| |
| |||||||
Log-Analyse und Auswertung: Adware und Trojaner gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.06.2014, 18:50
| #1 |
 |  Adware und Trojaner gefunden Hallo liebe Helfer! Heute morgen habe ich eine Art automatischen Downloader (als .exe) geöffnet, ungefähr so wie der Softonic Downloader. Und siehe da Avast hat gleich Alarm geschlagen. Mittlerweile habe ich mehrere Scans gemacht, die ich selbstverständlich alle einfügen werde. Sicherheitshalber wende ich mich jetzt an die Experten. Ich hoffe ihr könnt mir helfen und Danke im Voraus. PS. GMER Log ist leider zu groß, deswegen musste ich es anhängen. Malwarebytes Log 1: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.06.08.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16899 Julian :: JULIAN-TOWER [Administrator] 08.06.2014 10:30:25 mbam-log-2014-06-08 (10-30-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 185605 Laufzeit: 12 Minute(n), 54 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Trojan.SProtector) -> Bösartig: (c:\progra~2\so_booster\assistant.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\SO_BOOSTER\ASSISTANT.DLL (Trojan.SProtector) -> Löschen bei Neustart. C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O87PESL9\tpq[1].exe (Trojan.SProtector) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.06.08.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16899 Julian :: JULIAN-TOWER [Administrator] 08.06.2014 17:12:10 mbam-log-2014-06-08 (17-12-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 651127 Laufzeit: 44 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} (PUP.Optional.YoutubeAdblocker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9} (PUP.Optional.SaveOn.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files (x86)\YOUTUBEADBLOCKER (PUP.Optional.Multiplug) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\YOUTUBEADBLOCKER (PUP.Optional.YoutubeAdblocker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\sAve on (PUP.Optional.SaveOn.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\sAve on (PUP.Optional.SaveOn.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 9 E:\$RECYCLE.BIN\S-1-5-21-2500361306-1845089342-944013071-1000\$RTWOOA2.exe (PUP.Optional.OpenCandy.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\$RECYCLE.BIN\S-1-5-21-2500361306-1845089342-944013071-1000\$RV067Q5.exe (PUP.Optional.InstalleRex) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\$RECYCLE.BIN\S-1-5-21-2500361306-1845089342-944013071-1000\$RY3XTPG.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\$RECYCLE.BIN\S-1-5-21-2500361306-1845089342-944013071-1000\$RYGE5FK.exe (PUP.Optional.InstalleRex) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Temp\{443D2F79-2868-45F3-A718-604A9FDE0D8F}\Addons\putfu.exe (Trojan.SProtector) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\YOUTUBEADBLOCKER\n8qM.dat (PUP.Optional.YoutubeAdblocker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\YOUTUBEADBLOCKER\n8qM.exe (PUP.Optional.YoutubeAdblocker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\sAve on\_oNttCZ.dat (PUP.Optional.SaveOn.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\sAve on\_oNttCZ.exe (PUP.Optional.SaveOn.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Julian on 08.06.2014 at 17:59:59,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\5w8wfjzb.default\extensions\staged
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.06.2014 at 18:05:12,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 08/06/2014 um 18:08:21
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Julian - JULIAN-TOWER
# Gestartet von : E:\Bibliotheken\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : E:\Temp\OCS
Ordner Gelöscht : E:\Bibliotheken\Eigene Dokumente\Updater
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Julian\AppData\Local\torch
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpicdimlijokjajgjhljmoopidlfpega
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpicdimlijokjajgjhljmoopidlfpega
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpicdimlijokjajgjhljmoopidlfpega
Datei Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage
Datei Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{29850aa3}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SO_Booster\Assistant_x64.dll
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16866
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\prefs.js ]
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : mpicdimlijokjajgjhljmoopidlfpega
*************************
AdwCleaner[R0].txt - [2941 octets] - [08/06/2014 18:06:41]
AdwCleaner[S0].txt - [2659 octets] - [08/06/2014 18:08:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2719 octets] ##########
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=b23de8fd9fbb9d4a89d7abc23b1e33b2
# engine=18618
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-08 05:00:23
# local_time=2014-06-08 07:00:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 179764 4913341 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9678031 153876673 0 0
# scanned=372179
# found=24
# cleaned=23
# scan_time=2591
sh=A506AEDE7D055BAA580C7657DBAFD498EF0B2E58 ft=1 fh=c71c00117d7abedf vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\Users\All Users\saeve on\7Vbu.exe"
sh=AE4B3ECB491AEF6D1594361E820A6FCC8EF44E3E ft=1 fh=c71c0011d35ff60a vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SO_Booster\Assistant_x64.dll"
sh=A506AEDE7D055BAA580C7657DBAFD498EF0B2E58 ft=1 fh=c71c00117d7abedf vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\saeve on\7Vbu.exe"
sh=B536B243BF2505591085E1260499AFF185CDACF3 ft=1 fh=c1077981e18b048a vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJH1FB3L\0qy[1].exe"
sh=CFBAFC56E471A428C5A6EE11FCE840D503EA6A96 ft=1 fh=717ddc5224904c1a vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJH1FB3L\a6uHtcQIr[1].exe"
sh=DF42C774F3A5F5830FA2953B4AD7A0E36BB6A6A6 ft=1 fh=076084b86cf21e8e vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJH1FB3L\hySOKK[1].exe"
