47 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 10:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:58 - 2012-11-09 17:55 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA
2014-05-08 19:58 - 2012-11-09 17:55 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core
2014-05-08 12:59 - 2014-05-08 12:50 - 141152949 _____ () C:\Users\Thomas\Downloads\voikol.rar
2014-05-08 09:10 - 2014-05-08 09:10 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Curse
2014-05-08 09:09 - 2014-05-08 09:08 - 37746736 _____ (Curse) C:\Users\Thomas\Downloads\CurseClientSetup.exe
2014-05-06 19:39 - 2014-05-06 19:39 - 00008902 _____ () C:\Users\Thomas\Downloads\minecrafter.zip
2014-05-06 19:36 - 2014-05-06 19:36 - 00202293 _____ () C:\Users\Thomas\Downloads\survival_horror.zip
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-06 06:40 - 2014-05-15 00:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 00:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 00:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 00:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 15:42 - 2014-05-05 15:42 - 02209528 _____ () C:\VirtualDub-1.10.4-AMD64.zip
2014-05-05 15:41 - 2014-05-05 15:41 - 00613200 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\VirtualDub 64 Bit - CHIP-Downloader.exe
2014-05-04 13:52 - 2014-05-04 13:52 - 00000019 _____ () C:\Users\Thomas\Desktop\mc mein haus.txt
2014-05-04 13:52 - 2014-05-04 13:48 - 166667606 _____ () C:\Users\Thomas\Downloads\TrailerVARO2.MP4
2014-05-04 01:01 - 2014-05-04 01:01 - 00018072 _____ () C:\Users\Thomas\Downloads\[kickass.to]prinz.pi.rebell.ohne.grund.de.2011.ysp.torrent
2014-05-03 18:03 - 2014-05-03 18:03 - 02723770 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1060-installer.jar
2014-05-03 18:02 - 2014-05-03 18:02 - 00814735 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-02 22:57 - 2012-10-01 19:15 - 00000000 ____D () C:\ProgramData\Skype
2014-05-02 21:04 - 2014-05-02 21:04 - 00003398 _____ () C:\Windows\System32\Tasks\{13A7F5EA-CEE8-4E1C-A269-E6A21785CD33}
2014-05-02 12:47 - 2014-05-02 12:47 - 02347187 _____ () C:\Users\Thomas\Downloads\mcpatcher-4.3.2_02.exe
2014-05-02 12:39 - 2014-05-02 12:37 - 10211806 _____ () C:\Users\Thomas\Downloads\willpack3.zip
2014-05-02 12:01 - 2012-05-06 12:39 - 00000000 ____D () C:\Users\Thomas\Desktop\.minecraft
2014-05-02 11:44 - 2014-05-02 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 06:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-26 11:22 - 2014-04-18 15:58 - 00000000 ____D () C:\Users\Thomas\Desktop\IWBT8b
2014-04-20 19:10 - 2013-01-31 17:14 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-04-18 16:59 - 2013-10-11 18:35 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Battle.net
2014-04-18 16:40 - 2013-05-26 12:36 - 00000000 ____D () C:\Users\Thomas\Documents\StarCraft II
2014-04-18 16:24 - 2013-05-26 12:36 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-04-18 16:21 - 2013-12-19 16:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-18 16:20 - 2012-06-14 17:28 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-04-18 09:58 - 2014-04-18 09:58 - 00000000 ____D () C:\Users\Thomas\aTubeCatcher
2014-04-18 09:58 - 2012-04-30 23:06 - 00000000 ____D () C:\Users\Thomas
2014-04-18 09:57 - 2014-04-18 09:57 - 00001192 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-04-18 09:57 - 2014-04-18 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-04-18 09:57 - 2012-05-04 16:25 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-14 10:47] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 00:48
