| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - V-9.1HD - hartnäckiger kleiner TeufelWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.07.2014, 22:25
| #1 |
| |  Windows 7 - V-9.1HD - hartnäckiger kleiner Teufel Hallo ihr lieben Leute, mein Vater hat mich heute gebeten, seinen PC genauer unter die Lupe zu nehmen, weil er so langsam ist. Also hab ich den ganzen Müll entsorgt (alte Programme über Systemsteuerung deinstalliert und ccCleaner laufen lassen). Danach ist mir das Programm V-9.1HD aufgefallen. Mein Vater wusste nicht wo es herkam und als ich es deinstallieren wollte, passierte erst gar nichts (bzw. er hing anscheinend im Deinstallationsprozess fest). Beim zweiten Versuch wurde ich von Windows gefragt ob das Programm richtig deinstalliert wurde oder ob ich mit den empfohlenen Einstellungen deinstallieren möchte ( die genaue Meldung weiß ich leider nicht mehr). Kein Erfolg. Ausserdem ist mir aufgefallen, dass bei allen Browsern ausser Firefox die Meldung: "Verbindung zum Proxyserver konnte nicht hergestellt werden" erscheint. Ich habe auch AdwCleaner und JRT rüberlaufen lassen, habe aber leider nur das JRT-Log noch da. Hier die Logs: JRT-Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Bernhard Gramller on 02.07.2014 at 16:41:16,80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\systweak ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\Users\Bernhard Gramller\AppData\Roaming\systweak" ~~~ FireFox Emptied folder: C:\Users\Bernhard Gramller\AppData\Roaming\mozilla\firefox\profiles\3gfog6q1.tarnfox\minidumps [191 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.07.2014 at 16:51:05,97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST-Log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014 Ran by Bernhard Gramüller (administrator) on BERNHARD-PC on 02-07-2014 17:13:11 Running from C:\Users\Bernhard Gramüller\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Paragon GmbH) C:\Program Files (x86)\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\snuvcdsm.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Paragon Software Group) C:\Program Files (x86)\Paragon Software\Backup and Recovery 10 Suite\program\dbhagent.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Paragon Software Group) C:\Program Files (x86)\Paragon Software\Backup and Recovery 10 Suite\program\dbhservice.exe (SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Bernhard Gramüller\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix) HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] () HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4694192 2013-11-13] (VIA) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [DBHAgent] => C:\Program Files (x86)\Paragon Software\Backup and Recovery 10 Suite\program\dbhagent.exe [68176 2010-10-12] (Paragon Software Group) HKLM-x32\...\Run: [tsnp2uvc] => C:\Windows\tsnp2uvc.exe [241664 2008-10-21] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe" HKU\S-1-5-21-2608190726-782522321-3869468944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2608190726-782522321-3869468944-1001\...\MountPoints2: {353e3193-0d5b-11e0-ac30-806e6f6e6963} - D:\.\Bin\ASSETUP.exe HKU\S-1-5-21-2608190726-782522321-3869468944-1001\...\MountPoints2: {e09bcb3a-103b-11e0-ad8d-806e6f6e6963} - F:\Autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ulead Photo Express SE Calendar Checker.lnk ShortcutTarget: Ulead Photo Express SE Calendar Checker.lnk -> C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe (Ulead Systems, Inc.) Startup: C:\Users\Bernhard Gramüller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:14320;https=127.0.0.1:14320 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7DF833D42FA1CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {5BC688AA-1B74-4359-B6BE-57EA14A5D139} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} SearchScopes: HKCU - {71C8EAC2-D350-461c-991D-14FE0C4A9943} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB SearchScopes: HKCU - {93BA1745-3927-465D-A2AE-2586A5DA3361} URL = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN20122690853725-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=32c129ab00000000000020cf307c7704&q={searchTerms}&r=949 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No File Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No File DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///F:/viewer/ORDcmViewCD.ocx DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: Amazon FF Homepage: hxxp://www.gmx.de/ FF NetworkProxy: "http", "81.82.240.204" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\o4hytkcw.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\o4hytkcw.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\o4hytkcw.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\o4hytkcw.default\searchplugins\webde-suche.xml FF Extension: Click&Clean - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\clickclean@hotcleaner.com [2013-03-27] FF Extension: FireShot - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-06-04] FF Extension: Facebook Disconnect - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\facebook@disconnect.me.xpi [2012-04-30] FF Extension: Language Pack Install Helper - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\jid0-3qAYz7se7F3gEIA63LjbuEaPEDk@jetpack.xpi [2013-01-25] FF Extension: Deutsch (DE) Language Pack - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\langpack-de@firefox.mozilla.org.xpi [2013-01-25] FF Extension: Long URL Please - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\longurlplease@darragh.curran.xpi [2012-04-30] FF Extension: GMX MailCheck - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\toolbar@gmx.net.xpi [2012-06-28] FF Extension: PrivacyChoice TrackerBlock - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\trackerblock@privacychoice.org.xpi [2012-04-30] FF Extension: ScrapBook - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2013-11-17] FF Extension: Adblock Plus - C:\Users\Bernhard Gramüller\AppData\Roaming\Mozilla\Firefox\Profiles\3gfog6q1.tarnfox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-30] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-10] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKCU\...\Firefox\Extensions: [{98CBA277-EF6B-960E-B128-C37E2DF39C4B}] - C:\Program Files (x86)\-BlockAndSurfS\174.xpi Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Bernhard Gramller\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (J3S cbasscfg Plugin) - C:\Users\Bernhard Gramller\AppData\Local\Google\Chrome\User Data\Default\Extensions\godhaonflehefmbmgmlpenkpagcplgoa\1.0.26_0\cbasscfg.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Zylom Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom) CHR Plugin: (getPlusPlus for Adobe 16297) - C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File CHR Extension: (AdBlock) - C:\Users\Bernhard Gramüller\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-29] CHR Extension: (Google Wallet) - C:\Users\Bernhard Gramüller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08] CHR Extension: (No Name) - C:\Users\Bernhard Gramüller\AppData\Local\Google\Chrome\User Data\Default\Extensions\oondmcfakdncoipflaalkpedjfeggbal [2014-06-30] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-26] (Avira Operations GmbH & Co. KG) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed] R3 Disk Utility Dienst; C:\Program Files (x86)\Paragon Software\Backup and Recovery 10 Suite\program\dbhservice.exe [150096 2010-10-12] (Paragon Software Group) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NetBurnerService; C:\Program Files (x86)\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [223248 2008-06-28] (Paragon GmbH) S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [58944 2010-11-29] (NOS Microsystems Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-11] (Advanced Micro Devices, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-04-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-15] (Lenovo) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2010-10-12] (Paragon Software Group) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 SaiH353E; C:\Windows\System32\DRIVERS\SaiH353E.sys [178560 2008-04-04] (Saitek) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799552 2009-05-06] () S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S2 STEC3; C:\Windows\SysWOW64\STEC3.sys [2368 2011-10-01] (AntiCracking) [File not signed] R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-10-12] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-10-12] (Paragon) U3 DfSdkS; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-02 17:13 - 2014-07-02 17:14 - 00022400 _____ () C:\Users\Bernhard Gramüller\Downloads\FRST.txt 2014-07-02 17:11 - 2014-07-02 17:13 - 00000000 ____D () C:\FRST 2014-07-02 17:10 - 2014-07-02 17:11 - 00000498 _____ () C:\Users\Bernhard Gramüller\Downloads\defogger_disable.log 2014-07-02 17:10 - 2014-07-02 17:10 - 00000000 __SHD () C:\Users\Bernhard Gramüller\AppData\Local\EmieUserList 2014-07-02 17:10 - 2014-07-02 17:10 - 00000000 __SHD () C:\Users\Bernhard Gramüller\AppData\Local\EmieSiteList 2014-07-02 17:10 - 2014-07-02 17:10 - 00000000 _____ () C:\Users\Bernhard Gramüller\defogger_reenable 2014-07-02 17:04 - 2014-07-02 17:07 - 02083840 _____ (Farbar) C:\Users\Bernhard Gramüller\Downloads\FRST64.exe 2014-07-02 17:04 - 2014-07-02 17:04 - 00380416 _____ () C:\Users\Bernhard Gramüller\Downloads\Gmer-19357.exe 2014-07-02 17:03 - 2014-07-02 17:03 - 00050477 _____ () C:\Users\Bernhard Gramüller\Downloads\Defogger.exe 2014-07-02 16:51 - 2014-07-02 16:51 - 00001107 _____ () C:\Users\Bernhard Gramüller\Desktop\JRT.txt 2014-07-02 16:38 - 2014-07-02 16:38 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Systweak 2014-07-02 16:33 - 2014-07-02 16:37 - 00000000 ____D () C:\AdwCleaner 2014-07-02 16:32 - 2014-07-02 16:32 - 00448512 _____ (OldTimer Tools) C:\Users\Bernhard Gramüller\Downloads\TFC.exe 2014-07-02 16:31 - 2014-07-02 16:32 - 01346519 _____ () C:\Users\Bernhard Gramüller\Downloads\adwcleaner_3.214.exe 2014-07-02 16:18 - 2014-07-02 16:38 - 00003156 _____ () C:\Windows\System32\Tasks\AdvancedDriverUpdaterRunAtStartup 2014-07-02 16:09 - 2014-07-02 16:09 - 00003138 _____ () C:\Windows\System32\Tasks\{ACCF1D9D-1D3C-4456-8953-4DA6A8368BEC} 2014-07-01 19:18 - 2014-07-02 16:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-01 19:18 - 2014-07-01 19:18 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-01 19:18 - 2014-07-01 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-01 19:18 - 2014-07-01 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-01 19:18 - 2014-07-01 19:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-01 19:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-01 19:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-01 19:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-01 19:16 - 2014-07-01 19:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bernhard Gramüller\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-01 19:12 - 2014-07-02 01:19 - 00000000 ____D () C:\Program Files (x86)\V-9.1HD 2014-07-01 19:12 - 2014-07-01 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T4PC 2014-06-30 22:35 - 2014-06-30 22:35 - 00001332 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk 2014-06-30 20:47 - 2014-06-30 20:47 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-06-30 20:44 - 2014-06-30 20:44 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Local\com 2014-06-30 15:34 - 2014-06-30 15:34 - 00623696 _____ (Click Me In Limited) C:\Users\Bernhard Gramüller\AppData\Local\nsw2A0.tmp 2014-06-30 15:33 - 2014-07-01 16:39 - 00000000 ____D () C:\Users\Bernhard Gramüller\Downloads\567Ftmp 2014-06-30 15:33 - 2014-07-01 16:39 - 00000000 ____D () C:\Users\Bernhard Gramüller\Downloads\561Ftmp 2014-06-30 15:33 - 2014-06-30 15:33 - 00000000 ____D () C:\Users\Bernhard Gramüller\Downloads\566Ftmp 2014-06-30 15:33 - 2014-06-30 15:33 - 00000000 ____D () C:\Users\Bernhard Gramüller\Downloads\564Etmp 2014-06-30 03:43 - 2014-07-02 16:38 - 00218792 _____ () C:\Windows\PFRO.log 2014-06-29 23:34 - 2014-06-29 23:35 - 00000000 ____D () C:\Program Files (x86)\Mystery Murders - Der Fluch des Dornroeschen 2014-06-29 23:34 - 2014-06-29 23:34 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Murders - Der Fluch des Dornroeschen 2014-06-29 23:34 - 2014-06-29 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Murders - Der Fluch des Dornroeschen 2014-06-29 23:17 - 2014-06-29 23:19 - 00000000 ____D () C:\Program Files (x86)\Nightmares from the Deep - Davy Jones Sammleredition 2014-06-29 23:17 - 2014-06-29 23:17 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Sammleredition 2014-06-29 23:17 - 2014-06-29 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Sammleredition 2014-06-28 04:21 - 2014-07-02 16:38 - 00001344 _____ () C:\Windows\setupact.log 2014-06-28 04:21 - 2014-06-28 04:21 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-27 18:11 - 2011-06-10 16:58 - 04450528 _____ () C:\PX-1262-PVR_S3.0.13_20110610.AP 2014-06-26 06:17 - 2014-06-26 06:18 - 00025492 _____ () C:\Users\Bernhard Gramüller\Documents\cc_20140626_061729.reg 2014-06-26 06:12 - 2014-07-01 16:29 - 00001426 _____ () C:\Users\Bernhard Gramüller\Desktop\Registry kostenlos entrümpeln!.lnk 2014-06-26 06:11 - 2014-06-26 06:11 - 04812672 _____ (Piriform Ltd) C:\Users\Bernhard Gramüller\Downloads\ccsetup415_CB-DL-Manager [1].exe 2014-06-26 06:09 - 2014-06-26 06:09 - 00788832 _____ ( ) C:\Users\Bernhard Gramüller\Downloads\ccsetup415_CB-DL-Manager.exe 2014-06-25 23:03 - 2014-06-26 00:07 - 688671688 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\PortalOfEvilDieGestohlenenSiegel.exe 2014-06-25 23:03 - 2014-06-25 23:56 - 456397568 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\AshleyClarkDasGeheimnisDesRubins.exe 2014-06-25 21:59 - 2014-06-25 21:59 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Goblinz 2014-06-25 17:05 - 2014-04-23 10:25 - 00936664 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2014-06-25 17:05 - 2014-04-23 10:25 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll 2014-06-23 23:41 - 2014-06-23 23:43 - 00000000 ____D () C:\Program Files (x86)\Mystery Expedition - Gefangene im Eis 2014-06-23 23:41 - 2014-06-23 23:41 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Expedition - Gefangene im Eis 2014-06-23 23:41 - 2014-06-23 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Expedition - Gefangene im Eis 2014-06-19 23:04 - 2014-06-26 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT 2014-06-19 23:04 - 2014-06-19 23:04 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\RedHedgehog Games 2014-06-19 21:52 - 2014-06-19 22:58 - 779299552 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\SpaceLegendsAmEndeDerGalaxis.exe 2014-06-19 21:52 - 2014-06-19 22:40 - 427196528 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\PennyMacey.exe 2014-06-19 16:28 - 2014-04-21 20:28 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys 2014-06-19 12:52 - 2014-06-19 12:52 - 00961360 _____ (Chip Digital GmbH) C:\Users\Bernhard Gramüller\Downloads\Tor Browser Paket - CHIP-Installer.exe 2014-06-19 01:52 - 2014-06-19 01:52 - 00018210 _____ () C:\Users\Bernhard Gramüller\Downloads\Samsung PE51H4500 - Details - COMPUTER BILD.html 2014-06-16 17:58 - 2014-06-16 17:58 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Local\Adobe 2014-06-13 22:51 - 2014-06-13 22:51 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Brave Giant 2014-06-13 19:14 - 2014-06-13 20:19 - 820411480 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\DemonHunter.exe 2014-06-13 19:09 - 2014-06-13 19:09 - 00237568 _____ (Big Fish Games) C:\Users\Bernhard Gramüller\Downloads\dark-strokes-the-legend-of-snow-kingdom-ce_s2_l2_gF8767T1L2_d2318173332.exe 2014-06-11 18:58 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 18:58 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 18:58 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 18:58 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 18:58 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 18:58 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 18:58 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 18:58 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 18:58 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 18:58 