sh=BD509D432DEC2FFB6C89A38BA6D231F115A861B0 ft=1 fh=9ad63296dd7c0ba5 vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGHULCHI\hvaOX9UWdE[1].exe"
sh=CF2CB720A2111BCBC5CD538AAC725F14B1287793 ft=1 fh=1c9e34036cf21e8e vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGHULCHI\jkuyizEC[1].exe"
sh=F2CF9EC23BE7CDE50C81236686F27CAF7A7ABBFB ft=1 fh=fc58eda676f74db2 vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGHULCHI\PtA[1].exe"
sh=73E808556441BE2C942E04ED59D7C948A1727DE7 ft=1 fh=5919c5d47802f4a1 vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHBGPKXF\5J0V70jl6[1].exe"
sh=A4F47FAA664CF6105423CDA2EC157E313CF9981D ft=1 fh=3f0bb755086f0afc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\$RECYCLE.BIN\S-1-5-21-2500361306-1845089342-944013071-1000\$R3DVUPE.exe"
sh=A506AEDE7D055BAA580C7657DBAFD498EF0B2E58 ft=1 fh=c71c00117d7abedf vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\$RECYCLE.BIN\S-1-5-21-2500361306-1845089342-944013071-1000\$R4B0KU4.exe"
sh=43D57BDE0C64D2E84D5D5DF9DF617A8B72E98D57 ft=1 fh=0eccfd74402c2aeb vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\$RECYCLE.BIN\S-1-5-21-2500361306-1845089342-944013071-1000\$RI0ZTR7.exe"
sh=023EE2E0F411FDC5DFE7F293B42D343C28BAC036 ft=1 fh=b273f1aed13f1c45 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\$RECYCLE.BIN\S-1-5-21-2500361306-1845089342-944013071-1000\$RRVAE8E.exe"
sh=D1B61B4EA226B5D7E2FEABF19BFDA910B1EB7891 ft=1 fh=cff9541698dc6b75 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\$RECYCLE.BIN\S-1-5-21-3413759110-2494804983-1338550210-1000\$RDOX532.exe"
sh=8B13D68EEEE3E3BE94D961E03A57353245DF2FDD ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Temp\{443D2F79-2868-45F3-A718-604A9FDE0D8F}\Custom.dll"
sh=F2CF9EC23BE7CDE50C81236686F27CAF7A7ABBFB ft=1 fh=fc58eda676f74db2 vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Temp\{443D2F79-2868-45F3-A718-604A9FDE0D8F}\Addons\extIE_setup.exe"
sh=73E808556441BE2C942E04ED59D7C948A1727DE7 ft=1 fh=5919c5d47802f4a1 vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Temp\{443D2F79-2868-45F3-A718-604A9FDE0D8F}\Addons\setupbc.exe"
sh=CFBAFC56E471A428C5A6EE11FCE840D503EA6A96 ft=1 fh=717ddc5224904c1a vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Temp\{443D2F79-2868-45F3-A718-604A9FDE0D8F}\Addons\setupespl.exe"
sh=DF42C774F3A5F5830FA2953B4AD7A0E36BB6A6A6 ft=1 fh=076084b86cf21e8e vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Temp\{443D2F79-2868-45F3-A718-604A9FDE0D8F}\Addons\setuplh.exe"
sh=B536B243BF2505591085E1260499AFF185CDACF3 ft=1 fh=c1077981e18b048a vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Temp\{443D2F79-2868-45F3-A718-604A9FDE0D8F}\Addons\setupytb.exe"
sh=8B13D68EEEE3E3BE94D961E03A57353245DF2FDD ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Temp\{AAA153FA-DBA3-4F7B-AD90-93817142710C}\Custom.dll"
sh=BD509D432DEC2FFB6C89A38BA6D231F115A861B0 ft=1 fh=9ad63296dd7c0ba5 vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Temp\{AAA153FA-DBA3-4F7B-AD90-93817142710C}\Addons\setupespl.exe"
sh=CF2CB720A2111BCBC5CD538AAC725F14B1287793 ft=1 fh=1c9e34036cf21e8e vn="Variante von Win32/AdWare.MultiPlug.Z Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Temp\{AAA153FA-DBA3-4F7B-AD90-93817142710C}\Addons\setuplh.exe"
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:15 on 08/06/2014 (Julian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Julian (administrator) on JULIAN-TOWER on 08-06-2014 19:17:24
Running from E:\Bibliotheken\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2014-04-30] (Broadcom Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [RoccatKonePureOptical] => C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe [561152 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2500361306-1845089342-944013071-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2500361306-1845089342-944013071-1000\...\MountPoints2: {367c1d4a-9723-11e3-8ee8-806e6f6e6963} - E:\Bin\ASSETUP.exe
HKU\S-1-5-21-2500361306-1845089342-944013071-1000\...\MountPoints2: {ffafa69c-dd15-11e3-8ef8-ac220b4ccf73} - F:\autorun.exe
Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/l/3279204031
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5419F5C0322BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 192.168.128.1 speedport.ip
Tcpip\..\Interfaces\{23DAF6CB-DDBA-4B24-B2C3-76A7AAE2D1A9}: [NameServer]8.8.8.8,4.4.4.4
FireFox:
========
FF ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\Extensions\https-everywhere@eff.org [2014-04-15]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\Extensions\ich@maltegoetz.de [2014-02-16]
FF Extension: WOT - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-02-16]
FF Extension: Youtube Video Replay - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\Extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076} [2014-02-16]
FF Extension: NoScript - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-16]
FF Extension: Adblock Plus - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-16]
FF Extension: YoutubeAdblocker - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\a_xgiil@eokir-ml.edu [2014-06-08]
FF Extension: seaVe on - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\irlia5v@altvx-jeei.edu [2014-06-08]
FF Extension: sAve on - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\wdj_z@eadqrm-.net [2014-06-08]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-12]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-24] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-30] ()
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-21] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-03] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2014-04-30] (Broadcom Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-02-27] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()
S3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1106944 2006-01-17] (Broadcom Corporation.)