==================== End Of Log ============================
|
|
18.05.2014, 18:40
| #8 |
| /// the machine /// TB-Ausbilder | widevinecdmadapter.dll gefährlich?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.05.2014, 18:46
| #9 |
| | widevinecdmadapter.dll gefährlich?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=248009b49791e24d8aeb0aaad57a096b
# engine=14518
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-24 08:23:41
# local_time=2013-07-24 10:23:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 91 815265 125359917 0 0
# compatibility_mode=5893 16776574 100 94 288486 126327271 0 0
# scanned=321565
# found=1
# cleaned=0
# scan_time=9715
sh=0FC145D539EF7A2D88FA76DE573B25AB9EB2A317 ft=1 fh=0484962387c0b26c vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="C:\Program Files (x86)\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=248009b49791e24d8aeb0aaad57a096b
# engine=18318
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-19 12:51:59
# local_time=2014-05-19 02:51:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 91 596714 151166415 0 0
# compatibility_mode=5893 16776574 100 94 26094984 152133769 0 0
# scanned=481313
# found=8
# cleaned=0
# scan_time=15894
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=F09DA095FDEAD89620A223E33158B8AA40A91E36 ft=1 fh=c71c00112a4f2ec8 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\atube\atubeX.dll"
sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="möglicherweise Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\atube\dtUser.exe"
sh=F283BA90F5C7710321711E43AE35F3ECA94F5DEB ft=1 fh=c71c0011b5826bb0 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\atube\searchresultstb.dll"
sh=29274A418819B26EB50A5A268E301D3E779A6952 ft=1 fh=f147a226b1f08d88 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="C:\Program Files (x86)\DreadOut\steam_api64.dll"
sh=0FC145D539EF7A2D88FA76DE573B25AB9EB2A317 ft=1 fh=0484962387c0b26c vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="C:\Program Files (x86)\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
sh=5AA1211996A26B542E74E80478C973E7A983DF61 ft=1 fh=8938abce549bf6da vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Downloads\PDF24 Creator - CHIP-Downloader.exe"
sh=ED8C7A9582B9DD4CEAAB90CF4B601DB4C09296AA ft=1 fh=dd6735aa4ed59158 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Downloads\VirtualDub 64 Bit - CHIP-Downloader.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=248009b49791e24d8aeb0aaad57a096b
# engine=18321
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-19 05:36:44
# local_time=2014-05-19 07:36:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 91 613799 151183500 0 0
# compatibility_mode=5893 16776574 100 94 26112069 152150854 0 0
# scanned=534685
# found=2
# cleaned=0
# scan_time=16829
sh=29274A418819B26EB50A5A268E301D3E779A6952 ft=1 fh=f147a226b1f08d88 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="C:\Program Files (x86)\DreadOut\steam_api64.dll"
sh=0FC145D539EF7A2D88FA76DE573B25AB9EB2A317 ft=1 fh=0484962387c0b26c vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="C:\Program Files (x86)\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Norton 360 Online
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.0
Java(TM) 7 Update 4
Java version out of Date!
Adobe Flash Player 11.2.202.233 Flash Player out of Date!
