![]() |
Plagegeister aller Art und deren Bekämpfung: Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBinWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
![]() ![]() | ![]() Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBin Hallo, nachdem mein Rechner heute beim Hochfahren und auch später noch etwas rumgemuckt hat (zwar selten, aber kommt schon mal vor), habe ich sicherheitshalber mal einen Komplettscan mit Avast und Malwarebytes gemacht. MBAM findet nichts: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.06.2014 Suchlauf-Zeit: 10:08:19 Logdatei: mbam2606.txt Administrator: Ja Version: Malware Datenbank: v2014.06.26.02 Rootkit Datenbank: v2014.06.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Thomas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 304913 Verstrichene Zeit: 24 Min, 45 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter * * avast! Protokolldatei * Diese Protokolldatei wurde automatisch erstellt * * Prüfungsname: Vollständige Überprüfung * Start: Donnerstag, 26. Juni 2014 11:31:27 * VPS: 140625-1, 26.06.2014 * C:\Users\Thomas\SkyDrive:ms-properties [E] Datei ist offline - sie ist aktuell nicht verfügbar. (42006) C:\Users\Thomas\SkyDrive\Bilder:ms-properties [E] Datei ist offline - sie ist aktuell nicht verfügbar. (42006) C:\Users\Thomas\SkyDrive\Öffentlich:ms-properties [E] Datei ist offline - sie ist aktuell nicht verfügbar. (42006) C:\Users\Thomas\SkyDrive\Dokumente:ms-properties [E] Datei ist offline - sie ist aktuell nicht verfügbar. (42006) C:\$Recycle.Bin\S-1-5-21-1527760966-2949252006-2613962477-1001\$RV74OQC.exe|>[Embedded_R#6c550] [L] Win32:Dropper-gen [Drp] (0) Infizierte Dateien: 1 Dateien gesamt: 372609 Ordner gesamt: 34546 Gesamtgröße: 124,2 GB * * Prüfung beendet: Donnerstag, 26. Juni 2014 12:15:44 * Laufzeit war 44 Minute(n), 44 Sekunde(n) * Die befallene Datei lässt sich leider gerade auch nicht in die Quarantäne verschieben, Avast meldet dann, der Server sei nicht erreichbar. Ich scanne so einmal die Woche mit Avast und MBAM, bisher immer ohne Fund. Der Guard von Avast hat einmal "Classic Explorer Bar" als schlecht bewertet beanstandet, aber da das zu Classic Shell gehört und das schon seit langem auf meinem Rechner ist, hatte ich das ignoriert. Die weiteren Scans: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014 Ran by Thomas (administrator) on ELMOS_PC on 26-06-2014 12:07:12 Running from C:\Users\Thomas\Desktop Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-05] (AVAST Software) HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] () HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation) HKU\S-1-5-21-1527760966-2949252006-2613962477-1001\...\Run: [Spotify Web Helper] => C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd) HKU\S-1-5-21-1527760966-2949252006-2613962477-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-1527760966-2949252006-2613962477-1001\...\MountPoints2: {1a6fcc9c-37e3-11e3-8250-806e6f6e6963} - "K:\setup.exe" ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC386C2E4A488CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\mbvrg5ki.default FF Homepage: www.spiegel.de FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Bitdefender QuickScan - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\mbvrg5ki.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-11-07] FF Extension: NoScript - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\mbvrg5ki.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-18] FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\mbvrg5ki.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-18] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-18] FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2013-08-18] Chrome: ======= CHR Extension: (AdBlock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-15] CHR Extension: (avast! Online Security) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-18] CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-23] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software) R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) S2 DAUpdaterSvc; E:\Origin\Dragon Age\\bin_ship\daupdatersvc.service.exe [X] ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2013-06-26] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2013-06-26] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] () S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] () R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-26 12:07 - 2014-06-26 12:07 - 00012771 _____ () C:\Users\Thomas\Desktop\FRST.txt 2014-06-26 12:07 - 2014-06-26 12:07 - 00000000 ____D () C:\FRST 2014-06-26 12:03 - 2014-06-26 12:03 - 00001148 _____ () C:\Users\Thomas\Desktop\mbam2606.txt 2014-06-26 12:00 - 2014-06-26 12:00 - 02082816 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe 2014-06-26 12:00 - 2014-06-26 12:00 - 00380416 _____ () C:\Users\Thomas\Desktop\3xsw6f1i.exe 2014-06-26 11:37 - 2014-06-26 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-06-26 11:36 - 2014-06-26 11:58 - 00000000 ____D () C:\Users\Thomas\Desktop\mbar 2014-06-26 11:36 - 2014-06-26 11:36 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar- 2014-06-26 10:46 - 2014-06-26 10:46 - 02347384 _____ (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_deu.exe 2014-06-25 23:56 - 2014-06-25 23:56 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Daedalic Entertainment 2014-06-25 00:50 - 2014-06-25 00:50 - 00000769 _____ () C:\Users\Public\Desktop\The Dark Eye - Chains of Satinav.lnk 2014-06-25 00:50 - 2014-06-25 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Dark Eye - Chains of Satinav [GOG.com] 2014-06-25 00:32 - 2014-06-25 00:34 - 211601369 _____ () C:\Users\Thomas\Downloads\setup_the_dark_eye_chains_of_satinav_2.0.0.4-4.bin 2014-06-24 23:27 - 2014-06-24 23:27 - 00789168 _____ (GOG.com ) C:\Users\Thomas\Downloads\setup_the_dark_eye_chains_of_satinav_2.0.0.4(1).exe 2014-06-24 23:26 - 2014-06-24 23:26 - 00789168 _____ (GOG.com ) C:\Users\Thomas\Downloads\setup_the_dark_eye_chains_of_satinav_2.0.0.4.exe 2014-06-23 20:52 - 2014-06-23 20:52 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\3909 2014-06-22 12:48 - 2014-06-22 12:48 - 03956896 _____ (Miranda IM Project) C:\Users\Thomas\Downloads\miranda-im-v0.10.23-unicode.exe 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-16 23:25 - 2014-06-16 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kehrmaschinen-Simulator 2011 2014-06-16 13:07 - 2014-06-16 13:07 - 00000000 ____D () C:\Users\Thomas\Documents\Street Cleaning 2014-06-16 13:07 - 2014-06-16 13:07 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Street Cleaning 2014-06-15 22:05 - 2014-06-15 22:12 - 00000000 ____D () C:\Users\Thomas\Documents\FUSSBALL MANAGER 13 2014-06-15 21:59 - 2014-06-15 21:59 - 00000806 _____ () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\ Origins.lnk 2014-06-15 20:06 - 2014-06-15 20:06 - 00000789 _____ () C:\Users\Public\Desktop\Dragon Age Origins.lnk 2014-06-15 20:06 - 2014-06-15 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins 2014-06-15 05:10 - 2014-06-15 05:10 - 26170048 _____ (BioWare) C:\Users\Thomas\Downloads\DAUServiceDiagnostic_beta.exe 2014-06-15 05:10 - 2014-06-15 05:10 - 00007356 _____ () C:\Users\Thomas\Documents\Dragon Age Origins Addins Repair.log 2014-06-15 05:10 - 2014-06-15 05:10 - 00002660 _____ () C:\Users\Thomas\Documents\Dragon Age Origins Service Diagnostic.log 2014-06-15 02:34 - 2014-06-15 02:33 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-15 02:33 - 2014-06-15 02:33 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-15 