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 18:58 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 18:58 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 18:58 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 18:58 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 18:58 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 18:58 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 18:58 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 18:58 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 18:58 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 18:58 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 18:58 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 18:58 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 18:58 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 18:58 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-11 18:58 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-11 18:58 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 18:58 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 18:58 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 18:58 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-11 18:58 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 18:58 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 18:58 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 18:58 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-11 18:58 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 18:58 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 18:58 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 18:58 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-11 18:58 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-11 18:58 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 18:58 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 18:58 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 18:58 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 18:58 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 18:58 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-11 18:58 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 18:58 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 18:58 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 18:58 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 18:58 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 18:58 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 18:58 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 18:58 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-11 18:58 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 18:58 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 18:58 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 18:58 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 18:58 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 18:58 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 18:58 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 18:58 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-11 18:58 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 18:58 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-11 18:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-11 18:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-11 18:53 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 18:53 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-10 20:35 - 2014-06-10 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-10 20:35 - 2014-06-10 20:35 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-10 20:35 - 2014-06-10 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-08 22:27 - 2014-06-08 22:27 - 00237568 _____ (Big Fish Games) C:\Users\Bernhard Gramüller\Downloads\lost-lands-dark-overlord_s2_l2_gF8260T1L2_d2316001377.exe 2014-06-04 00:47 - 2014-06-04 00:47 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\MysteryTag 2014-06-03 22:09 - 2014-06-03 22:29 - 268962664 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\DreamHillsGestohleneMagie.exe ==================== One Month Modified Files and Folders ======= 2014-07-02 17:14 - 2014-07-02 17:13 - 00022400 _____ () C:\Users\Bernhard Gramüller\Downloads\FRST.txt 2014-07-02 17:13 - 2014-07-02 17:11 - 00000000 ____D () C:\FRST 2014-07-02 17:11 - 2014-07-02 17:10 - 00000498 _____ () C:\Users\Bernhard Gramüller\Downloads\defogger_disable.log 2014-07-02 17:10 - 2014-07-02 17:10 - 00000000 __SHD () C:\Users\Bernhard Gramüller\AppData\Local\EmieUserList 2014-07-02 17:10 - 2014-07-02 17:10 - 00000000 __SHD () C:\Users\Bernhard Gramüller\AppData\Local\EmieSiteList 2014-07-02 17:10 - 2014-07-02 17:10 - 00000000 _____ () C:\Users\Bernhard Gramüller\defogger_reenable 2014-07-02 17:10 - 2010-12-21 18:36 - 00000000 ____D () C:\Users\Bernhard Gramüller 2014-07-02 17:07 - 2014-07-02 17:04 - 02083840 _____ (Farbar) C:\Users\Bernhard Gramüller\Downloads\FRST64.exe 2014-07-02 17:04 - 2014-07-02 17:04 - 00380416 _____ () C:\Users\Bernhard Gramüller\Downloads\Gmer-19357.exe 2014-07-02 17:03 - 2014-07-02 17:03 - 00050477 _____ () C:\Users\Bernhard Gramüller\Downloads\Defogger.exe 2014-07-02 17:02 - 2010-12-27 00:08 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Skype 2014-07-02 16:52 - 2014-07-01 19:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-02 16:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-02 16:51 - 2014-07-02 16:51 - 00001107 _____ () C:\Users\Bernhard Gramüller\Desktop\JRT.txt 2014-07-02 16:47 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-02 16:47 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-02 16:43 - 2013-09-24 18:40 - 00003090 _____ () C:\Windows\System32\Tasks\AdvancedDriverUpdater_UPDATES 2014-07-02 16:43 - 2013-09-24 18:40 - 00000316 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job 2014-07-02 16:43 - 2010-12-22 01:40 - 01535652 _____ () C:\Windows\WindowsUpdate.log 2014-07-02 16:40 - 2014-03-23 10:22 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Local\PasswordSafe 2014-07-02 16:38 - 2014-07-02 16:38 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Systweak 2014-07-02 16:38 - 2014-07-02 16:18 - 00003156 _____ () C:\Windows\System32\Tasks\AdvancedDriverUpdaterRunAtStartup 2014-07-02 16:38 - 2014-06-30 03:43 - 00218792 _____ () C:\Windows\PFRO.log 2014-07-02 16:38 - 2014-06-28 04:21 - 00001344 _____ () C:\Windows\setupact.log 2014-07-02 16:38 - 2010-12-27 00:08 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-02 16:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-02 16:37 - 2014-07-02 16:33 - 00000000 ____D () C:\AdwCleaner 2014-07-02 16:36 - 2013-06-08 19:00 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Common 2014-07-02 16:36 - 2012-09-27 22:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-02 16:32 - 2014-07-02 16:32 - 00448512 _____ (OldTimer Tools) C:\Users\Bernhard Gramüller\Downloads\TFC.exe 2014-07-02 16:32 - 2014-07-02 16:31 - 01346519 _____ () C:\Users\Bernhard Gramüller\Downloads\adwcleaner_3.214.exe 2014-07-02 16:18 - 2010-12-27 00:08 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-02 16:09 - 2014-07-02 16:09 - 00003138 _____ () C:\Windows\System32\Tasks\{ACCF1D9D-1D3C-4456-8953-4DA6A8368BEC} 2014-07-02 01:19 - 2014-07-01 19:12 - 00000000 ____D () C:\Program Files (x86)\V-9.1HD 2014-07-01 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization 2014-07-01 19:18 - 2014-07-01 19:18 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-01 19:18 - 2014-07-01 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-01 19:18 - 2014-07-01 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-01 19:18 - 2014-07-01 19:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-01 19:17 - 2014-07-01 19:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bernhard Gramüller\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-01 19:15 - 2013-01-25 10:04 - 00000000 ____D () C:\Users\Bernhard Gramüller\Desktop\Systemprogramme 2014-07-01 19:12 - 2014-07-01 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T4PC 2014-07-01 19:09 - 2014-02-24 20:48 - 00000000 ____D () C:\Program Files (x86)\MailFinder 2014-07-01 16:39 - 2014-06-30 15:33 - 00000000 ____D () C:\Users\Bernhard Gramüller\Downloads\567Ftmp 2014-07-01 