R3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-16] (Disc Soft Ltd)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-02-19] (ASUSTeK Computer Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\SysWOW64\drivers\MSKSSRV.sys [6640 1999-09-25] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\SysWOW64\drivers\MSPCLOCK.sys [5008 1999-09-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 cpuz136; \??\E:\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\E:\Temp\GPUZ.sys [X]
S3 iscFlash; \??\E:\Temp\7zS2FB6.tmp\iscflashx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-08 19:17 - 2014-06-08 19:17 - 00000000 ____D () C:\FRST
2014-06-08 19:15 - 2014-06-08 19:15 - 00000168 _____ () C:\Users\Julian\defogger_reenable
2014-06-08 18:10 - 2014-06-08 18:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-08 18:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-08 18:05 - 2014-06-08 18:05 - 00000841 _____ () C:\Users\Julian\Desktop\JRT.txt
2014-06-08 10:02 - 2014-06-08 18:59 - 00000000 ____D () C:\Program Files (x86)\SO_Booster
2014-06-08 10:01 - 2014-06-08 18:59 - 00000000 ____D () C:\ProgramData\saeve on
2014-06-08 10:01 - 2014-06-08 10:01 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-08 10:01 - 2014-06-08 10:01 - 00000000 ____D () C:\Program Files (x86)\saeve on
2014-06-08 10:00 - 2014-06-08 10:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-08 10:00 - 2014-06-08 10:02 - 00000000 ____D () C:\ProgramData\19fbea0fda5a47e8
2014-06-08 10:00 - 2014-06-08 10:00 - 00000000 ____D () C:\Users\Gast
2014-06-08 10:00 - 2014-06-08 10:00 - 00000000 ____D () C:\Users\Administrator
2014-06-03 12:31 - 2014-06-03 12:31 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-03 12:27 - 2014-06-03 12:27 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-03 10:40 - 2014-06-03 10:40 - 00000700 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-03 10:40 - 2014-06-03 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-02 17:47 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-02 17:47 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-31 12:09 - 2014-06-08 15:14 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-31 00:21 - 2014-05-31 00:21 - 00001388 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-31 00:21 - 2014-05-31 00:21 - 00001315 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-31 00:21 - 2014-05-31 00:21 - 00000000 ____D () C:\Windows\de
2014-05-31 00:21 - 2014-05-31 00:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-31 00:19 - 2014-05-31 00:19 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-30 23:56 - 2014-05-31 00:43 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TrueCrypt
2014-05-30 23:55 - 2014-05-31 21:03 - 00000919 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk
2014-05-30 23:55 - 2014-05-30 23:55 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-05-30 23:55 - 2014-05-30 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2014-05-30 23:55 - 2014-05-30 23:55 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-05-30 23:12 - 2014-05-30 23:12 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TeamViewer
2014-05-30 09:03 - 2014-05-30 09:03 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2014-05-29 19:20 - 2014-05-30 20:30 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\tor
2014-05-29 19:19 - 2014-05-29 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle
2014-05-29 19:18 - 2014-05-29 19:20 - 00000000 ____D () C:\Tor Browser
2014-05-29 19:00 - 2014-05-29 19:00 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-05-29 17:02 - 2014-05-29 17:02 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2014-05-29 12:34 - 2014-05-29 12:34 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-05-29 12:26 - 2014-05-29 12:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-05-29 12:22 - 2014-05-29 12:22 - 00000000 ____D () C:\Users\Julian\.android
2014-05-29 12:20 - 2014-05-29 12:39 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\MyPhoneExplorer
2014-05-29 12:20 - 2014-05-29 12:20 - 00002069 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-05-29 12:20 - 2014-05-29 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-05-29 12:20 - 2014-05-29 12:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-05-28 16:51 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-28 16:49 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-28 16:49 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-28 16:49 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-28 16:37 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-28 16:37 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-18 22:24 - 2014-06-03 10:39 - 00035681 _____ () C:\Windows\DirectX.log
2014-05-18 19:37 - 2014-05-18 19:37 - 00002049 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-05-18 19:37 - 2014-05-18 19:37 - 00002030 _____ () C:\Users\Public\Desktop\Tribes Ascend.lnk
2014-05-18 19:37 - 2014-05-18 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-05-16 22:52 - 2014-05-16 22:52 - 00000000 ____D () C:\Windows\Sun
2014-05-16 19:15 - 2014-05-16 19:24 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\DAEMON Tools Lite
2014-05-16 19:15 - 2014-05-16 19:15 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-05-16 19:15 - 2014-05-16 19:15 - 00001958 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-05-16 19:15 - 2014-05-16 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-05-16 19:15 - 2014-05-16 19:15 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-16 19:14 - 2014-05-16 19:16 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-05-16 19:09 - 2014-05-16 19:09 - 00001287 _____ () C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk
2014-05-16 19:09 - 2014-05-16 19:09 - 00001287 _____ () C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk
2014-05-16 19:09 - 2014-05-16 19:09 - 00001172 _____ () C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk
2014-05-16 19:04 - 2014-05-16 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-05-15 15:53 - 2014-05-15 15:53 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-15 15:53 - 2014-05-15 15:53 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-15 13:40 - 2014-05-15 13:54 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-05-15 13:40 - 2014-05-15 13:41 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\WindSolutions
2014-05-14 16:40 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 16:40 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 16:40 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 16:40 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:40 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 16:40 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 13:50 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 13:50 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 13:50 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 13:50 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 13:49 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 13:49 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 13:49 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 13:49 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 13:49 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 13:49 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 13:49 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 13:49 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 13:49 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 13:49 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 13:49 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 13:49 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 13:49 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 13:49 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 13:49 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 13:49 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 13:49 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 13:49 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 13:49 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 13:49 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 13:49 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 13:49 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 13:49 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 13:49 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 13:49 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 13:49 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 13:49 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 13:49 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 13:49 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 13:49 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 21:58 - 2014-05-12 21:58 - 00108960 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-05-12 21:58 - 2014-05-12 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-05-12 21:58 - 2014-05-12 21:58 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-05-12 21:16 - 2014-05-12 21:16 - 00000000 ____D () C:\Users\Julian\PietSmiet Soundpack
2014-05-10 20:04 - 2014-05-10 20:04 - 00000000 ____D () C:\Windows\USB Vibration
2014-05-10 20:04 - 2014-05-10 20:04 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2014-05-10 19:58 - 2014-05-10 19:58 - 00001987 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2014-05-10 19:58 - 2014-05-10 19:58 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
==================== One Month Modified Files and Folders =======
2014-06-08 19:17 - 2014-06-08 19:17 - 00000000 ____D () C:\FRST
2014-06-08 19:17 - 2014-02-16 21:24 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\NetSpeedMonitor
2014-06-08 19:15 - 2014-06-08 19:15 - 00000168 _____ () C:\Users\Julian\defogger_reenable
2014-06-08 19:15 - 2014-02-16 18:03 - 00000000 ____D () C:\Users\Julian
2014-06-08 18:59 - 2014-06-08 10:02 - 00000000 ____D () C:\Program Files (x86)\SO_Booster
2014-06-08 18:59 - 2014-06-08 10:01 - 00000000 ____D () C:\ProgramData\saeve on
2014-06-08 18:40 - 2014-04-15 15:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 18:26 - 2014-02-17 21:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 18:16 - 2009-07-14 06:45 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 18:16 - 2009-07-14 06:45 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 18:15 - 2011-04-12 09:43 - 00793436 _____ () C:\Windows\system32\perfh007.dat
2014-06-08 18:15 - 2011-04-12 09:43 - 00184188 _____ () C:\Windows\system32\perfc007.dat
2014-06-08 18:15 - 2009-07-14 07:13 - 01859986 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 18:12 - 2014-02-16 18:03 - 01470640 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 18:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-08 18:10 - 2014-06-08 18:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-08 18:09 - 2014-05-01 14:54 - 00016976 _____ () C:\Windows\PFRO.log
2014-06-08 18:09 - 2014-04-30 14:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-08 18:09 - 2014-04-23 12:18 - 00055746 _____ () C:\Windows\setupact.log
2014-06-08 18:09 - 2014-02-17 21:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 18:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 18:05 - 2014-06-08 18:05 - 00000841 _____ () C:\Users\Julian\Desktop\JRT.txt
2014-06-08 17:18 - 2014-02-16 18:53 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TS3Client
2014-06-08 15:14 - 2014-05-31 12:09 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-08 15:14 - 2014-03-28 20:09 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-08 15:14 - 2014-03-28 20:09 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-08 15:11 - 2014-02-28 16:59 - 00000000 ____D () C:\ProgramData\Origin
2014-06-08 15:10 - 2014-02-28 16:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-08 14:07 - 2014-02-17 21:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-08 10:03 - 2014-06-08 10:00 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-08 10:02 - 2014-06-08 10:00 - 00000000 ____D () C:\ProgramData\19fbea0fda5a47e8
2014-06-08 10:01 - 2014-06-08 10:01 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-08 10:01 - 2014-06-08 10:01 - 00000000 ____D () C:\Program Files (x86)\saeve on