02:33 - 2014-06-15 02:33 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-15 02:33 - 2014-06-15 02:33 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-06-15 02:33 - 2014-06-15 02:33 - 00000000 ____D () C:\Program Files\Java 2014-06-15 02:27 - 2014-06-15 02:28 - 30984104 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\jre-7u60-windows-x64.exe 2014-06-15 00:46 - 2014-06-15 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 13 2014-06-14 02:18 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-06-14 02:18 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-06-14 02:18 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-06-14 02:18 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-06-14 02:17 - 2014-06-14 02:18 - 00004100 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log 2014-06-14 02:16 - 2014-06-14 02:16 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\jxpiinstall.exe 2014-06-13 12:26 - 2014-06-13 12:26 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe 2014-06-11 15:22 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-11 15:22 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-11 15:22 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-11 15:22 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-06-11 15:22 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-11 15:22 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-11 15:22 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-11 15:22 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-11 15:22 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-11 15:22 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-11 15:22 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-11 15:22 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-11 15:22 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-11 15:22 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-06-11 15:22 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-11 15:22 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-11 15:22 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-11 15:22 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-11 15:22 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-11 15:22 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-11 15:22 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-11 15:22 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-11 15:22 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-11 15:22 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-11 15:22 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-11 15:22 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-11 15:22 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-11 15:22 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-11 15:22 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-06-11 15:22 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-11 15:22 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-11 15:22 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2014-06-11 15:22 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-11 15:22 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-11 15:22 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 15:22 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 15:22 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-06-11 15:22 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-06-11 15:22 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-11 15:22 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-11 15:22 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-11 15:22 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-06-11 15:21 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll 2014-06-11 15:21 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-06-11 15:21 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-06-11 15:21 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll 2014-06-11 15:21 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-06-11 15:21 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-06-11 15:21 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2014-06-11 15:21 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-06-11 15:21 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-06-11 15:21 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-06-11 15:21 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-06-11 15:21 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2014-06-11 15:21 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2014-06-11 15:21 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2014-06-11 15:21 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2014-06-11 15:21 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll 2014-06-11 15:21 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-06-11 15:21 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll 2014-06-11 15:21 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll 2014-06-11 15:21 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-06-11 15:21 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2014-06-11 15:21 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2014-06-11 15:21 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2014-06-11 15:21 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2014-06-11 15:21 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll 2014-06-11 15:21 - 2014-04-06 18:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-06-11 15:21 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2014-06-11 15:21 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2014-06-11 15:21 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2014-06-11 15:21 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-06-11 15:21 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2014-06-11 15:21 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll 2014-06-11 15:21 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-06-11 15:21 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2014-06-11 15:21 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-06-11 15:21 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-06-11 15:21 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll 2014-06-11 15:21 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2014-06-11 15:21 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2014-06-11 15:21 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2014-06-11 15:21 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll 2014-06-11 15:21 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-06-11 15:21 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-06-11 15:21 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2014-06-11 15:21 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2014-06-11 15:21 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-06-11 15:21 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2014-06-11 15:21 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2014-06-11 15:21 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-06-11 15:21 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2014-06-11 15:21 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2014-06-11 15:21 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2014-06-11 15:21 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2014-06-11 15:21 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2014-06-11 15:21 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2014-06-11 15:21 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2014-06-11 