16:39 - 2014-06-30 15:33 - 00000000 ____D () C:\Users\Bernhard Gramüller\Downloads\561Ftmp 2014-07-01 16:29 - 2014-06-26 06:12 - 00001426 _____ () C:\Users\Bernhard Gramüller\Desktop\Registry kostenlos entrümpeln!.lnk 2014-07-01 00:06 - 2010-12-30 22:45 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-30 22:36 - 2012-02-29 22:41 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\EleFun Games 2014-06-30 22:35 - 2014-06-30 22:35 - 00001332 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk 2014-06-30 22:04 - 2011-12-26 21:20 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\casualArts 2014-06-30 22:04 - 2011-12-26 21:20 - 00000000 ____D () C:\ProgramData\casualArts 2014-06-30 21:01 - 2012-06-08 20:53 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\4 Friends Games 2014-06-30 20:47 - 2014-06-30 20:47 - 00000512 __RSH () C:\ProgramData\ntuser.pol 2014-06-30 20:47 - 2013-09-20 18:27 - 00048128 ___SH () C:\Users\Bernhard Gramüller\Documents\Thumbs.db 2014-06-30 20:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-06-30 20:44 - 2014-06-30 20:44 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Local\com 2014-06-30 15:34 - 2014-06-30 15:34 - 00623696 _____ (Click Me In Limited) C:\Users\Bernhard Gramüller\AppData\Local\nsw2A0.tmp 2014-06-30 15:33 - 2014-06-30 15:33 - 00000000 ____D () C:\Users\Bernhard Gramüller\Downloads\566Ftmp 2014-06-30 15:33 - 2014-06-30 15:33 - 00000000 ____D () C:\Users\Bernhard Gramüller\Downloads\564Etmp 2014-06-29 23:35 - 2014-06-29 23:34 - 00000000 ____D () C:\Program Files (x86)\Mystery Murders - Der Fluch des Dornroeschen 2014-06-29 23:34 - 2014-06-29 23:34 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Murders - Der Fluch des Dornroeschen 2014-06-29 23:34 - 2014-06-29 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Murders - Der Fluch des Dornroeschen 2014-06-29 23:19 - 2014-06-29 23:17 - 00000000 ____D () C:\Program Files (x86)\Nightmares from the Deep - Davy Jones Sammleredition 2014-06-29 23:17 - 2014-06-29 23:17 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Sammleredition 2014-06-29 23:17 - 2014-06-29 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Sammleredition 2014-06-29 22:39 - 2012-11-10 21:24 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\DominiGames 2014-06-29 21:38 - 2011-05-22 21:13 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Elephant Games 2014-06-28 04:21 - 2014-06-28 04:21 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-27 18:06 - 2013-02-23 12:18 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Local\Nero 2014-06-27 17:27 - 2014-03-02 07:44 - 00000436 _____ () C:\Windows\Tasks\One-Click Optimizer.job 2014-06-26 11:40 - 2013-05-31 12:56 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-26 06:18 - 2014-06-26 06:17 - 00025492 _____ () C:\Users\Bernhard Gramüller\Documents\cc_20140626_061729.reg 2014-06-26 06:12 - 2014-01-26 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-26 06:12 - 2014-01-26 15:34 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-26 06:11 - 2014-06-26 06:11 - 04812672 _____ (Piriform Ltd) C:\Users\Bernhard Gramüller\Downloads\ccsetup415_CB-DL-Manager [1].exe 2014-06-26 06:09 - 2014-06-26 06:09 - 00788832 _____ ( ) C:\Users\Bernhard Gramüller\Downloads\ccsetup415_CB-DL-Manager.exe 2014-06-26 00:43 - 2014-06-19 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT 2014-06-26 00:43 - 2013-02-06 21:44 - 00001131 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk 2014-06-26 00:41 - 2011-01-10 23:31 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT 2014-06-26 00:07 - 2014-06-25 23:03 - 688671688 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\PortalOfEvilDieGestohlenenSiegel.exe 2014-06-25 23:56 - 2014-06-25 23:03 - 456397568 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\AshleyClarkDasGeheimnisDesRubins.exe 2014-06-25 21:59 - 2014-06-25 21:59 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Goblinz 2014-06-25 17:07 - 2013-11-03 19:06 - 00000000 ____D () C:\temp 2014-06-25 17:05 - 2014-05-13 17:11 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-06-24 18:10 - 2011-01-11 10:39 - 00000000 ____D () C:\Users\Bernhard Gramüller\Desktop\Spiele 2014-06-23 23:43 - 2014-06-23 23:41 - 00000000 ____D () C:\Program Files (x86)\Mystery Expedition - Gefangene im Eis 2014-06-23 23:41 - 2014-06-23 23:41 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Expedition - Gefangene im Eis 2014-06-23 23:41 - 2014-06-23 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Expedition - Gefangene im Eis 2014-06-20 16:13 - 2010-12-27 00:08 - 00004130 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-20 16:13 - 2010-12-27 00:08 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-20 00:07 - 2012-05-28 22:18 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Fuzzy Bug Interactive 2014-06-19 23:04 - 2014-06-19 23:04 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\RedHedgehog Games 2014-06-19 22:58 - 2014-06-19 21:52 - 779299552 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\SpaceLegendsAmEndeDerGalaxis.exe 2014-06-19 22:40 - 2014-06-19 21:52 - 427196528 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\PennyMacey.exe 2014-06-19 22:10 - 2013-01-11 22:07 - 00000000 ____D () C:\ProgramData\Meridian93 2014-06-19 21:53 - 2011-10-17 21:27 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Meridian93 2014-06-19 16:45 - 2014-04-29 10:29 - 00016552 _____ () C:\Users\Bernhard Gramüller\Documents\Eula0407DEU.tx_ 2014-06-19 12:52 - 2014-06-19 12:52 - 00961360 _____ (Chip Digital GmbH) C:\Users\Bernhard Gramüller\Downloads\Tor Browser Paket - CHIP-Installer.exe 2014-06-19 01:52 - 2014-06-19 01:52 - 00018210 _____ () C:\Users\Bernhard Gramüller\Downloads\Samsung PE51H4500 - Details - COMPUTER BILD.html 2014-06-16 22:28 - 2012-11-28 22:44 - 00000000 ____D () C:\Users\Bernhard Gramüller\Desktop\Geschäft - Designs 2014-06-16 17:58 - 2014-06-16 17:58 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Local\Adobe 2014-06-15 22:24 - 2011-03-20 22:09 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\ERS Game Studios 2014-06-14 00:06 - 2013-12-15 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com 2014-06-14 00:06 - 2013-12-15 13:17 - 00000000 ____D () C:\Program Files (x86)\MyPlayCity.com 2014-06-13 22:51 - 2014-06-13 22:51 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Brave Giant 2014-06-13 20:19 - 2014-06-13 19:14 - 820411480 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\DemonHunter.exe 2014-06-13 19:15 - 2012-03-02 23:12 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\BlamGames 2014-06-13 19:09 - 2014-06-13 19:09 - 00237568 _____ (Big Fish Games) C:\Users\Bernhard Gramüller\Downloads\dark-strokes-the-legend-of-snow-kingdom-ce_s2_l2_gF8767T1L2_d2318173332.exe 2014-06-12 18:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-12 02:51 - 2012-09-27 22:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-12 02:51 - 2012-04-03 20:20 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-12 02:51 - 2011-05-16 15:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-12 00:07 - 2013-08-16 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 00:05 - 2010-12-25 18:16 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-12 00:03 - 2014-04-30 23:33 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-11 22:02 - 2012-06-01 20:58 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\Eipix 2014-06-11 18:42 - 2012-04-26 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-10 20:35 - 2014-06-10 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-10 20:35 - 2014-06-10 20:35 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-10 20:35 - 2014-06-10 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-10 20:35 - 2014-05-13 19:31 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-08 22:27 - 2014-06-08 22:27 - 00237568 _____ (Big Fish Games) C:\Users\Bernhard Gramüller\Downloads\lost-lands-dark-overlord_s2_l2_gF8260T1L2_d2316001377.exe 2014-06-08 21:10 - 2009-07-14 19:58 - 00713974 _____ () C:\Windows\system32\perfh007.dat 2014-06-08 21:10 - 2009-07-14 19:58 - 00154090 _____ () C:\Windows\system32\perfc007.dat 2014-06-08 21:10 - 2009-07-14 07:13 - 01648728 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-08 11:13 - 2014-06-11 18:53 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-11 18:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-07 16:03 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-06-04 00:47 - 2014-06-04 00:47 - 00000000 ____D () C:\Users\Bernhard Gramüller\AppData\Roaming\MysteryTag 2014-06-03 22:29 - 2014-06-03 22:09 - 268962664 _____ (INTENIUM GmbH) C:\Users\Bernhard Gramüller\Downloads\DreamHillsGestohleneMagie.exe Some content of TEMP: ==================== C:\Users\Bernhard Gramüller\AppData\Local\Temp\avgnt.exe C:\Users\Bernhard Gramüller\AppData\Local\Temp\BackupSetup.exe C:\Users\Bernhard Gramüller\AppData\Local\Temp\optprosetup.exe C:\Users\Bernhard Gramüller\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 00:36 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014 Ran by Bernhard Gramüller at 2014-07-02 17:14:46 Running from C:\Users\Bernhard Gramüller\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 123 Free Solitaire v10.