2014-06-08 10:01 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-08 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-08 10:00 - 2014-06-08 10:00 - 00000000 ____D () C:\Users\Gast
2014-06-08 10:00 - 2014-06-08 10:00 - 00000000 ____D () C:\Users\Administrator
2014-06-08 10:00 - 2014-04-29 21:31 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CDC436CC-F299-4835-B412-38772E2543AD}
2014-06-06 23:17 - 2014-02-16 21:33 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Skype
2014-06-06 20:57 - 2014-02-16 21:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-06 20:57 - 2014-02-16 21:33 - 00000000 ____D () C:\ProgramData\Skype
2014-06-06 20:53 - 2014-02-22 22:23 - 00000000 ____D () C:\Program Files\OBS
2014-06-05 20:22 - 2014-02-16 18:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-03 12:36 - 2014-03-28 20:09 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-03 12:31 - 2014-06-03 12:31 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-03 12:27 - 2014-06-03 12:27 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-03 12:27 - 2014-02-28 16:59 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-03 10:40 - 2014-06-03 10:40 - 00000700 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-03 10:40 - 2014-06-03 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-03 10:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-03 10:39 - 2014-05-18 22:24 - 00035681 _____ () C:\Windows\DirectX.log
2014-06-02 17:47 - 2014-02-16 18:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-02 17:42 - 2014-02-28 16:59 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-02 17:40 - 2014-02-28 16:59 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Origin
2014-05-31 21:03 - 2014-05-30 23:55 - 00000919 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk
2014-05-31 00:43 - 2014-05-30 23:56 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TrueCrypt
2014-05-31 00:35 - 2014-02-16 18:38 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\.technic
2014-05-31 00:21 - 2014-05-31 00:21 - 00001388 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-31 00:21 - 2014-05-31 00:21 - 00001315 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-31 00:21 - 2014-05-31 00:21 - 00000000 ____D () C:\Windows\de
2014-05-31 00:21 - 2014-05-31 00:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-31 00:21 - 2014-02-28 10:54 - 00001494 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-31 00:19 - 2014-05-31 00:19 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-31 00:19 - 2014-02-28 10:54 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-30 23:55 - 2014-05-30 23:55 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-05-30 23:55 - 2014-05-30 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2014-05-30 23:55 - 2014-05-30 23:55 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-05-30 23:12 - 2014-05-30 23:12 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TeamViewer
2014-05-30 21:13 - 2014-02-16 18:38 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\.minecraft
2014-05-30 20:30 - 2014-05-29 19:20 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\tor
2014-05-30 09:03 - 2014-05-30 09:03 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2014-05-30 01:07 - 2014-06-02 17:47 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-02 17:47 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2014-02-16 18:25 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2014-02-16 18:25 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-29 21:16 - 2014-02-17 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-05-29 19:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-29 19:20 - 2014-05-29 19:18 - 00000000 ____D () C:\Tor Browser
2014-05-29 19:19 - 2014-05-29 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle
2014-05-29 19:00 - 2014-05-29 19:00 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-05-29 17:02 - 2014-05-29 17:02 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2014-05-29 12:39 - 2014-05-29 12:20 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\MyPhoneExplorer
2014-05-29 12:34 - 2014-05-29 12:34 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-05-29 12:34 - 2014-05-08 21:41 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-29 12:26 - 2014-05-29 12:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-05-29 12:22 - 2014-05-29 12:22 - 00000000 ____D () C:\Users\Julian\.android
2014-05-29 12:20 - 2014-05-29 12:20 - 00002069 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-05-29 12:20 - 2014-05-29 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-05-29 12:20 - 2014-05-29 12:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-05-28 20:32 - 2014-04-15 15:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-28 20:32 - 2014-04-15 15:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-28 20:32 - 2014-04-15 15:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-28 16:51 - 2014-02-16 18:25 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-20 04:44 - 2014-05-28 16:49 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-28 16:49 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-28 16:49 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2014-04-30 14:24 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-04-30 14:24 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2014-04-30 14:24 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2014-04-30 14:24 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2014-04-30 14:24 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2014-04-30 14:24 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 04:44 - 2014-04-30 14:24 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 03:25 - 2014-04-30 14:24 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2014-04-30 14:24 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2014-04-30 14:24 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2014-04-30 14:24 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2014-04-30 14:24 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2014-04-30 14:24 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-28 16:51 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-18 19:37 - 2014-05-18 19:37 - 00002049 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-05-18 19:37 - 2014-05-18 19:37 - 00002030 _____ () C:\Users\Public\Desktop\Tribes Ascend.lnk