15:21 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll 2014-06-11 15:21 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2014-06-11 15:21 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-06-11 15:21 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-06-11 15:21 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2014-06-11 15:21 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-06-11 15:21 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-06-11 15:21 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll 2014-06-11 15:21 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll 2014-06-11 15:21 - 2014-04-01 08:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2014-06-11 15:21 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-06-11 15:21 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll 2014-06-11 15:21 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2014-06-11 15:21 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2014-06-11 15:21 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2014-06-11 15:21 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-06-11 15:21 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-06-11 15:21 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-06-11 15:21 - 2014-03-30 23:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-06-11 15:21 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2014-06-11 15:21 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2014-06-11 15:21 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2014-06-11 15:21 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2014-06-11 15:21 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2014-06-11 15:21 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2014-06-11 15:21 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2014-06-11 15:21 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll 2014-06-11 15:21 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2014-06-11 15:21 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2014-06-11 15:21 - 2014-03-21 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll 2014-06-11 15:21 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2014-06-11 15:21 - 2014-03-20 02:51 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll 2014-06-11 15:21 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-06-11 15:21 - 2014-03-20 01:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll 2014-06-11 15:21 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-06-11 15:21 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2014-06-11 15:21 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2014-06-11 15:21 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-06-11 15:21 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2014-06-11 15:21 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-06-11 15:21 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-06-11 15:21 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2014-06-11 15:21 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2014-06-11 15:21 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2014-06-11 15:21 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-06-11 15:21 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2014-06-11 15:21 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2014-06-11 15:21 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2014-06-11 15:21 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-06-11 15:21 - 2014-03-18 10:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2014-06-11 15:21 - 2014-03-18 10:18 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xusb22.sys 2014-06-11 15:21 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2014-06-11 15:21 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2014-06-11 15:21 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-06-11 15:21 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-06-11 15:21 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2014-06-11 15:21 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-06-11 15:21 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2014-06-11 15:21 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll 2014-06-11 15:21 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll 2014-06-11 15:21 - 2014-03-06 14:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2014-06-11 15:20 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe 2014-06-11 15:20 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2014-06-11 15:20 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe 2014-06-11 15:20 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-06-11 15:20 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys 2014-06-11 15:20 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-06-11 15:20 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-06-11 15:20 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-06-11 15:20 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll 2014-06-11 15:20 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2014-06-11 15:20 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2014-06-11 15:20 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2014-06-11 15:18 - 2014-06-11 15:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 15:17 - 2014-06-11 15:17 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 15:17 - 2014-06-11 15:17 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 15:17 - 2014-06-11 15:17 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 11:43 - 2014-06-11 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-05-31 16:35 - 2014-05-31 16:35 - 05096296 _____ (Igor Pavlov) C:\Users\Thomas\Downloads\USBDrivers_231.exe 2014-05-29 16:54 - 2014-05-29 16:54 - 00000000 ____D () C:\Users\Thomas\Documents\Battlefield 3 2014-05-29 16:53 - 2014-05-29 16:53 - 02247960 _____ () C:\Users\Thomas\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-05-29 16:53 - 2014-05-29 16:53 - 00000000 ____D () C:\Users\Thomas\AppData\Local\ESN 2014-05-29 16:53 - 2014-05-29 16:53 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-05-29 16:51 - 2014-05-29 16:51 - 00000000 ____D () C:\ProgramData\EA Core 2014-05-29 00:29 - 2014-05-29 09:52 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Origin 2014-05-29 00:29 - 2014-05-29 01:30 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Origin 2014-05-29 00:29 - 2014-05-29 00:29 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-29 00:27 - 2014-06-26 00:39 - 00000000 ____D () C:\ProgramData\Origin 2014-05-29 00:27 - 2014-06-25 22:59 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-29 00:27 - 2014-05-29 00:27 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Thomas\Downloads\OriginThinSetup.exe 2014-05-29 00:27 - 2014-05-29 00:27 - 00000995 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-05-29 00:27 - 2014-05-29 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin ==================== One Month Modified Files and Folders ======= 2014-06-26 12:07 - 2014-06-26 12:07 - 00012771 _____ () C:\Users\Thomas\Desktop\FRST.txt 2014-06-26 12:07 - 2014-06-26 12:07 - 00000000 ____D () C:\FRST 2014-06-26 12:06 - 2013-09-25 10:45 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5BC5BD7C-E531-4B3F-92CE-F8B8374F6F5E} 2014-06-26 12:03 - 2014-06-26 12:03 - 00001148 _____ () C:\Users\Thomas\Desktop\mbam2606.txt 2014-06-26 12:02 - 2014-04-10 10:14 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-26 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-06-26 12:00 - 2014-06-26 12:00 - 02082816 