Mozilla Thunderbird (24.5.0)
Google Chrome 34.0.1847.131
Google Chrome 34.0.1847.137
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Thomas (administrator) on THOMAS-HP on 19-05-2014 19:44:14
Running from C:\Users\Thomas\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5889816 2011-12-07] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4240377317-2580135182-2221074664-1001\...\Run: [Spotify Web Helper] => C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {1797871B-E061-4F91-8041-7DE27A1F01E0} URL =
SearchScopes: HKCU - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {DB6A597B-B576-4AAD-A5F8-8ED658837C60} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-12-02] (EasyBits Software Corp.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml
FF Extension: HDvid Codec - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi [2013-04-17]
FF Extension: Torntv 3 - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013-10-09]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-28]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google-Suche) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (AdBlock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-04]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-12] ()
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4135800 2011-05-15] (INCA Internet Co., Ltd.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-21] ()
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-01-14] (<Turtle Entertainment>)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-10-24] (Logitech Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140519.003\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140519.003\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 tizekdrv; C:\Users\Thomas\AppData\Roaming\TZAC\tizek64.sys [241848 2012-05-01] ()
S3 tizeqdrv; C:\Users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-06-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Program Files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-19 19:41 - 2014-05-19 19:41 - 00855379 _____ () C:\Users\Thomas\Downloads\SecurityCheck.exe
2014-05-19 15:07 - 2014-05-19 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-05-19 15:06 - 2014-05-19 15:07 - 00000000 ____D () C:\Program Files\Tracker Software
2014-05-19 15:03 - 2014-05-19 15:04 - 00961360 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\PDF XChange Viewer - CHIP-Downloader.exe
2014-05-19 14:17 - 2014-05-19 14:17 - 00000000 ____D () C:\Users\Thomas\AppData\Local\PDF24
2014-05-19 14:14 - 2014-05-19 14:14 - 00961360 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\PDF24 Creator - CHIP-Downloader.exe
2014-05-19 14:06 - 2014-05-19 16:11 - 00000000 ____D () C:\Users\Thomas\Desktop\Bafög Antrag
2014-05-19 10:24 - 2014-05-19 10:24 - 02347384 _____ (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_deu.exe
2014-05-18 16:52 - 2014-05-18 16:54 - 28062081 _____ () C:\Users\Thomas\Downloads\Sphax PureBDcraft 128x MC17.zip
2014-05-17 23:02 - 2014-05-17 23:02 - 00000000 ____D () C:\Users\Thomas\Documents\Steam Cloud
2014-05-17 23:00 - 2014-05-17 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreadOut
2014-05-17 22:58 - 2014-05-17 23:02 - 00000000 ____D () C:\Program Files (x86)\DreadOut
2014-05-17 17:53 - 2014-05-17 17:53 - 00000000 ____D () C:\Users\Thomas\Downloads\FRST-OlderVersion
2014-05-17 17:44 - 2014-05-17 17:44 - 01016261 _____ (Thisisu) C:\Users\Thomas\Downloads\JRT.exe
2014-05-17 17:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-17 17:39 - 2014-05-17 17:41 - 00000000 ____D () C:\AdwCleaner
2014-05-17 17:37 - 2014-05-17 17:37 - 01325827 _____ () C:\Users\Thomas\Downloads\adwcleaner_3.208.exe
2014-05-17 17:21 - 2014-05-17 17:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 17:21 - 2014-05-17 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-17 17:21 - 2014-05-17 17:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-17 17:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 17:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 17:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 17:19 - 2014-05-17 17:20 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 10:27 - 2014-05-17 10:27 - 00237433 _____ () C:\Users\Thomas\Downloads\[kickass.to]dreadout.codex (1).torrent
2014-05-16 16:38 - 2014-05-16 16:38 - 00237433 _____ () C:\Users\Thomas\Downloads\[kickass.to]dreadout.codex.torrent
2014-05-16 15:35 - 2014-05-16 15:35 - 00025693 _____ () C:\ComboFix.txt
2014-05-16 15:20 - 2014-05-16 15:21 - 05200990 ____R (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe
2014-05-16 13:23 - 2014-05-16 13:23 - 00003080 _____ () C:\{065CBA12-259C-4AF9-95B2-3DCA78C52D71}
2014-05-15 21:43 - 2014-05-15 21:43 - 00066321 _____ () C:\Users\Thomas\Downloads\SEUS-v10.1-Ultra.zip
2014-05-15 21:39 - 2014-05-15 21:39 - 00186201 _____ () C:\Users\Thomas\Downloads\ShadersModCore-v2.2.2-mc1.6.4-f965.jar
2014-05-15 21:31 - 2014-05-15 21:32 - 02269863 _____ () C:\Users\Thomas\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2014-05-15 21:21 - 2014-05-15 21:21 - 02771496 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1082-installer-win.exe
2014-05-15 21:19 - 2014-05-15 21:21 - 11122883 _____ () C:\Users\Thomas\Downloads\LifeInTheWoodsBasic.zip
2014-05-15 16:36 - 2014-05-15 16:36 - 00000000 ____D () C:\Users\Thomas\Documents\Daylight
2014-05-15 15:35 - 2014-05-15 15:35 - 00000000 ____D () C:\Program Files (x86)\Zombie Studios
2014-05-15 14:24 - 2014-05-15 14:25 - 00060655 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-05-15 14:18 - 2014-05-19 19:44 - 00016724 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-05-15 14:17 - 2014-05-17 17:53 - 02067456 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-05-15 00:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 00:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 00:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 00:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 00:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 00:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:59 - 2014-05-14 22:59 - 00025247 _____ () C:\Users\Thomas\Downloads\[kickass.to]daylight.skidrow.torrent
2014-05-14 10:47 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:47 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:47 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:47 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:47 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:47 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:47 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 10:47 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 10:47 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 10:47 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:47 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:47 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:47 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:47 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 10:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 10:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 10:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 10:47 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 00:02 - 2014-05-14 00:58 - 171591140 _____ () C:\Users\Thomas\Downloads\prpi_rog.rar
2014-05-13 12:58 - 2014-05-13 12:58 - 00012265 _____ () C:\Users\Thomas\Downloads\van_helsing_movie.zip
2014-05-13 12:56 - 2014-05-13 12:56 - 00013804 _____ () C:\Users\Thomas\Downloads\dishonor.zip
2014-05-12 17:06 - 2014-05-12 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-12 12:29 - 2014-05-12 12:29 - 00026695 _____ () C:\Users\Thomas\Downloads\p.txt
2014-05-12 08:34 - 2014-05-12 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2014-05-12 08:28 - 2014-05-12 08:28 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks
2014-05-11 23:07 - 2014-05-11 23:07 - 00015028 _____ () C:\Users\Thomas\Downloads\[kickass.to]dishonored.skidrow.torrent
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 __SHD () C:\ProgramData\DSS
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Lionhead Studios
2014-05-11 14:03 - 2014-05-11 14:03 - 00039185 _____ () C:\Users\Thomas\Downloads\[kickass.to]fable.iii.skidrow.fable.3.torrent
2014-05-11 13:32 - 2014-05-11 13:32 - 00001433 _____ () C:\Users\Thomas\Documents\Dragon Age Origins EP1.log
2014-05-10 10:52 - 2014-05-10 10:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2014-05-10 10:52 - 2014-05-10 10:52 - 00000000 ____D () C:\Program Files\Adobe
2014-05-10 10:51 - 2014-05-10 10:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001268 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-05-10 10:45 - 2014-05-10 10:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-10 10:28 - 2014-05-10 10:28 - 00041935 _____ () C:\Users\Thomas\Downloads\[kickass.to]antichamber.v1.0.steam.rip.cracked.richvsm.torrent
2014-05-09 22:39 - 2014-05-09 22:39 - 00099798 _____ () C:\Users\Thomas\Downloads\[kickass.to]ether.one.codex.torrent
2014-05-09 13:56 - 2014-05-09 13:56 - 00803691 _____ () C:\Users\Thomas\Downloads\OptiFine 1.7.4.jar