2014-05-18 19:37 - 2014-05-18 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-05-18 19:37 - 2014-02-16 19:15 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-05-18 19:37 - 2014-02-16 19:15 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-05-18 19:37 - 2014-02-16 18:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-16 22:52 - 2014-05-16 22:52 - 00000000 ____D () C:\Windows\Sun
2014-05-16 19:24 - 2014-05-16 19:15 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\DAEMON Tools Lite
2014-05-16 19:16 - 2014-05-16 19:14 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-05-16 19:15 - 2014-05-16 19:15 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-05-16 19:15 - 2014-05-16 19:15 - 00001958 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-05-16 19:15 - 2014-05-16 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-05-16 19:15 - 2014-05-16 19:15 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-16 19:09 - 2014-05-16 19:09 - 00001287 _____ () C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk
2014-05-16 19:09 - 2014-05-16 19:09 - 00001287 _____ () C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk
2014-05-16 19:09 - 2014-05-16 19:09 - 00001172 _____ () C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk
2014-05-16 19:04 - 2014-05-16 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-05-16 14:19 - 2014-02-22 22:09 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\vlc
2014-05-16 14:10 - 2014-04-16 08:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 14:07 - 2014-02-16 21:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 17:29 - 2009-07-14 06:45 - 00308096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-15 15:53 - 2014-05-15 15:53 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-15 15:53 - 2014-05-15 15:53 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-15 15:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 13:54 - 2014-05-15 13:40 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-05-15 13:41 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\WindSolutions
2014-05-15 13:37 - 2014-02-24 23:30 - 00000600 _____ () C:\Users\Julian\AppData\Roaming\winscp.rnd
2014-05-15 13:33 - 2014-04-12 22:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:33 - 2014-04-12 22:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 13:33 - 2014-04-12 22:11 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 01:49 - 2014-04-30 14:24 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 21:32 - 2014-02-16 18:04 - 00000000 ___RD () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 21:32 - 2014-02-16 18:04 - 00000000 ___RD () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 21:31 - 2014-04-25 00:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 16:40 - 2014-02-16 20:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 16:39 - 2014-02-16 20:25 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 22:47 - 2014-05-01 13:21 - 00002016 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-12 22:47 - 2014-04-22 22:13 - 00000868 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-12 22:42 - 2014-03-16 19:42 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Audacity
2014-05-12 21:58 - 2014-05-12 21:58 - 00108960 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-05-12 21:58 - 2014-05-12 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-05-12 21:58 - 2014-05-12 21:58 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-05-12 21:16 - 2014-05-12 21:16 - 00000000 ____D () C:\Users\Julian\PietSmiet Soundpack
2014-05-10 21:53 - 2014-04-12 22:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-10 20:37 - 2014-02-16 21:58 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-10 20:04 - 2014-05-10 20:04 - 00000000 ____D () C:\Windows\USB Vibration
2014-05-10 20:04 - 2014-05-10 20:04 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2014-05-10 19:58 - 2014-05-10 19:58 - 00001987 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2014-05-10 19:58 - 2014-05-10 19:58 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-05-10 19:58 - 2014-04-07 12:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-10 19:58 - 2014-02-16 19:19 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-09 23:21 - 2014-02-17 21:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 23:21 - 2014-02-17 21:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-14 13:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 13:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-08 10:23
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Julian at 2014-06-08 19:17:37
Running from E:\Bibliotheken\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Any Video Converter 5.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.97 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CrystalDiskInfo 6.1.8 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.8 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
diclovit's mod pack 1.11.0 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 1.11.0 - diclovit)
DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM-x32\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.02 - Ubisoft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2884 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King (HKLM-x32\...\King) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version: - BioWare)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version: - OVERKILL - a Starbreeze Studio.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
ROCCAT Kone Pure Optical Mouse Driver (HKLM-x32\...\{22D40E66-0D41-45A3-A8A1-90B8A38D9A68}) (Version: - Roccat GmbH)
RPG Maker 2003 v1.08 (HKLM-x32\...\RPG Maker 2003_is1) (Version: - Enterbrain, Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