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe 2014-06-26 12:00 - 2014-06-26 12:00 - 00380416 _____ () C:\Users\Thomas\Desktop\3xsw6f1i.exe 2014-06-26 11:59 - 2013-10-18 13:08 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\ClassicShell 2014-06-26 11:58 - 2014-06-26 11:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-06-26 11:58 - 2014-06-26 11:36 - 00000000 ____D () C:\Users\Thomas\Desktop\mbar 2014-06-26 11:44 - 2013-06-18 11:28 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-06-26 11:36 - 2014-06-26 11:36 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar- 2014-06-26 11:36 - 2014-04-10 10:14 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-26 11:18 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-26 11:18 - 2013-09-30 05:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat 2014-06-26 11:18 - 2013-09-30 05:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat 2014-06-26 11:17 - 2013-06-18 11:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1527760966-2949252006-2613962477-1001 2014-06-26 11:14 - 2013-08-10 15:41 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-26 11:14 - 2013-06-18 11:33 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-26 11:12 - 2013-10-18 13:05 - 00000000 __RDO () C:\Users\Thomas\SkyDrive 2014-06-26 11:12 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-26 11:12 - 2013-06-26 22:19 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-06-26 11:12 - 2013-06-18 11:33 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-26 10:46 - 2014-06-26 10:46 - 02347384 _____ (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_deu.exe 2014-06-26 10:32 - 2013-10-19 11:44 - 00570368 ___SH () C:\Users\Thomas\Desktop\Thumbs.db 2014-06-26 10:03 - 2013-11-07 18:20 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\QuickScan 2014-06-26 09:48 - 2013-10-18 12:54 - 00000000 ____D () C:\Users\Thomas 2014-06-26 09:42 - 2014-04-14 19:27 - 01479227 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-26 09:40 - 2013-08-04 10:05 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-06-26 00:39 - 2014-05-29 00:27 - 00000000 ____D () C:\ProgramData\Origin 2014-06-26 00:39 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-06-25 23:56 - 2014-06-25 23:56 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Daedalic Entertainment 2014-06-25 22:59 - 2014-05-29 00:27 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-25 22:59 - 2014-05-01 12:10 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-06-25 22:48 - 2013-06-18 12:31 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-25 15:22 - 2013-06-18 12:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify 2014-06-25 14:57 - 2013-06-18 12:34 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify 2014-06-25 00:50 - 2014-06-25 00:50 - 00000769 _____ () C:\Users\Public\Desktop\The Dark Eye - Chains of Satinav.lnk 2014-06-25 00:50 - 2014-06-25 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Dark Eye - Chains of Satinav [GOG.com] 2014-06-25 00:34 - 2014-06-25 00:32 - 211601369 _____ () C:\Users\Thomas\Downloads\setup_the_dark_eye_chains_of_satinav_2.0.0.4-4.bin 2014-06-24 23:27 - 2014-06-24 23:27 - 00789168 _____ (GOG.com ) C:\Users\Thomas\Downloads\setup_the_dark_eye_chains_of_satinav_2.0.0.4(1).exe 2014-06-24 23:26 - 2014-06-24 23:26 - 00789168 _____ (GOG.com ) C:\Users\Thomas\Downloads\setup_the_dark_eye_chains_of_satinav_2.0.0.4.exe 2014-06-24 00:09 - 2013-06-18 11:33 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-24 00:09 - 2013-06-18 11:33 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-23 20:52 - 2014-06-23 20:52 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\3909 2014-06-23 07:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-06-22 13:43 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-06-22 12:48 - 2014-06-22 12:48 - 03956896 _____ (Miranda IM Project) C:\Users\Thomas\Downloads\miranda-im-v0.10.23-unicode.exe 2014-06-21 23:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-06-20 15:16 - 2013-06-18 11:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-19 11:48 - 2014-04-17 15:26 - 00012235 _____ () C:\WINDOWS\setupact.log 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-16 23:25 - 2014-06-16 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kehrmaschinen-Simulator 2011 2014-06-16 13:07 - 2014-06-16 13:07 - 00000000 ____D () C:\Users\Thomas\Documents\Street Cleaning 2014-06-16 13:07 - 2014-06-16 13:07 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Street Cleaning 2014-06-15 22:12 - 2014-06-15 22:05 - 00000000 ____D () C:\Users\Thomas\Documents\FUSSBALL MANAGER 13 2014-06-15 21:59 - 2014-06-15 21:59 - 00000806 _____ () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\ Origins.lnk 2014-06-15 20:06 - 2014-06-15 20:06 - 00000789 _____ () C:\Users\Public\Desktop\Dragon Age Origins.lnk 2014-06-15 20:06 - 2014-06-15 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins 2014-06-15 20:06 - 2014-05-03 18:02 - 00241401 _____ () C:\WINDOWS\DirectX.log 2014-06-15 05:12 - 2013-09-25 14:48 - 00000000 ____D () C:\ProgramData\BioWare 2014-06-15 05:10 - 2014-06-15 05:10 - 26170048 _____ (BioWare) C:\Users\Thomas\Downloads\DAUServiceDiagnostic_beta.exe 2014-06-15 05:10 - 2014-06-15 05:10 - 00007356 _____ () C:\Users\Thomas\Documents\Dragon Age Origins Addins Repair.log 2014-06-15 05:10 - 2014-06-15 05:10 - 00002660 _____ () C:\Users\Thomas\Documents\Dragon Age Origins Service Diagnostic.log 2014-06-15 03:06 - 2013-07-29 17:43 - 00000000 ____D () C:\Users\Thomas\Documents\BioWare 2014-06-15 02:33 - 2014-06-15 02:34 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-15 02:33 - 2014-06-15 02:33 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-15 02:33 - 2014-06-15 02:33 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-15 02:33 - 2014-06-15 02:33 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-06-15 02:33 - 2014-06-15 02:33 - 00000000 ____D () C:\Program Files\Java 2014-06-15 02:28 - 2014-06-15 02:27 - 30984104 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\jre-7u60-windows-x64.exe 2014-06-15 00:46 - 2014-06-15 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 13 2014-06-14 11:03 - 2014-04-26 08:40 - 00000000 ____D () C:\Users\Thomas\Desktop\HGWG 2014-06-14 02:18 - 2014-06-14 02:17 - 00004100 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log 2014-06-14 02:18 - 2014-01-16 16:22 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-14 02:18 - 2013-10-01 07:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-14 02:16 - 2014-06-14 02:16 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\jxpiinstall.exe 2014-06-13 16:36 - 2013-06-18 11:38 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Paint.NET 2014-06-13 12:26 - 2014-06-13 12:26 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe 2014-06-13 00:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-12 04:42 - 2013-08-22 16:44 - 00393104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-06-11 23:58 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-06-11 23:58 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-06-11 23:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-06-11 23:58 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-06-11 23:56 - 2013-07-19 02:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-11 23:47 - 2013-06-18 11:50 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-11 22:13 - 2014-06-11 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-11 15:18 - 2014-06-11 15:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 15:17 - 2014-06-11 15:17 