2014-05-09 13:46 - 2014-05-09 13:46 - 00811462 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.2_HD_U_D1.jar
2014-05-08 12:50 - 2014-05-08 12:59 - 141152949 _____ () C:\Users\Thomas\Downloads\voikol.rar
2014-05-08 09:10 - 2014-05-08 09:10 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Curse
2014-05-08 09:08 - 2014-05-08 09:09 - 37746736 _____ (Curse) C:\Users\Thomas\Downloads\CurseClientSetup.exe
2014-05-06 20:55 - 2014-05-15 08:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:39 - 2014-05-06 19:39 - 00008902 _____ () C:\Users\Thomas\Downloads\minecrafter.zip
2014-05-06 19:36 - 2014-05-06 19:36 - 00202293 _____ () C:\Users\Thomas\Downloads\survival_horror.zip
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-05 15:42 - 2014-05-05 15:42 - 02209528 _____ () C:\VirtualDub-1.10.4-AMD64.zip
2014-05-05 15:41 - 2014-05-05 15:41 - 00613200 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\VirtualDub 64 Bit - CHIP-Downloader.exe
2014-05-04 13:52 - 2014-05-04 13:52 - 00000019 _____ () C:\Users\Thomas\Desktop\mc mein haus.txt
2014-05-04 13:48 - 2014-05-04 13:52 - 166667606 _____ () C:\Users\Thomas\Downloads\TrailerVARO2.MP4
2014-05-04 01:01 - 2014-05-04 01:01 - 00018072 _____ () C:\Users\Thomas\Downloads\[kickass.to]prinz.pi.rebell.ohne.grund.de.2011.ysp.torrent
2014-05-03 18:03 - 2014-05-03 18:03 - 02723770 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1060-installer.jar
2014-05-03 18:02 - 2014-05-03 18:02 - 00814735 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-02 21:04 - 2014-05-02 21:04 - 00003398 _____ () C:\Windows\System32\Tasks\{13A7F5EA-CEE8-4E1C-A269-E6A21785CD33}
2014-05-02 12:47 - 2014-05-02 12:47 - 02347187 _____ () C:\Users\Thomas\Downloads\mcpatcher-4.3.2_02.exe
2014-05-02 12:37 - 2014-05-02 12:39 - 10211806 _____ () C:\Users\Thomas\Downloads\willpack3.zip
2014-05-02 11:56 - 2014-05-18 16:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\.minecraft
2014-05-02 09:52 - 2014-05-02 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-29 20:54 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 20:54 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 20:53 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 20:53 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 20:53 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 20:53 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 20:53 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 20:53 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 20:53 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 20:53 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 20:53 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 20:53 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 20:53 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 20:53 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 20:53 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 20:53 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 20:53 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 20:53 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 20:53 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 20:53 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 20:53 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 20:53 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 20:53 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 20:53 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 20:53 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 20:53 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 20:53 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 20:53 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 20:53 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 20:53 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 20:53 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 20:53 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 20:53 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 20:53 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 20:53 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 20:53 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 20:53 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 20:53 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 20:53 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 20:53 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 20:53 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 20:53 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 20:53 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 20:53 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 18:56 - 2013-05-15 08:22 - 00937984 _____ () C:\Windows\system32\rads.dll