SHOUTcast DSP plugin V2 (HKLM-x32\...\SHOUTcast) (Version: - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Takedown: Red Sabre (HKLM-x32\...\Steam App 236510) (Version: - Serellan LLC)
Tango (HKCU\...\Tango) (Version: 1.6.14117 - TangoMe, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tor 0.2.4.22 (HKLM-x32\...\Tor) (Version: - )
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Twin USB Vibration Gamepad (HKLM-x32\...\{BA12FD6D-169A-11D7-A6A9-00C026281E5A}) (Version: 2006.7.18 - )
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
Vidalia 0.2.21 (HKLM-x32\...\Vidalia) (Version: - )
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version: - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welt der Wunder - Eine Stadt spielt verrueckt (HKLM-x32\...\{E808CBBF-4E67-4C59-855D-29BE9A87126D}) (Version: 1.00.0000 - Terzio Verlag)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-03-19 13:30 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.128.1 speedport.ip
==================== Scheduled Tasks (whitelisted) =============
Task: {3EF298BE-D35D-4EE8-9CF0-183DE32CFB02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4F192D83-F9F7-4DC9-9468-F6576D04A136} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {61689C82-F29D-4336-8A39-86EA115634C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7214BA3D-E9D4-4E9B-BAB7-430360C0A81F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-28] (Adobe Systems Incorporated)
Task: {75AB4D90-210A-49E6-A489-CE34C94FF842} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {AFF13E70-10EE-40B1-BDBE-29F1BAB25DFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {BD467263-D980-4B0D-8D4B-7A50316EE0A0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CA03070E-222F-4807-9D74-EF41B333E8B2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software)
Task: {CCD22341-4776-414D-8C16-0AA285BA5C17} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2500361306-1845089342-944013071-1000
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-30 14:24 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-28 20:09 - 2014-06-03 12:36 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-02-16 18:23 - 2008-07-11 16:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2014-02-16 18:23 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2014-02-16 18:15 - 2012-05-10 01:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-08 09:57 - 2014-06-08 09:57 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060800\algo.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-19 17:11 - 2012-06-06 10:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll
2014-05-08 21:41 - 2013-11-28 12:14 - 00013824 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-05-08 21:42 - 2013-11-28 18:59 - 00098816 _____ () C:\Program Files (x86)\Samsung Magician\PAL.dll
2014-05-08 21:42 - 2013-11-28 18:59 - 00034304 _____ () C:\Program Files (x86)\Samsung Magician\SATA.dll
2014-05-08 21:42 - 2013-11-28 18:59 - 00032768 _____ () C:\Program Files (x86)\Samsung Magician\SAT.dll
2014-05-08 21:42 - 2013-11-28 19:00 - 00031232 _____ () C:\Program Files (x86)\Samsung Magician\SMINI.dll
2014-05-08 21:42 - 2013-11-28 18:59 - 00029696 _____ () C:\Program Files (x86)\Samsung Magician\SAS.dll
2014-02-22 13:03 - 2012-10-01 19:53 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\hiddriver.dll
2014-04-12 22:11 - 2014-04-12 22:11 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-16 20:27 - 2014-02-16 20:27 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2014-02-16 18:12 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-16 18:11 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-28 17:28 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-28 17:28 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-28 17:28 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-28 17:28 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-28 17:28 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: Vidalia => "C:\Tor Browser\Vidalia Bridge Bundle\Vidalia\vidalia.exe"
==================== Faulty Device Manager Devices =============
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/08/2014 07:08:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/08/2014 06:10:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/08/2014 06:10:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/08/2014 06:10:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/08/2014 06:09:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/08/2014 06:11:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (06/08/2014 07:08:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (06/08/2014 06:10:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Bibliotheken\Desktop\esetsmartinstaller_deu.exe
Error: (06/08/2014 06:10:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Bibliotheken\Desktop\esetsmartinstaller_deu.exe
Error: (06/08/2014 06:10:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Bibliotheken\Desktop\esetsmartinstaller_deu.exe
Error: (06/08/2014 06:09:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-04-27 18:21:43.482
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\btkrnl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-27 18:21:43.450
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\btkrnl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 8069.95 MB
Available physical RAM: 4774.9 MB
Total Pagefile: 16138.07 MB
Available Pagefile: 12717.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:48.98 GB) NTFS
Drive d: (Samsung SSD) (Fixed) (Total:232.88 GB) (Free:147.5 GB) NTFS
Drive e: (Daten) (Fixed) (Total:931.51 GB) (Free:517.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (SHOK_GOLD) (CDROM) (Total:3.15 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F9582584)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: D758683C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CBA02A7C)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.06.2014, 22:46
| #2 |
| | Kleines Update Habe inzwischen nochmal ein paar Programme durchlaufen lassen, Logs natürlich wieder eingefügt. Avast hat im Vollständigen Suchdurchlauf nichts gefunden.