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 15:17 - 2014-06-11 15:17 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 15:17 - 2014-06-11 15:17 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 15:17 - 2014-06-11 15:17 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 10:40 - 2013-06-18 11:28 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-06-04 21:30 - 2014-04-10 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-04 21:30 - 2014-04-10 10:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-04 21:30 - 2013-07-21 21:45 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-31 16:35 - 2014-05-31 16:35 - 05096296 _____ (Igor Pavlov) C:\Users\Thomas\Downloads\USBDrivers_231.exe 2014-05-31 07:13 - 2013-08-22 17:38 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-05-31 07:13 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-31 01:00 - 2014-05-04 10:31 - 00005300 _____ () C:\WINDOWS\PFRO.log 2014-05-30 12:21 - 2014-06-11 15:22 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-30 11:45 - 2014-06-11 15:22 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-05-30 11:28 - 2014-06-11 15:22 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-05-30 11:20 - 2014-06-11 15:22 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-05-30 11:18 - 2014-06-11 15:22 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-30 11:08 - 2014-06-11 15:22 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-05-30 11:06 - 2014-06-11 15:22 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-05-30 10:46 - 2014-06-11 15:22 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-30 10:44 - 2014-06-11 15:22 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-05-30 10:43 - 2014-06-11 15:22 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-05-30 10:38 - 2014-06-11 15:22 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-05-30 10:35 - 2014-06-11 15:22 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-05-30 10:29 - 2014-06-11 15:22 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-05-30 10:27 - 2014-06-11 15:22 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-05-30 10:23 - 2014-06-11 15:22 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-05-30 10:16 - 2014-06-11 15:22 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-05-30 10:04 - 2014-06-11 15:22 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-30 10:02 - 2014-06-11 15:22 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-05-30 09:56 - 2014-06-11 15:22 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-05-30 09:56 - 2014-06-11 15:22 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-05-30 09:54 - 2014-06-11 15:22 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-05-30 09:49 - 2014-06-11 15:22 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-05-30 09:43 - 2014-06-11 15:22 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-05-30 09:40 - 2014-06-11 15:22 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-05-30 09:30 - 2014-06-11 15:22 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-05-30 09:21 - 2014-06-11 15:22 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-05-30 09:15 - 2014-06-11 15:22 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-05-30 09:13 - 2014-06-11 15:22 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-05-30 09:13 - 2014-06-11 15:22 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-05-29 22:06 - 2013-09-25 12:08 - 00056380 _____ () C:\Users\Thomas\Documents\Install Dragon Age.log 2014-05-29 21:45 - 2013-09-25 12:49 - 00016198 _____ () C:\Users\Thomas\Documents\DAO Ultimate Addins Updater.log 2014-05-29 16:54 - 2014-05-29 16:54 - 00000000 ____D () C:\Users\Thomas\Documents\Battlefield 3 2014-05-29 16:53 - 2014-05-29 16:53 - 02247960 _____ () C:\Users\Thomas\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-05-29 16:53 - 2014-05-29 16:53 - 00000000 ____D () C:\Users\Thomas\AppData\Local\ESN 2014-05-29 16:53 - 2014-05-29 16:53 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-05-29 16:51 - 2014-05-29 16:51 - 00000000 ____D () C:\ProgramData\EA Core 2014-05-29 16:36 - 2013-08-24 12:48 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-29 09:52 - 2014-05-29 00:29 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Origin 2014-05-29 01:30 - 2014-05-29 00:29 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Origin 2014-05-29 00:29 - 2014-05-29 00:29 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-29 00:27 - 2014-05-29 00:27 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Thomas\Downloads\OriginThinSetup.exe 2014-05-29 00:27 - 2014-05-29 00:27 - 00000995 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-05-29 00:27 - 2014-05-29 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin Some content of TEMP: ==================== C:\Users\Thomas\AppData\Local\Temp\sfamcc00001.dll C:\Users\Thomas\AppData\Local\Temp\sfamcc00002.dll C:\Users\Thomas\AppData\Local\Temp\sfareca00001.dll C:\Users\Thomas\AppData\Local\Temp\sfareca00002.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-25 06:57 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014 Ran by Thomas at 2014-06-26 12:08:38 Running from C:\Users\Thomas\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: - Igor Pavlov) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: - Adobe Systems, Inc.) AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.) AIDA64 Extreme v4.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.00 - FinalWire Ltd.) AMD Catalyst Install Manager (HKLM\...\{2BFD590F-1D73-3533-E734-FDDAC3746E4A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version: - Bohemia Interactive) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - ) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software) Avencast (HKLM-x32\...\Steam App 46410) (Version: - ClockStone Studios) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) Bejeweled 3 (HKLM-x32\...\Steam App 78000) (Version: - PopCap Games, Inc.) BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston) Blood Bowl: Legendary Edition (HKLM-x32\...\Steam App 58520) (Version: - Cyanide Studios) BookWorm Deluxe (HKLM-x32\...\Steam App 3370) (Version: - PopCap Games, Inc.) Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games) Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc) CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform) Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version: - Focus Home Interactive) Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft) Cognition: An Erica Reed Thriller (HKLM-x32\...\Steam App 242780) (Version: - Phoenix Online Studios) Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts) Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles) Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts) Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - ) Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version: - Relic Entertainment) Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version: - Relic Entertainment) Confrontation (HKLM-x32\...\Steam App 204560) (Version: - Cyanide Studios) Dark Sector (HKLM-x32\...\Steam App 29900) (Version: - Digital Extremes) Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores) Dear Esther (HKLM-x32\...\Steam App 203810) (Version: - thechineseroom & Robert Briscoe) Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version: - Larian Studios) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: - Electronic Arts) Dream Pinball 3D (HKLM-x32\...\Steam App 215790) (Version: - ASK Homework) Dungeonland (HKLM-x32\...