==================== One Month Modified Files and Folders =======
2014-05-19 19:45 - 2012-10-01 19:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-05-19 19:44 - 2014-05-15 14:18 - 00016724 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-05-19 19:44 - 2013-07-19 16:01 - 00000000 ____D () C:\FRST
2014-05-19 19:41 - 2014-05-19 19:41 - 00855379 _____ () C:\Users\Thomas\Downloads\SecurityCheck.exe
2014-05-19 19:40 - 2012-05-15 16:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\BitTorrent
2014-05-19 19:35 - 2012-05-01 00:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 19:03 - 2012-11-09 17:55 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job
2014-05-19 16:46 - 2012-08-13 17:03 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify
2014-05-19 16:11 - 2014-05-19 14:06 - 00000000 ____D () C:\Users\Thomas\Desktop\Bafög Antrag
2014-05-19 15:07 - 2014-05-19 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-05-19 15:07 - 2014-05-19 15:06 - 00000000 ____D () C:\Program Files\Tracker Software
2014-05-19 15:04 - 2014-05-19 15:03 - 00961360 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\PDF XChange Viewer - CHIP-Downloader.exe
2014-05-19 14:17 - 2014-05-19 14:17 - 00000000 ____D () C:\Users\Thomas\AppData\Local\PDF24
2014-05-19 14:14 - 2014-05-19 14:14 - 00961360 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\PDF24 Creator - CHIP-Downloader.exe
2014-05-19 10:24 - 2014-05-19 10:24 - 02347384 _____ (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_deu.exe
2014-05-19 09:17 - 2009-07-14 06:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 09:17 - 2009-07-14 06:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 09:14 - 2010-12-02 02:12 - 01475828 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 09:10 - 2013-02-10 02:00 - 00055559 _____ () C:\Windows\setupact.log
2014-05-19 09:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 20:03 - 2012-11-09 17:55 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job
2014-05-18 16:56 - 2014-05-02 11:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\.minecraft
2014-05-18 16:54 - 2014-05-18 16:52 - 28062081 _____ () C:\Users\Thomas\Downloads\Sphax PureBDcraft 128x MC17.zip
2014-05-18 16:48 - 2012-05-01 00:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-18 15:21 - 2014-02-06 21:28 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-05-17 23:02 - 2014-05-17 23:02 - 00000000 ____D () C:\Users\Thomas\Documents\Steam Cloud
2014-05-17 23:02 - 2014-05-17 22:58 - 00000000 ____D () C:\Program Files (x86)\DreadOut
2014-05-17 23:00 - 2014-05-17 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreadOut
2014-05-17 17:53 - 2014-05-17 17:53 - 00000000 ____D () C:\Users\Thomas\Downloads\FRST-OlderVersion
2014-05-17 17:53 - 2014-05-15 14:17 - 02067456 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-05-17 17:44 - 2014-05-17 17:44 - 01016261 _____ (Thisisu) C:\Users\Thomas\Downloads\JRT.exe
2014-05-17 17:42 - 2013-02-11 17:44 - 00686830 _____ () C:\Windows\PFRO.log
2014-05-17 17:42 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-17 17:41 - 2014-05-17 17:39 - 00000000 ____D () C:\AdwCleaner
2014-05-17 17:41 - 2012-05-12 10:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-17 17:37 - 2014-05-17 17:37 - 01325827 _____ () C:\Users\Thomas\Downloads\adwcleaner_3.208.exe
2014-05-17 17:35 - 2014-05-17 17:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 17:28 - 2012-05-19 19:24 - 00000000 ____D () C:\Users\Thomas\AppData\Local\PMB Files
2014-05-17 17:21 - 2014-05-17 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-17 17:21 - 2014-05-17 17:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-17 17:21 - 2013-07-19 12:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 17:20 - 2014-05-17 17:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 13:32 - 2012-05-19 19:24 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-17 10:27 - 2014-05-17 10:27 - 00237433 _____ () C:\Users\Thomas\Downloads\[kickass.to]dreadout.codex (1).torrent
2014-05-16 16:38 - 2014-05-16 16:38 - 00237433 _____ () C:\Users\Thomas\Downloads\[kickass.to]dreadout.codex.torrent
2014-05-16 15:35 - 2014-05-16 15:35 - 00025693 _____ () C:\ComboFix.txt
2014-05-16 15:35 - 2013-07-20 11:26 - 00000000 ____D () C:\Qoobox
2014-05-16 15:33 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 15:21 - 2014-05-16 15:20 - 05200990 ____R (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe
2014-05-16 14:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 13:23 - 2014-05-16 13:23 - 00003080 _____ () C:\{065CBA12-259C-4AF9-95B2-3DCA78C52D71}
2014-05-15 21:43 - 2014-05-15 21:43 - 00066321 _____ () C:\Users\Thomas\Downloads\SEUS-v10.1-Ultra.zip
2014-05-15 21:39 - 2014-05-15 21:39 - 00186201 _____ () C:\Users\Thomas\Downloads\ShadersModCore-v2.2.2-mc1.6.4-f965.jar
2014-05-15 21:32 - 2014-05-15 21:31 - 02269863 _____ () C:\Users\Thomas\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2014-05-15 21:21 - 2014-05-15 21:21 - 02771496 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1082-installer-win.exe
2014-05-15 21:21 - 2014-05-15 21:19 - 11122883 _____ () C:\Users\Thomas\Downloads\LifeInTheWoodsBasic.zip
2014-05-15 20:30 - 2012-08-13 17:03 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify
2014-05-15 19:54 - 2012-12-10 21:54 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\SoftGrid Client
2014-05-15 16:36 - 2014-05-15 16:36 - 00000000 ____D () C:\Users\Thomas\Documents\Daylight
2014-05-15 16:36 - 2012-06-05 23:41 - 00000000 ____D () C:\Users\Thomas\AppData\Local\SKIDROW
2014-05-15 15:57 - 2014-04-02 21:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-15 15:35 - 2014-05-15 15:35 - 00000000 ____D () C:\Program Files (x86)\Zombie Studios
2014-05-15 14:25 - 2014-05-15 14:24 - 00060655 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-05-15 08:36 - 2012-04-30 23:14 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:36 - 2012-04-30 23:14 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:32 - 2014-05-06 20:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 00:09 - 2013-08-14 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 00:08 - 2012-05-01 00:49 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:59 - 2014-05-14 22:59 - 00025247 _____ () C:\Users\Thomas\Downloads\[kickass.to]daylight.skidrow.torrent
2014-05-14 10:37 - 2013-02-10 01:19 - 00069088 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-14 10:36 - 2013-02-11 17:44 - 04858760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 00:58 - 2014-05-14 00:02 - 171591140 _____ () C:\Users\Thomas\Downloads\prpi_rog.rar
2014-05-14 00:55 - 2010-12-02 02:37 - 00699876 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 00:55 - 2010-12-02 02:37 - 00149758 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 00:55 - 2009-07-14 07:13 - 01622022 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 12:58 - 2014-05-13 12:58 - 00012265 _____ () C:\Users\Thomas\Downloads\van_helsing_movie.zip
2014-05-13 12:56 - 2014-05-13 12:56 - 00013804 _____ () C:\Users\Thomas\Downloads\dishonor.zip
2014-05-12 17:06 - 2014-05-12 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-12 17:06 - 2013-06-30 08:37 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-12 17:06 - 2013-06-30 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-12 17:06 - 2013-06-30 08:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-12 12:29 - 2014-05-12 12:29 - 00026695 _____ () C:\Users\Thomas\Downloads\p.txt
2014-05-12 08:39 - 2012-07-20 19:08 - 00000000 ____D () C:\Users\Thomas\Documents\My Games
2014-05-12 08:34 - 2014-05-12 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2014-05-12 08:28 - 2014-05-12 08:28 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks
2014-05-11 23:07 - 2014-05-11 23:07 - 00015028 _____ () C:\Users\Thomas\Downloads\[kickass.to]dishonored.skidrow.torrent
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 __SHD () C:\ProgramData\DSS
2014-05-11 22:26 - 2014-05-11 22:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Lionhead Studios
2014-05-11 22:24 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-11 19:47 - 2012-05-01 00:04 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\TS3Client
2014-05-11 14:03 - 2014-05-11 14:03 - 00039185 _____ () C:\Users\Thomas\Downloads\[kickass.to]fable.iii.skidrow.fable.3.torrent
2014-05-11 13:32 - 2014-05-11 13:32 - 00001433 _____ () C:\Users\Thomas\Documents\Dragon Age Origins EP1.log
2014-05-11 11:09 - 2012-06-25 13:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2014-05-10 11:11 - 2013-07-07 20:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-05-10 10:52 - 2014-05-10 10:52 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2014-05-10 10:52 - 2014-05-10 10:52 - 00000000 ____D () C:\Program Files\Adobe