__________________Mir ist aufgefallen, dass ich im Google Chrome immer die Erweiterung "sAve on" Version 2.14 installiert habe. Wenn ich sie lösche und dann Chrome neustarte ist sie wieder da. Vorhin habe ich auf einer vertrauenswürdigen Seite auf einen Link geklickt und wurde auf eine seltsame Seite umgeleitet. Malwarebytes Anti Rootkit: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.06.08.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16899
Julian :: JULIAN-TOWER [administrator]
08.06.2014 22:52:20
mbar-log-2014-06-08 (22-52-20).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 325329
Time elapsed: 3 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter HitmanPro 3.7.9.216
www.hitmanpro.com
Computer name . . . . : JULIAN-TOWER
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : Julian-Tower\Julian
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-06-08 23:37:21
Scan mode . . . . . . : Normal
Scan duration . . . . : 53s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 16
Objects scanned . . . : 1.508.552
Files scanned . . . . : 71.268
Remnants scanned . . : 518.193 files / 919.091 keys
Suspicious files ____________________________________________________________
C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
Size . . . . . . . : 963.480 bytes
Age . . . . . . . : 5.5 days (2014-06-03 12:36:16)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 24.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
Forensic Cluster
-0.2s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\htm\wc002331.htm
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
Size . . . . . . . : 963.480 bytes
Age . . . . . . . : 0.3 days (2014-06-08 15:14:21)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 24.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
Forensic Cluster
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
Size . . . . . . . : 963.480 bytes
Age . . . . . . . : 5.5 days (2014-06-03 12:31:59)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 24.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
Forensic Cluster
-0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\
-0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.db
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.db
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbag.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\scrnshot\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\dll\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\dll\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\htm\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\htm\
0.1s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe
0.1s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe
0.1s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe
6.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10
6.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
9.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
10.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbns_c.dat
11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Size . . . . . . . : 139.032 bytes
Age . . . . . . . : 5.5 days (2014-06-03 12:32:10)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 0CA9D48C9E3D938121A73EBE6EA3FBE19A9AE017EEDA066A22CF254A688A98C2
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 24.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Forensic Cluster
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.db
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbcl.db
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbag.dll
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\scrnshot\
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\dll\
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\dll\
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\htm\
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\htm\
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe
-11.4s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe
-4.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10
-4.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-2.2s C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\5w8wfjzb.default\thumbnails\a053b39069ad6525d57ad82ddf542dc9.png
-1.5s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\pbns_c.dat
0.0s C:\Users\Julian\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbcl.dll
Size . . . . . . . : 972.392 bytes
Age . . . . . . . : 8.5 days (2014-05-31 12:09:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : FE6B05F0710C2B7A9563E762362D75402739081169F8812F1B2BA25B7EF09D1B
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 23.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
Forensic Cluster
-2.3s C:\Program Files (x86)\Steam\appcache\stats\UserGameStatsSchema_272350.bin
-2.3s C:\Program Files (x86)\Steam\appcache\stats\UserGameStatsSchema_272350.bin
-2.2s C:\Program Files (x86)\Steam\appcache\stats\UserGameStats_106032124_272350.bin
-1.9s C:\Program Files (x86)\Steam\appcache\httpcache\9d\9d0bd7eeda8b2f490f73524ca86b5acd8585ff50_732c6c5248e6096e5e6cd915ab9288a7369bfe65
-0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\
-0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\
-0.0s C:\Users\Julian\AppData\Local\PunkBuster\
-0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbclgame.cfg
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbcl.db
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbcl.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbag.dll
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\scrnshot\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\dll\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\dll\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\dll\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\dll\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\htm\
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\htm\
1.1s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\PnkBstrB.exe
4.2s C:\Windows\SysWOW64\PnkBstrB.xtr
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
5.0s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\PnkBstrK.sys
C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\PnkBstrK.sys
Size . . . . . . . : 139.016 bytes
Age . . . . . . . : 8.5 days (2014-05-31 12:09:53)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 2255D5567582FC2038925CA2A47BAB1B2CF81456C83704DED218D7361BCEF95F
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 23.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Forensic Cluster
-12.5s C:\Program Files (x86)\Steam\appcache\stats\UserGameStatsSchema_272350.bin
-12.5s C:\Program Files (x86)\Steam\appcache\stats\UserGameStatsSchema_272350.bin
-12.5s C:\Program Files (x86)\Steam\appcache\stats\UserGameStats_106032124_272350.bin
-12.2s C:\Program Files (x86)\Steam\appcache\httpcache\9d\9d0bd7eeda8b2f490f73524ca86b5acd8585ff50_732c6c5248e6096e5e6cd915ab9288a7369bfe65
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbclgame.cfg
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbcl.db
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbcl.dll
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\pbag.dll
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\scrnshot\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\dll\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\dll\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\dll\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\dll\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\htm\
-10.3s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\htm\
-9.1s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\PnkBstrB.exe
-6.0s C:\Windows\SysWOW64\PnkBstrB.xtr
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
-5.3s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_6E6FA26864416ECB3FBBB901361389EF
0.0s C:\Users\Julian\AppData\Local\PunkBuster\GRO\pb\PnkBstrK.sys
Cookies _____________________________________________________________________
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\1LX0Q00Y.txt
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\51SFEHW6.txt
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\M1T008NA.txt
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\R4PJIRQH.txt
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\UMINYMEI.txt
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\UTIWEJ1F.txt
C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\cookies.sqlite:doubleclick.net
C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5w8wfjzb.default\cookies.sqlite:www.googleadservices.com
|
|
10.06.2014, 13:53
| #3 |
| | Adware und Trojaner gefunden Weiß denn keiner was? Normalerweise bin ich eine schnelle Antwort auf trojaner-board gewöhnt
__________________ |
|
07.09.2014, 14:44
| #4 |
| Administrator /// technical service   | Adware und Trojaner gefunden Hallo, leider wurde Dein Thema aus (technischen Gründen) übersehen. Da mehrere Antworten in Deinem Thema vorhanden waren, wurde es versehentlich als 'bereits in Arbeit' eingestuft. Dies bitten wir zu entschuldigen. Wir versuchen jedem Hilfesuchenden binnen kurzer Zeit zu antworten und Lösungen für das Problem anzubieten. Bitte erstelle ggf. ein neues Thema, damit sich ein Teammitglied deinem Problem annehmen kann. Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Vielen Dank für Dein Verständnis. |
|
Linear-Darstellung