\Steam App 218130) (Version: - Critical Studio) Earth 2160 (HKLM-x32\...\Steam App 1900) (Version: - Reality Pump Studios) EaseUS Data Recovery Wizard 7.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.5_is1) (Version: - EaseUS) EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen) EPSON AL-C1600 (HKLM\...\EPSON AL-C1600) (Version: - ) Escape Rosecliff Island (HKLM-x32\...\Steam App 3600) (Version: - SpinTop Games) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) Europa Universalis III (HKLM-x32\...\Steam App 25800) (Version: - Paradox Development Studio) Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff) F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version: - Monolith ) F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version: - Monolith) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) Feeding Frenzy 2: Shipwreck Showdown Deluxe (HKLM-x32\...\Steam App 3390) (Version: - PopCap Games, Inc.) FreeDoko 0.7.11 (HKLM-x32\...\FreeDoko) (Version: 0.7.11 - Borg Enders und Diether Knof) FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games) FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: - Electronic Arts) Galactic Civilizations I: Ultimate Edition (HKLM-x32\...\Steam App 214150) (Version: - Stardock Entertainment) Game of Thrones (HKLM-x32\...\Steam App 208730) (Version: - Cyanide Studios) Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: - Garmin Ltd or its subsidiaries) Giana Sisters: Twisted Dreams - Rise of the Owlverlord (HKLM-x32\...\Steam App 246960) (Version: - Black Forest Games) Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version: - Black Forest Games) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: - Google) Google Update Helper (x32 Version: - Google Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North) Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games) GTR Evolution (HKLM-x32\...\Steam App 8660) (Version: - SimBin) Guardians of Middle-earth (HKLM-x32\...\Steam App 111900) (Version: - Zombie Studios) Gumboy Crazy Features (HKLM-x32\...\Steam App 2525) (Version: - CINEMAX, s.r.o.) Gumboy: Crazy Adventures (HKLM-x32\...\Steam App 2520) (Version: - CINEMAX, s.r.o.) Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version: - Paradox Development Studio) Ihf Handball Challenge 12 (HKLM-x32\...\Steam App 283490) (Version: - Neutron Games) International Snooker (HKLM-x32\...\Steam App 299500) (Version: - Big Head Games) IsoBuster 3.3 (HKLM-x32\...\IsoBuster3_is1) (Version: 3.3 - Smart Projects) Jagged Alliance 2 - Wildfire (HKLM-x32\...\Steam App 215930) (Version: - I-deal Games) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: - Oracle, Inc.) Hidden Kehrmaschinen-Simulator 2011 (HKLM-x32\...\Kehrmaschinen-Simulator 2011_is1) (Version: - astragon) King Arthur - Fallen Champions (HKLM-x32\...\Steam App 24460) (Version: - NEOCORE GAMES) King Arthur: Collection (HKLM-x32\...\Steam App 24470) (Version: - NeoCoreGames) L.A. Noire (HKLM-x32\...\Steam App 110800) (Version: - Team Bondi) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version: - Almost Human Games) Leviathan: Warships (HKLM-x32\...\Steam App 202270) (Version: - Pieces Interactive) LibreOffice (HKLM-x32\...\{FE88323B-9F0E-4596-8F56-37757C6918E9}) (Version: - The Document Foundation) Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Making History: The Calm & The Storm (HKLM-x32\...\Steam App 6250) (Version: - Muzzy Lane) Malwarebytes Anti-Malware Version (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes Corporation) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Medal of Honor(TM) Single Player (HKLM-x32\...\Steam App 47790) (Version: - Electronic Arts) Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version: - The Creative Assembly) Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: - Microsoft) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Miranda IM 0.10.21 (HKLM-x32\...\Miranda IM) (Version: 0.10.21 - Miranda IM Project) Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE) Mortal Kombat Kollection (HKLM-x32\...\Steam App 205350) (Version: - Other Ocean Interactive) Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSVC80_x64_v2 (Version: - Nokia) Hidden MSVC80_x86_v2 (x32 Version: - Nokia) Hidden MSVC90_x64 (Version: - Nokia) Hidden MSVC90_x86 (x32 Version: - Nokia) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly) Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment) Neighbours From Hell Compilation (HKLM-x32\...\{DE790600-2AEB-456D-836A-6654DB2577CD}) (Version: 1.0.0 - JoWooD Studio Vienna) NHL06 (HKLM-x32\...\{D0DC1674-B5E8-4364-009E-B350048DD006}) (Version: - ) NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - ) Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: - Nokia) Nokia Map Loader (HKLM-x32\...\{45D4F727-43B5-49CD-B474-B9866A8F4FB8}) (Version: 3.0.22 - Nokia) Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: - Nokia) Nokia Ovi Suite (x32 Version: - Nokia) Hidden Nokia Ovi Suite Software Updater (HKLM-x32\...\{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}) (Version: - Nokia Corporation) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: - Nokia) Nokia PC Suite (x32 Version: - Nokia) Hidden Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia Corporation) NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: - NTI Corporation) NTI Backup Now EZ (x32 Version: - NTI Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) Operation Flashpoint: Dragon Rising (HKLM-x32\...\Steam App 12830) (Version: - Codemasters Studios) Operation Flashpoint: Red River (HKLM-x32\...\Steam App 44340) (Version: - Codemasters Action Studio) Origin (HKLM-x32\...\Origin) (Version: - Electronic Arts, Inc.) Overlord (HKLM-x32\...\Steam App 11450) (Version: - Triumph Studios) Overlord: Raising Hell (HKLM-x32\...\Steam App 12710) (Version: - Triumph Studios) Ovi Desktop Sync Engine (x32 Version: - Nokia) Hidden OviMPlatform (x32 Version: - Nokia) Hidden Pacific Storm: Allies (HKLM-x32\...\Steam App 11260) (Version: - Buka) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - ) Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909) Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) Patrician IV: Steam Special Edition (HKLM-x32\...\Steam App 57620) (Version: - Gaming Minds Studios) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: - Nokia) Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version: - PopCap Games, Inc.) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: - Electronic Arts, Inc.) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games) Pool Nation (HKLM-x32\...\Steam App 254440) (Version: - Cherry Pop Games) Puran File Recovery 1.2 (HKLM\...\Puran File Recovery_is1) (Version: - Puran Software) R.U.S.E (HKLM-x32\...\Steam App 21970) (Version: - Eugen Systems) RACE 07 - Formula RaceRoom Add-On (HKLM-x32\...\Steam App 44630) (Version: - ) RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin) Rage Runner (HKLM-x32\...\Steam App 279520) (Version: - Hypercane Studios) RAW - Realms of Ancient War (HKLM-x32\...\Steam App 209730) (Version: - Wizarbox) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version: - Volition) Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - ) Restaurant Empire II (HKLM-x32\...\Steam App 32900) (Version: - Enlight Software Limited ) Rise of the Argonauts (HKLM-x32\...\Steam App 12770) (Version: - Liquid Entertainment) Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes) Robin Hood (HKLM-x32\...\Steam App 46560) (Version: - Spellbound) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: - Rockstar Games) Rome: Total War - Alexander (HKLM-x32\...