2014-05-10 10:52 - 2012-06-25 13:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-10 10:51 - 2014-05-10 10:51 - 00001213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2014-05-10 10:50 - 2012-06-25 13:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-10 10:48 - 2014-05-10 10:48 - 00001268 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2014-05-10 10:48 - 2014-05-10 10:48 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-05-10 10:47 - 2014-05-10 10:47 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-05-10 10:47 - 2012-06-25 13:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-10 10:47 - 2012-04-30 23:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Adobe
2014-05-10 10:45 - 2014-05-10 10:45 - 00001525 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00001359 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-10 10:45 - 2014-05-10 10:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-10 10:28 - 2014-05-10 10:28 - 00041935 _____ () C:\Users\Thomas\Downloads\[kickass.to]antichamber.v1.0.steam.rip.cracked.richvsm.torrent
2014-05-09 22:39 - 2014-05-09 22:39 - 00099798 _____ () C:\Users\Thomas\Downloads\[kickass.to]ether.one.codex.torrent
2014-05-09 13:56 - 2014-05-09 13:56 - 00803691 _____ () C:\Users\Thomas\Downloads\OptiFine 1.7.4.jar
2014-05-09 13:46 - 2014-05-09 13:46 - 00811462 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.2_HD_U_D1.jar
2014-05-09 08:14 - 2014-05-14 10:47 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 10:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:58 - 2012-11-09 17:55 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA
2014-05-08 19:58 - 2012-11-09 17:55 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core
2014-05-08 12:59 - 2014-05-08 12:50 - 141152949 _____ () C:\Users\Thomas\Downloads\voikol.rar
2014-05-08 09:10 - 2014-05-08 09:10 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Curse
2014-05-08 09:09 - 2014-05-08 09:08 - 37746736 _____ (Curse) C:\Users\Thomas\Downloads\CurseClientSetup.exe
2014-05-06 19:39 - 2014-05-06 19:39 - 00008902 _____ () C:\Users\Thomas\Downloads\minecrafter.zip
2014-05-06 19:36 - 2014-05-06 19:36 - 00202293 _____ () C:\Users\Thomas\Downloads\survival_horror.zip
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-06 06:40 - 2014-05-15 00:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 00:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 00:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 00:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 00:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 15:42 - 2014-05-05 15:42 - 02209528 _____ () C:\VirtualDub-1.10.4-AMD64.zip
2014-05-05 15:41 - 2014-05-05 15:41 - 00613200 _____ (Chip Digital GmbH) C:\Users\Thomas\Downloads\VirtualDub 64 Bit - CHIP-Downloader.exe
2014-05-04 13:52 - 2014-05-04 13:52 - 00000019 _____ () C:\Users\Thomas\Desktop\mc mein haus.txt
2014-05-04 13:52 - 2014-05-04 13:48 - 166667606 _____ () C:\Users\Thomas\Downloads\TrailerVARO2.MP4
2014-05-04 01:01 - 2014-05-04 01:01 - 00018072 _____ () C:\Users\Thomas\Downloads\[kickass.to]prinz.pi.rebell.ohne.grund.de.2011.ysp.torrent
2014-05-03 18:03 - 2014-05-03 18:03 - 02723770 _____ () C:\Users\Thomas\Downloads\forge-1.7.2-10.12.1.1060-installer.jar
2014-05-03 18:02 - 2014-05-03 18:02 - 00814735 _____ () C:\Users\Thomas\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-05-03 13:31 - 2014-05-03 13:31 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-05-02 22:57 - 2014-05-02 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-02 22:57 - 2012-10-01 19:15 - 00000000 ____D () C:\ProgramData\Skype
2014-05-02 21:04 - 2014-05-02 21:04 - 00003398 _____ () C:\Windows\System32\Tasks\{13A7F5EA-CEE8-4E1C-A269-E6A21785CD33}
2014-05-02 12:47 - 2014-05-02 12:47 - 02347187 _____ () C:\Users\Thomas\Downloads\mcpatcher-4.3.2_02.exe
2014-05-02 12:39 - 2014-05-02 12:37 - 10211806 _____ () C:\Users\Thomas\Downloads\willpack3.zip
2014-05-02 12:01 - 2012-05-06 12:39 - 00000000 ____D () C:\Users\Thomas\Desktop\.minecraft
2014-05-02 11:44 - 2014-05-02 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 06:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-26 11:22 - 2014-04-18 15:58 - 00000000 ____D () C:\Users\Thomas\Desktop\IWBT8b
2014-04-20 19:10 - 2013-01-31 17:14 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-14 10:47] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 00:48
==================== End Of Log ============================
soo , pc läuft auf jedenfall nen tick besser danke soweit  und gut zu wissen das ich gefährdende Daten auf meinem Pc hatte danke auch dafür... mfg |
|
20.05.2014, 12:20
| #10 |
| /// the machine /// TB-Ausbilder | widevinecdmadapter.dll gefährlich? Java und Flash updaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