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABC Amber Audio Converter (HKLM-x32\...\ABC Amber Audio Converter) (Version: - ) Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.97 - NOS Microsystems Ltd.) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Advanced Driver Updater (HKLM-x32\...\Advanced Driver Updater_is1) (Version: 2.1.1086.15131 - Systweak Inc) Ahnenforschung mit RS-AHNEN (HKLM-x32\...\Ahnenforschung mit RS-AHNEN) (Version: - ) Alamandi (HKLM-x32\...\Alamandi) (Version: 1.0.0.0 - INTENIUM GmbH) Alchemy (HKLM-x32\...\3931d36f18c4a2615f822e5e84d9c737) (Version: - Zylom) Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}) (Version: 3.1.45.72435 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader Driver (x32 Version: 3.1.45.72435 - Alcor Micro Corp.) Hidden Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - ) Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira) Ashampoo Photo Commander 8 v.8.4.0 (HKLM-x32\...\Ashampoo Photo Commander 8_is1) (Version: 8.4.0 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 10 v.10.3.0 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.03.00 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 2013 v.1.0.0 (HKLM-x32\...\{4209F371-7B85-60AD-E5CE-E4409D39E3DE}_is1) (Version: 1.00.00 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 8 v.8.13 (HKLM-x32\...\Ashampoo WinOptimizer 8_is1) (Version: 8.1.3 - Ashampoo GmbH & Co. KG) Ashley Clark: Das Geheimnis des Rubins (HKLM-x32\...\Ashley Clark: Das Geheimnis des Rubins) (Version: 2.0.0.0 - INTENIUM GmbH) ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.) Autumn's Treasures - The Jade Coin (HKLM-x32\...\Autumn's Treasures - The Jade Coin_is1) (Version: 1.0 - MyPlayCity, Inc.) Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) Bubble Chains 0.1.1 (HKLM-x32\...\Bubble_0) (Version: 0.1.1 - XlabSoft) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) COMPUTERBILD Datei-Reparierer (HKLM-x32\...\{113EBE84-73FA-4C44-8C4D-CAAA3AEE960C}) (Version: 1.0.0 - J3S) COMPUTERBILD Datei-Reparierer (x32 Version: 1.0.0 - J3S) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform) Demon Hunter: Chroniken des Übernatürlichen (HKLM-x32\...\Demon Hunter: Chroniken des Übernatürlichen) (Version: 2.0.0.0 - INTENIUM GmbH) Der große Brain-Trainer (HKLM-x32\...\Der große Brain-Trainer) (Version: 1.0.0.0 - INTENIUM GmbH) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.3.1.37 - INTENIUM GmbH) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen) EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.03.02 - ) Fallen Shadows - Schatten der Kindheit (HKLM-x32\...\{AE2893E9-145A-41AC-85C6-ED046B13572E}) (Version: 1.0.0 - Happy Muffin Top) Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) Flugsimulator (HKLM-x32\...\Flugsimulator_is1) (Version: - ) FreeLanguageTranslator2 (HKLM-x32\...\{8AA462CC-7F29-4F51-9D7F-68ED38658E92}) (Version: 2.02 - Decebal Mihailescu) Gehirnjogging (HKLM-x32\...\Gehirnjogging) (Version: 1.0.0.0 - INTENIUM GmbH) Gekko Mahjongg (Oster-Edition) (HKLM-x32\...\Gekko Mahjongg (Oster-Edition)) (Version: - ) Google Chrome (HKLM-x32\...\{6438EBAC-5305-39A5-A93E-88CDFA6CE947}) (Version: 65.61.49249 - Google, Inc.) Google Earth (HKLM-x32\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Helicopter Simulation (HKLM-x32\...\Helicopter Simulation_is1) (Version: - ) Hidden Object Crosswords (HKLM-x32\...\Hidden Object Crosswords) (Version: 1.0.0.0 - INTENIUM GmbH) Insel der Feen - Fairy Island (HKLM-x32\...\Insel der Feen - Fairy Island) (Version: 1.0.0.0 - INTENIUM GmbH) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden Jet Simulator (HKLM-x32\...\Jet Simulator_is1) (Version: - ) Mail Undelete Recovery Toolbox Free 1.1 (HKLM-x32\...\Mail Undelete Recovery Toolbox Free_is1) (Version: - Recovery Toolbox) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Moorhuhn Total (HKLM-x32\...\{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}) (Version: - ) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MwSt. 2012 V8.1.0.4 (HKLM-x32\...\{120D0878-5C88-40A6-9991-DED7C8C88922}_is1) (Version: 8.1.0.4 - SVO-Webdesign GbR) Mystery Expedition: Gefangene im Eis (HKLM-x32\...\BFG-Mystery Expedition - Gefangene im Eis) (Version: - ) Mystery Murders: Der Fluch des Dornröschen (HKLM-x32\...\BFG-Mystery Murders - Der Fluch des Dornroeschen) (Version: - ) Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero Blu-ray Player (x32 Version: 12.0.17700 - Nero AG) Hidden Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.18900 - Nero AG) Hidden Nero Kwik Media (HKLM-x32\...\{C88F0D8E-3F3E-4E90-B8AA-EA24FACCFF3C}) (Version: 12.0.02200 - Nero AG) Nero Kwik Media (x32 Version: 1.18.19600 - Nero AG) Hidden Nero Kwik Media Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden Nero Update (x32 Version: 11.0.13600.45.0 - Nero AG) Hidden Nightmares from the Deep: Davy Jones Sammleredition (HKLM-x32\...\BFG-Nightmares from the Deep - Davy Jones Sammleredition) (Version: - ) NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation) NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden OfficeRecovery 2010 Essential 10.0.38278.1 (HKLM-x32\...\{224A804F-ABB4-4938-96EA-EC65BB699933}) (Version: 10.0.38278.1 - Recoveronix) Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.) OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation) Opera Stable 21.0.1432.67 (HKLM-x32\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA) Paragon Backup & Recovery™ 10 Suite (HKLM-x32\...\{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}) (Version: 90.00.0003 - Paragon Software) Paragon Drive Backup™ 9 Professional (HKLM\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 1.00.0000 - Paragon Software) Password Safe (HKLM-x32\...\Password Safe) (Version: - ) Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden Portal of Evil: Die gestohlenen Siegel (HKLM-x32\...\Portal of Evil: Die gestohlenen Siegel) (Version: 2.0.0.0 - INTENIUM GmbH) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek) Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform) Relikte des Schicksals: Ein Krimi mit Penny Macey (HKLM-x32\...\Relikte des Schicksals: Ein Krimi mit Penny Macey) (Version: 2.0.0.0 - INTENIUM GmbH) Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net) RokQ 2.0 free edition 2.0 (HKLM-x32\...\RokQ 2.0 free edition) (Version: 2.0 - Christian Dietz) SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - ) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Samsung PC Studio 3 (HKLM-x32\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80601 - Samsung Electronics Co., Ltd.) Samsung PC Studio 3 (x32 Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Space Legends: Am Ende der Galaxis (HKLM-x32\...\Space Legends: Am Ende der Galaxis) (Version: 2.0.0.0 - INTENIUM GmbH) Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) Systweak PhotoStudio 2.1 (HKLM-x32\...\PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1) (Version: 2.1.2954.85 - Systweak Inc.) The Dream Voyagers: Die Traumheiler (HKLM-x32\...\The Dream Voyagers: Die Traumheiler) (Version: 2.0.0.0 - INTENIUM GmbH) Ulead Photo Express 3.0 SE (HKLM-x32\...