\Steam App 4770) (Version: - The Creative Assembly) Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly) Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version: - Ascaron) Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition) Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios) Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media) Sherlock Holmes versus Jack the Ripper (HKLM-x32\...\Steam App 11190) (Version: - Frogwares) Sherlock Holmes: Nemesis (HKLM-x32\...\Steam App 11040) (Version: - Frogwares) Sherlock Holmes: The Awakened - Remastered (HKLM-x32\...\Steam App 11140) (Version: - Frogwares) Sherlock Holmes: The Mystery of The Mummy (HKLM-x32\...\Steam App 11130) (Version: - Frogwares ) Sherlock Holmes: The Mystery of The Persian Carpet (HKLM-x32\...\Steam App 11180) (Version: - Frogwares) Sherlock Holmes: The Secret of the Silver Earring (HKLM-x32\...\Steam App 11150) (Version: - Frogwares) Sid Meier’s Ace Patrol: Pacific Skies (HKLM-x32\...\Steam App 244090) (Version: - Firaxis) Sid Meier's Ace Patrol (HKLM-x32\...\Steam App 244070) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Pirates! (HKLM-x32\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 2.00.0000 - Firaxis Games) Sid Meier's Pirates! (x32 Version: 2.00.0000 - Firaxis Games) Hidden Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version: - Firaxis Games) Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version: - Stardock Entertainment) Sins of a Solar Empire (x32 Version: 1.05 - Kalypso) Hidden Smart Data Recovery v4.3 (HKLM-x32\...\Smart Data Recovery_is1) (Version: 4.3 - Smart PC Solutions) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - MinMax Games Ltd.) SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics) Speedball 2: Tournament (HKLM-x32\...\Steam App 10700) (Version: - Kylotonn Entertainment) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings) SportTracks 2.1 (HKLM-x32\...\{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}) (Version: 2.1.3478 - Zone Five Software) Spotify (HKCU\...\Spotify) (Version: - Spotify AB) Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: - Valve Corporation) Still Life (HKLM-x32\...\Steam App 46480) (Version: - Anuman / Microids) Supreme Commander (HKLM-x32\...\Steam App 9350) (Version: - Gas Powered Games) Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version: - Gas Powered Games) swMSM (x32 Version: - Adobe Systems, Inc) Hidden Syberia (HKLM-x32\...\Steam App 46500) (Version: - Anuman / Microids) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer) The Dark Eye - Chains of Satinav (HKLM-x32\...\GOGPACKDARKEYECHAINSOFSATINAV_is1) (Version: - GOG.com) The Dark Eye - Chains of Satinav (HKLM-x32\...\Satinav) (Version: 1.0 - Daedalic Entertainment) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Guild II (HKLM-x32\...\Steam App 39650) (Version: - 4 Head Studios) The Longest Journey (HKLM-x32\...\Steam App 6310) (Version: - Funcom) The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios) The Political Machine 2012 (HKLM-x32\...\Steam App 211120) (Version: - Stardock Entertainment) The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version: - Arrowhead Game Studios) The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version: - Frogwares) Toki Tori (HKLM-x32\...\Steam App 38700) (Version: - Two Tribes) Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte) Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version: - Haemimont Games) Tropico 3: Absolute Power (HKLM-x32\...\Steam App 57600) (Version: - Haemimont Games) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) Uplink (HKLM-x32\...\Steam App 1510) (Version: - Introversion Software) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) War of the Roses (HKLM-x32\...\Steam App 42160) (Version: - Fatshark) Wargame: European Escalation (HKLM-x32\...\Steam App 58610) (Version: - Eugen Systems) Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version: - Relic Entertainment) Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version: - Ino-Co Plus) WhoCrashed 4.01 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 - Garmin) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 - Nokia) Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi)) ==================== Restore Points ========================= 22-06-2014 10:16:08 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {086E9480-28C6-488B-B15C-D5053A33C449} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {0A64376F-9FA7-4266-BDC9-DBD4D53BE937} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {182E5EE3-4DB8-4435-AAE6-23E18DFDCD36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-18] (Google Inc.) Task: {1EDD119C-FF2C-4702-A944-F5547B960775} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-18] (Google Inc.) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {224CB08B-9F42-428A-A316-44C6552026CC} - System32\Tasks\Speedfan => C:\Program Files (x86)\SpeedFan\speedfan.exe [2013-03-15] (Almico Software (www.almico.com)) Task: {25BE08B0-07B1-4619-9FB2-9A8104F6BD12} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-11] (Microsoft Corporation) Task: {2950E73E-90A5-49AE-AB7D-F0E77FDC0FBD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-23] (AVAST Software) Task: {2BBA18FA-B1C7-4D5B-B015-2A0614424237} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2FC67C5C-FD78-48EC-AA2F-6C270C23EEF4} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {42645927-5356-4E63-9C6A-0FC800CC5E03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-11] (Adobe Systems Incorporated) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CA9600E-F7F2-4700-B8C3-BAD4CC78E2C2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {99AE2898-B5EB-4AE9-A5D6-5229DB4F1CA8} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D8188F21-C6F3-41EB-AB00-A0C0FAEC49C4} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] () Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {FAFD4D09-8B9F-403D-9254-BFFD7F3C11C9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-26 09:40 - 2014-06-26 09:40 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062501\algo.dll 2013-02-05 10:11 - 2013-02-05 10:11 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll 2014-06-26 09:49 - 2014-06-26 11:12 - 00158720 _____ () C:\Users\Thomas\AppData\Local\Temp\sfareca00001.dll 2013-10-18 13:05 - 2014-06-26 11:12 - 00192512 _____ () C:\Users\Thomas\AppData\Local\Temp\sfamcc00001.dll 2013-10-18 13:14 - 2013-10-18 13:14 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-06-18 12:08 - 2014-06-18 12:08 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-06-11 11:43 - 2014-06-11 11:43 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-06-11 11:43 - 2014-06-11 11:43 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-06-11 11:43 - 2014-06-11 11:43 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA AlternateDataStreams: C:\Users\Thomas\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "XboxStat" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "NokiaMServer" HKLM\...\StartupApproved\Run32: => "NSU_agent" HKCU\...\StartupApproved\StartupFolder: => "Registration Assassin's Creed.LNK" HKCU\...\StartupApproved\Run: => "icq" HKCU\...\StartupApproved\Run: => "Steam" HKCU\...\StartupApproved\Run: => "Spotify Web Helper" HKCU\...\StartupApproved\Run: => "PC Suite Tray" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/26/2014 00:06:46 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (06/26/2014 11:12:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VDeck.exe, Version:, Zeitstempel: 0x5088de9d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000f8c9c ID des fehlerhaften Prozesses: 0xe70 Startzeit der fehlerhaften Anwendung: 0xVDeck.exe0 Pfad der fehlerhaften Anwendung: VDeck.exe1 Pfad des fehlerhaften Moduls: VDeck.exe2 Berichtskennung: VDeck.exe3 Vollständiger Name des fehlerhaften Pakets: VDeck.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VDeck.exe5 Error: (06/26/2014 10:47:24 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (06/26/2014 10:47:22 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (06/26/2014 10:47:19 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (06/26/2014 10:33:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/26/2014 10:33:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/26/2014 10:03:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/26/2014 10:03:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/26/2014 09:48:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (06/26/2014 11:12:00 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 26.06.2014 um 11:08:29 unerwartet heruntergefahren. Error: (06/26/2014 10:33:28 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15612Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNicht verfügbarNicht verfügbar Error: (06/26/2014 10:33:28 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15612Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNicht verfügbarNicht verfügbar Error: (06/26/2014 10:03:28 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15612Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNicht verfügbarNicht verfügbar Error: (06/26/2014 10:03:28 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15612Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNicht verfügbarNicht verfügbar Error: (06/26/2014 09:48:47 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.415612Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4Nicht verfügbarNicht verfügbar Error: (06/26/2014 09:48:47 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15612Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNicht verfügbarNicht verfügbar Error: (06/26/2014 09:48:47 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.415612Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4Nicht verfügbarNicht verfügbar Error: (06/26/2014 09:48:47 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.415612Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4Nicht verfügbarNicht verfügbar Error: (06/26/2014 09:48:47 AM) (Source: DCOM) (EventID: 10001) (User: ELMOS_PC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15612Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= Error: (06/26/2014 00:06:46 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Thomas\Downloads\esetsmartinstaller_deu.exe Error: (06/26/2014 11:12:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: VDeck.exe10.12.0.305088de9dntdll.dll6.3.9600.17031530895afc000037400000000000f8c9ce7001cf911ebc134ed0C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\WINDOWS\SYSTEM32\ntdll.dllfa750dd1-fd11-11e3-8024-002354c09b62 Error: (06/26/2014 10:47:24 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Thomas\Downloads\esetsmartinstaller_deu.exe Error: (06/26/2014 10:47:22 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Thomas\Downloads\esetsmartinstaller_deu.exe Error: (06/26/2014 10:47:19 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Thomas\Downloads\esetsmartinstaller_deu.exe Error: (06/26/2014 10:33:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (06/26/2014 10:33:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (06/26/2014 10:03:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (06/26/2014 10:03:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (06/26/2014 09:48:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELMOS_PC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 CodeIntegrity Errors: =================================== Date: 2014-01-07 21:05:48.235 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Thomas\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-07 21:05:48.157 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-07 21:04:19.906 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Thomas\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-07 21:04:19.813 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-21 01:13:19.524 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-10-21 01:13:19.184 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-10-21 01:13:19.068 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-10-21 01:13:18.851 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-10-21 01:13:18.650 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-10-21 01:13:17.997 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 4095.11 MB Available physical RAM: 2086.54 MB Total Pagefile: 4799.11 MB Available Pagefile: 2838.52 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.24 GB) (Free:10.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:101.76 GB) (Free:5.47 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (D:) (Fixed) (Total:474.88 GB) (Free:63.93 GB) NTFS Drive f: (Volume) (Fixed) (Total:19.53 GB) (Free:13.92 GB) NTFS Drive k: (Kehrmaschine) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS Drive l: (Spiele und Daten) (Fixed) (Total:1863.01 GB) (Free:33.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 87D89C25) Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 596 GB) (Disk ID: F4853CA8) Partition 1: (Active) - (Size=102 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=475 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 49A3C25B) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ==================== End Of Log ============================ Schon mal ganz herzlichen Dank! |
![]() | #2 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBin hi,
__________________einfach mal den Papierkorb leeren ![]()
__________________ |
![]() | #3 |
![]() ![]() | ![]() Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBin Hi schrauber,
__________________Papierkorb ist gelöscht, Avast meldet nun auch nichts mehr. ESet habe ich auch noch einmal drüberlaufen lassen, der hat noch zwei weitere Funde gehabt, beides wohl Adware: C:\Users\Thomas\AppData\Local\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung D:\Users\*\Downloads\ashampoo_photo_commander_7_7.31_7011.exe Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung Reicht es, die beiden Dateien einfach zu löschen, oder sollte ich sicherheitshalber noch etwas Anderes machen? Viele Grüße aethelstan |
![]() | #4 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBin nö, löschen reicht ![]()
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() | #5 |
![]() ![]() | ![]() Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBin Hi schrauber, das sind ja mal beruhigende Nachrichten. :-) Dann kann der Thread zu. Dank Dir ganz herzlich, und schönes WE noch, aethelstan |
![]() | #6 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBin Gern Geschehen ![]()
__________________ --> Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBin |
![]() |
Themen zu Avast meldet Dropper.gen, Eset DownloadSponsor.A in RecycleBin |
adobe, adware, alert, antivirus, association, avast, browser, defender, dropper.gen, fehler, firefox, flash player, focus, helper, homepage, livecomm.exe, mozilla, nemesis, pirates, registry, rundll, scan, schutz, security, server, shark, software, spotify web helper, svchost.exe, usb, windows, windowsapps |