\Ulead Photo Express 3.0 SE) (Version: - ) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) USB Video Device (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.48200.117 - Sonix) V-9.1HD (HKLM-x32\...\V-9.1HD) (Version: 1.34.6.10 - V-9.1HD) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN) Windows Double Explorer 0.4 (HKLM-x32\...\Windows Double Explorer) (Version: 0.4 - ) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) World Riddles: Seven Wonders (HKLM-x32\...\World Riddles: Seven Wonders) (Version: 1.0.0.0 - INTENIUM GmbH) XMedia Recode 3.0.5.6 (HKLM-x32\...\XMedia Recode) (Version: 3.0.5.6 - Sebastian Dörfler) Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version: - Zylom Games) ==================== Restore Points ========================= 25-06-2014 15:03:50 Advanced Driver Updater 25-06-2014 15:05:19 Installiert Realtek Ethernet Controller Driver 01-07-2014 14:38:56 Advanced System Protector ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {008AF0C9-75E6-47B1-949B-94758314027F} - System32\Tasks\{418B3633-7C4B-4299-8DF0-0D75B2A4D62C} => C:\Users\Bernhard Gramüller\Desktop\CHESS.EXE Task: {0A22EF9D-6004-4DA2-B086-2D6F3028B4D5} - \APSnotifierPP3 No Task File <==== ATTENTION Task: {0B0D402E-150D-4915-89F0-A0C23F22C593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-27] (Google Inc.) Task: {0E9615C9-927C-4DE7-A9BC-A4544DA89F83} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {10E2F2FF-956F-4237-B7C3-1609D4196110} - System32\Tasks\{F2D49516-E821-4911-B30E-0B9424763CBC} => F:\SETUP.EXE Task: {12DA7EC2-B4C3-4D30-BB99-6B9C65D0476A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION Task: {2EED9C1D-4DAD-4C6D-9157-78C4B8A850A1} - System32\Tasks\{B47A53DD-D772-46C8-B5C0-1AB4BC22537C} => C:\Users\Bernhard Gramüller\Desktop\CHESS.EXE Task: {38225E53-619E-4034-8788-7DA91FA14696} - System32\Tasks\{60234162-1291-4C27-BF5E-A51778B4D1F6} => F:\INSTALL.EXE Task: {3E218D0C-24F3-4D75-A516-44F5D78C35B5} - System32\Tasks\AdvancedDriverUpdaterRunAtStartup => C:\Program Files (x86)\Advanced Driver Updater\adu.exe [2013-03-08] (Systweak Inc) Task: {4F8E97E0-86F8-4E09-9DDE-CE60265F6D96} - System32\Tasks\{BCA69864-17A7-4A0E-BD61-8880E0858B77} => E:\alice.exe Task: {579C38CF-7A4D-4291-AE21-903E424FEA9C} - System32\Tasks\{A8F48BA2-BE0C-4311-A791-E10A67E50BBA} => F:\INSTALL.EXE Task: {58049BF5-04FA-4A93-8464-34FB4E6225AE} - \RegClean Pro No Task File <==== ATTENTION Task: {58F1B47E-724A-4AF0-A1E2-93421E1DA269} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {5F9090D6-6A7D-45A2-AE34-3C61F9C83D5B} - \APSnotifierPP2 No Task File <==== ATTENTION Task: {8532683C-7F66-4A95-B184-B9904BCC6102} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-11-27] (ASUSTeK Computer Inc.) Task: {A3DA37A8-8851-4F49-8944-E43A7905E21A} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION Task: {A5539412-7596-4A92-B1D4-F2CDC7A83866} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-27] (Google Inc.) Task: {B0F59500-53F5-48B9-92E6-E557A748488A} - \APSnotifierPP1 No Task File <==== ATTENTION Task: {C5D4D482-3E6C-4553-9708-780E2DB93693} - System32\Tasks\{B7BA03F0-0AD3-48DD-BE2F-A25E359EDE91} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {C9607864-96DE-41F1-A405-E2AA80FE7D7A} - System32\Tasks\{3D262738-70EF-4E84-B817-7351032941CC} => C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [2013-07-31] (VideoLAN) Task: {CFBAF138-2ACA-4EB6-9B1B-8CCC17284C24} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2013-11-19] (Ashampoo Development GmbH & Co. KG) Task: {E27572A6-C3A1-44DB-AD1D-679A4AE8EAB8} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe [2013-03-08] (Systweak Inc) Task: {E32E3DDE-AC4E-4EC1-8471-E88DA11F89D6} - System32\Tasks\{FCBDAEA3-26B6-415C-8350-997CC867ADB3} => C:\Users\Bernhard Gramüller\Desktop\CHESS.EXE Task: {E58CE081-6679-4422-99C6-4D75075097FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated) Task: {EB68703E-CEBB-49D1-BC84-48899AA395D9} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.) Task: {EF5A9C64-8F81-4635-8706-C1DD89888103} - System32\Tasks\{E945DE2C-C5CB-43A4-BBE1-FD5232FF0067} => C:\Zylom Games\Dreamscapes - The Sandman Premium Edition\Dreamscapes_TheSandman_CE.exe Task: {FF9F5342-40C7-4A87-B3C7-E11A1F0B07EF} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-19 00:48 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-01-13 11:04 - 2011-01-13 11:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe 2014-01-31 07:00 - 2012-11-14 09:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2014-01-31 07:00 - 2012-11-14 09:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2014-07-02 17:03 - 2014-07-02 17:03 - 00050477 _____ () C:\Users\Bernhard Gramüller\Downloads\Defogger.exe 2010-12-21 19:16 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL 2010-12-21 19:16 - 2009-08-27 20:41 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll 2012-04-29 17:59 - 1999-09-06 16:33 - 00032768 _____ () C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 3.0 SE\u32sn.dll 2014-06-10 20:35 - 2014-06-10 20:35 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:008FE370 AlternateDataStreams: C:\ProgramData\TEMP:00D99749 AlternateDataStreams: C:\ProgramData\TEMP:00F3978A AlternateDataStreams: C:\ProgramData\TEMP:012BC84F AlternateDataStreams: C:\ProgramData\TEMP:0168CC60 AlternateDataStreams: C:\ProgramData\TEMP:0205B36B AlternateDataStreams: C:\ProgramData\TEMP:021703B2 AlternateDataStreams: C:\ProgramData\TEMP:02172F27 AlternateDataStreams: C:\ProgramData\TEMP:025DF3DE AlternateDataStreams: C:\ProgramData\TEMP:02CC0035 AlternateDataStreams: C:\ProgramData\TEMP:036AA5DD AlternateDataStreams: C:\ProgramData\TEMP:041C0562 AlternateDataStreams: C:\ProgramData\TEMP:0452501D AlternateDataStreams: C:\ProgramData\TEMP:0474F714 AlternateDataStreams: C:\ProgramData\TEMP:04A18F36 AlternateDataStreams: C:\ProgramData\TEMP:04B1A0AC AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C AlternateDataStreams: C:\ProgramData\TEMP:04EAB86F AlternateDataStreams: C:\ProgramData\TEMP:06CC3FD3 AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8 AlternateDataStreams: C:\ProgramData\TEMP:0778CBF2 AlternateDataStreams: C:\ProgramData\TEMP:084612C9 AlternateDataStreams: C:\ProgramData\TEMP:08767DE0 AlternateDataStreams: C:\ProgramData\TEMP:092BD83A AlternateDataStreams: C:\ProgramData\TEMP:09629F6E AlternateDataStreams: C:\ProgramData\TEMP:097C4B7D AlternateDataStreams: C:\ProgramData\TEMP:099BA123 AlternateDataStreams: C:\ProgramData\TEMP:09AEED56 AlternateDataStreams: C:\ProgramData\TEMP:0A701F26 AlternateDataStreams: C:\ProgramData\TEMP:0AC0213C AlternateDataStreams: C:\ProgramData\TEMP:0AC32449 AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52 AlternateDataStreams: C:\ProgramData\TEMP:0B278A1A AlternateDataStreams: C:\ProgramData\TEMP:0B79AB8D AlternateDataStreams: C:\ProgramData\TEMP:0B9DC6BB AlternateDataStreams: C:\ProgramData\TEMP:0BCD47A5 AlternateDataStreams: C:\ProgramData\TEMP:0C1258F3 AlternateDataStreams: C:\ProgramData\TEMP:0C2A17F2 AlternateDataStreams: C:\ProgramData\TEMP:0C9E06A2 AlternateDataStreams: C:\ProgramData\TEMP:0D060666 AlternateDataStreams: C:\ProgramData\TEMP:0D797314 AlternateDataStreams: C:\ProgramData\TEMP:0DE066A7 AlternateDataStreams: C:\ProgramData\TEMP:0E10B960 AlternateDataStreams: C:\ProgramData\TEMP:0F64164E AlternateDataStreams: C:\ProgramData\TEMP:0FA1EAA7 AlternateDataStreams: C:\ProgramData\TEMP:0FAE191E AlternateDataStreams: C:\ProgramData\TEMP:0FD8569B AlternateDataStreams: C:\ProgramData\TEMP:0FE0A03C AlternateDataStreams: C:\ProgramData\TEMP:104A1C3E AlternateDataStreams: C:\ProgramData\TEMP:109734F6 AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA AlternateDataStreams: C:\ProgramData\TEMP:10DB9BB7 AlternateDataStreams: C:\ProgramData\TEMP:11590865 AlternateDataStreams: C:\ProgramData\TEMP:115EA582 AlternateDataStreams: C:\ProgramData\TEMP:120B3AFD AlternateDataStreams: C:\ProgramData\TEMP:120E44A4 AlternateDataStreams: C:\ProgramData\TEMP:12258D63 AlternateDataStreams: C:\ProgramData\TEMP:12383CAE AlternateDataStreams: C:\ProgramData\TEMP:128B55C8 AlternateDataStreams: C:\ProgramData\TEMP:12D21A9A AlternateDataStreams: C:\ProgramData\TEMP:13019F4B AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6 AlternateDataStreams: C:\ProgramData\TEMP:14A1BBE3 AlternateDataStreams: C:\ProgramData\TEMP:14B2E0BD AlternateDataStreams: C:\ProgramData\TEMP:15734396 AlternateDataStreams: C:\ProgramData\TEMP:1604D047 AlternateDataStreams: C:\ProgramData\TEMP:16F4BC64 AlternateDataStreams: C:\ProgramData\TEMP:183A9046 AlternateDataStreams: C:\ProgramData\TEMP:186F8A82 AlternateDataStreams: C:\ProgramData\TEMP:18A25CF1 AlternateDataStreams: C:\ProgramData\TEMP:18B241CC AlternateDataStreams: C:\ProgramData\TEMP:18B5F839 AlternateDataStreams: C:\ProgramData\TEMP:18E3BAF3 AlternateDataStreams: C:\ProgramData\TEMP:18E4BF6C AlternateDataStreams: C:\ProgramData\TEMP:19474103 AlternateDataStreams: C:\ProgramData\TEMP:195E8317 AlternateDataStreams: C:\ProgramData\TEMP:19636FDD AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A AlternateDataStreams: C:\ProgramData\TEMP:19F8EB29 AlternateDataStreams: C:\ProgramData\TEMP:1A15E356 AlternateDataStreams: C:\ProgramData\TEMP:1A259A13 AlternateDataStreams: C:\ProgramData\TEMP:1A5822A3 AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC AlternateDataStreams: C:\ProgramData\TEMP:1A8FDBA3 AlternateDataStreams: C:\ProgramData\TEMP:1B389835 AlternateDataStreams: C:\ProgramData\TEMP:1B96CF22 AlternateDataStreams: C:\ProgramData\TEMP:1C201DEB AlternateDataStreams: C:\ProgramData\TEMP:1CD511E5 AlternateDataStreams: C:\ProgramData\TEMP:1D5FADCD AlternateDataStreams: C:\ProgramData\TEMP:1E2D49E0 AlternateDataStreams: C:\ProgramData\TEMP:1E5EC928 AlternateDataStreams: C:\ProgramData\TEMP:1E87A273 AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9 AlternateDataStreams: C:\ProgramData\TEMP:1EAB6298 AlternateDataStreams: C:\ProgramData\TEMP:1EC13383 AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B AlternateDataStreams: C:\ProgramData\TEMP:1F4329D4 AlternateDataStreams: C:\ProgramData\TEMP:1FA4C06F AlternateDataStreams: C:\ProgramData\TEMP:1FF82161 AlternateDataStreams: C:\ProgramData\TEMP:2043337E AlternateDataStreams: C:\ProgramData\TEMP:206470A5 AlternateDataStreams: C:\ProgramData\TEMP:20ABE827 AlternateDataStreams: C:\ProgramData\TEMP:2211E7A0 AlternateDataStreams: C:\ProgramData\TEMP:2313511A AlternateDataStreams: C:\ProgramData\TEMP:2339C9FD AlternateDataStreams: C:\ProgramData\TEMP:24164710 AlternateDataStreams: C:\ProgramData\TEMP:244E4E3A AlternateDataStreams: C:\ProgramData\TEMP:254AD2ED AlternateDataStreams: C:\ProgramData\TEMP:2680DDD5 AlternateDataStreams: C:\ProgramData\TEMP:26991AB9 AlternateDataStreams: C:\ProgramData\TEMP:2701CA70 AlternateDataStreams: C:\ProgramData\TEMP:271E16B0 AlternateDataStreams: C:\ProgramData\TEMP:27A88EF2 AlternateDataStreams: C:\ProgramData\TEMP:282CE153 AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0 AlternateDataStreams: C:\ProgramData\TEMP:28DFF83F AlternateDataStreams: C:\ProgramData\TEMP:2979C892 AlternateDataStreams: C:\ProgramData\TEMP:29EA7E22 AlternateDataStreams: C:\ProgramData\TEMP:2A874675 AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9 AlternateDataStreams: C:\ProgramData\TEMP:2AD33723 AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9 AlternateDataStreams: C:\ProgramData\TEMP:2B40A7DB AlternateDataStreams: C:\ProgramData\TEMP:2C4F33F6 AlternateDataStreams: C:\ProgramData\TEMP:2C678471 AlternateDataStreams: C:\ProgramData\TEMP:2C84CA43 AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6 AlternateDataStreams: C:\ProgramData\TEMP:2E3F04BC AlternateDataStreams: C:\ProgramData\TEMP:2E636DD9 AlternateDataStreams: C:\ProgramData\TEMP:2E928E6E AlternateDataStreams: C:\ProgramData\TEMP:2F360FB3 AlternateDataStreams: C:\ProgramData\TEMP:2F474C84 AlternateDataStreams: C:\ProgramData\TEMP:2F70C0B4 AlternateDataStreams: C:\ProgramData\TEMP:2F947175 AlternateDataStreams: C:\ProgramData\TEMP:3086B95F AlternateDataStreams: C:\ProgramData\TEMP:319D783D AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96 AlternateDataStreams: C:\ProgramData\TEMP:320208DA AlternateDataStreams: C:\ProgramData\TEMP:32289BE8 AlternateDataStreams: C:\ProgramData\TEMP:3241739E AlternateDataStreams: C:\ProgramData\TEMP:32AE8659 AlternateDataStreams: C:\ProgramData\TEMP:32EA849C AlternateDataStreams: C:\ProgramData\TEMP:331B7520 AlternateDataStreams: C:\ProgramData\TEMP:33E58057 AlternateDataStreams: C:\ProgramData\TEMP:3480F458 AlternateDataStreams: C:\ProgramData\TEMP:34C443B4 AlternateDataStreams: C:\ProgramData\TEMP:35501BA4 AlternateDataStreams: C:\ProgramData\TEMP:3595B780 AlternateDataStreams: C:\ProgramData\TEMP:363E775E AlternateDataStreams: C:\ProgramData\TEMP:366EFA1A AlternateDataStreams: C:\ProgramData\TEMP:36ED5C45 AlternateDataStreams: C:\ProgramData\TEMP:371060CE AlternateDataStreams: C:\ProgramData\TEMP:374CECA7 AlternateDataStreams: C:\ProgramData\TEMP:37C279BE AlternateDataStreams: C:\ProgramData\TEMP:38534D53 AlternateDataStreams: C:\ProgramData\TEMP:3969ACF7 AlternateDataStreams: C:\ProgramData\TEMP:398D2775 AlternateDataStreams: C:\ProgramData\TEMP:398EFF0F AlternateDataStreams: C:\ProgramData\TEMP:3A133158 AlternateDataStreams: C:\ProgramData\TEMP:3A28C54D AlternateDataStreams: C:\ProgramData\TEMP:3ABC38E6 AlternateDataStreams: C:\ProgramData\TEMP:3B622E21 AlternateDataStreams: C:\ProgramData\TEMP:3B633DE9 AlternateDataStreams: C:\ProgramData\TEMP:3B71586E AlternateDataStreams: C:\ProgramData\TEMP:3BDF57F4 AlternateDataStreams: C:\ProgramData\TEMP:3C4BD225 AlternateDataStreams: C:\ProgramData\TEMP:3C6860C5 AlternateDataStreams: C:\ProgramData\TEMP:3D033DEC AlternateDataStreams: C:\ProgramData\TEMP:3D1D487A AlternateDataStreams: C:\ProgramData\TEMP:3D4B733E AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC AlternateDataStreams: C:\ProgramData\TEMP:3D922890 AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87 AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08 AlternateDataStreams: C:\ProgramData\TEMP:3F266659 AlternateDataStreams: C:\ProgramData\TEMP:401CAF8F AlternateDataStreams: C:\ProgramData\TEMP:404908B5 AlternateDataStreams: C:\ProgramData\TEMP:406E0034 AlternateDataStreams: C:\ProgramData\TEMP:41289DF0 AlternateDataStreams: C:\ProgramData\TEMP:413177C4 AlternateDataStreams: C:\ProgramData\TEMP:4157BB05 AlternateDataStreams: C:\ProgramData\TEMP:41CB6858 AlternateDataStreams: C:\ProgramData\TEMP:4244811A AlternateDataStreams: C:\ProgramData\TEMP:43CBFAB2 AlternateDataStreams: C:\ProgramData\TEMP:43F5FA9D AlternateDataStreams: C:\ProgramData\TEMP:44712999 AlternateDataStreams: C:\ProgramData\TEMP:4577F5B4 AlternateDataStreams: C:\ProgramData\TEMP:45936E12 AlternateDataStreams: C:\ProgramData\TEMP:45A64DE6 AlternateDataStreams: C:\ProgramData\TEMP:460638C7 AlternateDataStreams: C:\ProgramData\TEMP:46283136 AlternateDataStreams: C:\ProgramData\TEMP:474022C7 AlternateDataStreams: C:\ProgramData\TEMP:4762F1D2 AlternateDataStreams: C:\ProgramData\TEMP:48862C37 AlternateDataStreams: C:\ProgramData\TEMP:488F7244 AlternateDataStreams: C:\ProgramData\TEMP:489EA5E5 AlternateDataStreams: C:\ProgramData\TEMP:48BCFDB6 AlternateDataStreams: C:\ProgramData\TEMP:48D6EA0F AlternateDataStreams: C:\ProgramData\TEMP:494E4266 AlternateDataStreams: C:\ProgramData\TEMP:498B5975 AlternateDataStreams: C:\ProgramData\TEMP:49EA4410 AlternateDataStreams: C:\ProgramData\TEMP:49EB69E2 AlternateDataStreams: C:\ProgramData\TEMP:4A5CFD3B AlternateDataStreams: C:\ProgramData\TEMP:4A8EB1C4 AlternateDataStreams: C:\ProgramData\TEMP:4AC7B5C1 AlternateDataStreams: C:\ProgramData\TEMP:4B7C28B1 AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7 AlternateDataStreams: C:\ProgramData\TEMP:4C3D5A8B AlternateDataStreams: C:\ProgramData\TEMP:4C465B13 AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344 AlternateDataStreams: C:\ProgramData\TEMP:4D28BE4D AlternateDataStreams: C:\ProgramData\TEMP:4D551822 AlternateDataStreams: C:\ProgramData\TEMP:4D8FCBEF AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8 AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009 AlternateDataStreams: C:\ProgramData\TEMP:4EFA2FC7 AlternateDataStreams: C:\ProgramData\TEMP:4F49DA66 AlternateDataStreams: C:\ProgramData\TEMP:4F852702 AlternateDataStreams: C:\ProgramData\TEMP:4FD3435F AlternateDataStreams: C:\ProgramData\TEMP:5008417E AlternateDataStreams: C:\ProgramData\TEMP:50868536 AlternateDataStreams: C:\ProgramData\TEMP:50DD4118 AlternateDataStreams: C:\ProgramData\TEMP:512E1728 AlternateDataStreams: C:\ProgramData\TEMP:5133A494 AlternateDataStreams: C:\ProgramData\TEMP:5164A01F AlternateDataStreams: C:\ProgramData\TEMP:51A20D23 AlternateDataStreams: C:\ProgramData\TEMP:53B8C5D2 AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6 AlternateDataStreams: C:\ProgramData\TEMP:53F09A92 AlternateDataStreams: C:\ProgramData\TEMP:54380FEC AlternateDataStreams: C:\ProgramData\TEMP:54403233 AlternateDataStreams: C:\ProgramData\TEMP:5453E5AF AlternateDataStreams: C:\ProgramData\TEMP:5520ED93 AlternateDataStreams: C:\ProgramData\TEMP:5539129F AlternateDataStreams: C:\ProgramData\TEMP:56699AAF AlternateDataStreams: C:\ProgramData\TEMP:56FBA78D AlternateDataStreams: C:\ProgramData\TEMP:57176330 AlternateDataStreams: C:\ProgramData\TEMP:57231008 AlternateDataStreams: C:\ProgramData\TEMP:574F975B AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C AlternateDataStreams: C:\ProgramData\TEMP:57DFBE4E AlternateDataStreams: C:\ProgramData\TEMP:58447932 AlternateDataStreams: C:\ProgramData\TEMP:587F3582 AlternateDataStreams: C:\ProgramData\TEMP:58A2C544 AlternateDataStreams: C:\ProgramData\TEMP:58B3FE52 AlternateDataStreams: C:\ProgramData\TEMP:58E38390 AlternateDataStreams: C:\ProgramData\TEMP:59465B40 AlternateDataStreams: C:\ProgramData\TEMP:59540531 AlternateDataStreams: C:\ProgramData\TEMP:59A6876B AlternateDataStreams: C:\ProgramData\TEMP:5A068EE1 AlternateDataStreams: C:\ProgramData\TEMP:5A5477A9 AlternateDataStreams: C:\ProgramData\TEMP:5A63CC20 AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5 AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E AlternateDataStreams: C:\ProgramData\TEMP:5C353220 AlternateDataStreams: C:\ProgramData\TEMP:5C3637D2 AlternateDataStreams: C:\ProgramData\TEMP:5C42F64A AlternateDataStreams: C:\ProgramData\TEMP:5C5F2761 AlternateDataStreams: C:\ProgramData\TEMP:5C717402 AlternateDataStreams: C:\ProgramData\TEMP:5C9A6C78 AlternateDataStreams: C:\ProgramData\TEMP:5CB83528 AlternateDataStreams: C:\ProgramData\TEMP:5CE91C67 AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47 AlternateDataStreams: C:\ProgramData\TEMP:5E21B96B AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2 AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B AlternateDataStreams: C:\ProgramData\TEMP:5ECEFF17 AlternateDataStreams: C:\ProgramData\TEMP:5EFEB6A1 AlternateDataStreams: C:\ProgramData\TEMP:5F56E7C1 AlternateDataStreams: C:\ProgramData\TEMP:5FC043A8 AlternateDataStreams: C:\ProgramData\TEMP:607A99D7 AlternateDataStreams: C:\ProgramData\TEMP:60E755E6 AlternateDataStreams: C:\ProgramData\TEMP:60F3D3BE AlternateDataStreams: C:\ProgramData\TEMP:6294B369 AlternateDataStreams: C:\ProgramData\TEMP:62AF94A0 AlternateDataStreams: C:\ProgramData\TEMP:63210866 AlternateDataStreams: C:\ProgramData\TEMP:63C48B80 AlternateDataStreams: C:\ProgramData\TEMP:641A21EA AlternateDataStreams: C:\ProgramData\TEMP:64E05835 AlternateDataStreams: C:\ProgramData\TEMP:65137F0D AlternateDataStreams: C:\ProgramData\TEMP:65484F45 AlternateDataStreams: C:\ProgramData\TEMP:65C4D44A AlternateDataStreams: C:\ProgramData\TEMP:65FE83E4 AlternateDataStreams: C:\ProgramData\TEMP:669AB5E1 AlternateDataStreams: C:\ProgramData\TEMP:66C764F5 AlternateDataStreams: C:\ProgramData\TEMP:66F7E5A9 AlternateDataStreams: C:\ProgramData\TEMP:674893F9 AlternateDataStreams: C:\ProgramData\TEMP:6757F885 AlternateDataStreams: C:\ProgramData\TEMP:67A91473 AlternateDataStreams: C:\ProgramData\TEMP:67E674B0 AlternateDataStreams: C:\ProgramData\TEMP:6896CCCE AlternateDataStreams: C:\ProgramData\TEMP:691F4D97 AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20 AlternateDataStreams: C:\ProgramData\TEMP:69F562A6 AlternateDataStreams: C:\ProgramData\TEMP:6A0A47E7 AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4 AlternateDataStreams: C:\ProgramData\TEMP:6A9CA6CB AlternateDataStreams: C:\ProgramData\TEMP:6AF6BB0E AlternateDataStreams: C:\ProgramData\TEMP:6B3B5466 AlternateDataStreams: C:\ProgramData\TEMP:6BEADDC0 AlternateDataStreams: C:\ProgramData\TEMP:6C15BEAD AlternateDataStreams: C:\ProgramData\TEMP:6C74C778 AlternateDataStreams: C:\ProgramData\TEMP:6CF828C2 AlternateDataStreams: C:\ProgramData\TEMP:6D208D7A AlternateDataStreams: C:\ProgramData\TEMP:6D65CED0 AlternateDataStreams: C:\ProgramData\TEMP:6DA3BBF2 AlternateDataStreams: C:\ProgramData\TEMP:6DD124E2 AlternateDataStreams: C:\ProgramData\TEMP:6E39144C AlternateDataStreams: C:\ProgramData\TEMP:6E65510A AlternateDataStreams: C:\ProgramData\TEMP:6E90EDD7 AlternateDataStreams: C:\ProgramData\TEMP:6ECE93A8 AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A AlternateDataStreams: C:\ProgramData\TEMP:6EFFF8B9 AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72 AlternateDataStreams: C:\ProgramData\TEMP:702A7F20 AlternateDataStreams: C:\ProgramData\TEMP:70989864 AlternateDataStreams: C:\ProgramData\TEMP:709E81D4 AlternateDataStreams: C:\ProgramData\TEMP:70BDB805 AlternateDataStreams: C:\ProgramData\TEMP:70E897B5 AlternateDataStreams: C:\ProgramData\TEMP:710768C7 AlternateDataStreams: C:\ProgramData\TEMP:71AEFFEB AlternateDataStreams: C:\ProgramData\TEMP:72449E7D AlternateDataStreams: C:\ProgramData\TEMP:7254CF01 AlternateDataStreams: C:\ProgramData\TEMP:72A1B66A AlternateDataStreams: C:\ProgramData\TEMP:72C99D4E AlternateDataStreams: C:\ProgramData\TEMP:72E5CC07 AlternateDataStreams: C:\ProgramData\TEMP:747457CF AlternateDataStreams: C:\ProgramData\TEMP:754E278B AlternateDataStreams: C:\ProgramData\TEMP:75765D7B AlternateDataStreams: C:\ProgramData\TEMP:762408BA AlternateDataStreams: C:\ProgramData\TEMP:774A0E14 AlternateDataStreams: C:\ProgramData\TEMP:774C075A AlternateDataStreams: C:\ProgramData\TEMP:795F6DEC AlternateDataStreams: C:\ProgramData\TEMP:79A7F369 AlternateDataStreams: C:\ProgramData\TEMP:7ADA8871 AlternateDataStreams: C:\ProgramData\TEMP:7BB20DE8 AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA AlternateDataStreams: C:\ProgramData\TEMP:7BE5BAAB AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9 AlternateDataStreams: C:\ProgramData\TEMP:7C27C41C AlternateDataStreams: C:\ProgramData\TEMP:7D938C9B AlternateDataStreams: C:\ProgramData\TEMP:7D9B1030 AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762 AlternateDataStreams: C:\ProgramData\TEMP:7E47A57F AlternateDataStreams: C:\ProgramData\TEMP:7EB93F0E AlternateDataStreams: C:\ProgramData\TEMP:7F477B0D AlternateDataStreams: C:\ProgramData\TEMP:7FD60FAD AlternateDataStreams: C:\ProgramData\TEMP:7FD8AECC AlternateDataStreams: C:\ProgramData\TEMP:801ED9DF AlternateDataStreams: C:\ProgramData\TEMP:80253E8D AlternateDataStreams: C:\ProgramData\TEMP:8029E75F AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3 AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA AlternateDataStreams: C:\ProgramData\TEMP:8118F1F5 AlternateDataStreams: C:\ProgramData\TEMP:823606DE AlternateDataStreams: C:\ProgramData\TEMP:8318A814 AlternateDataStreams: C:\ProgramData\TEMP:841E0E1B AlternateDataStreams: C:\ProgramData\TEMP:8435AD8C AlternateDataStreams: C:\ProgramData\TEMP:843D8419 AlternateDataStreams: C:\ProgramData\TEMP:84C34762 AlternateDataStreams: C:\ProgramData\TEMP:852F2262 AlternateDataStreams: C:\ProgramData\TEMP:85376176 AlternateDataStreams: C:\ProgramData\TEMP:86148D88 AlternateDataStreams: C:\ProgramData\TEMP:865F21BF AlternateDataStreams: C:\ProgramData\TEMP:869C6B4A AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD AlternateDataStreams: C:\ProgramData\TEMP:86B7FDDB AlternateDataStreams: C:\ProgramData\TEMP:871526BA AlternateDataStreams: C:\ProgramData\TEMP:8751B175 AlternateDataStreams: C:\ProgramData\TEMP:87731E5E AlternateDataStreams: C:\ProgramData\TEMP:87A3A233 AlternateDataStreams: C:\ProgramData\TEMP:8836A712 AlternateDataStreams: C:\ProgramData\TEMP:8855A119 AlternateDataStreams: C:\ProgramData\TEMP:8866C899 AlternateDataStreams: C:\ProgramData\TEMP:88C5973F AlternateDataStreams: C:\ProgramData\TEMP:88FB7F72 AlternateDataStreams: C:\ProgramData\TEMP:8944C195 AlternateDataStreams: C:\ProgramData\TEMP:8A620099 AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3 AlternateDataStreams: C:\ProgramData\TEMP:8B480195 AlternateDataStreams: C:\ProgramData\TEMP:8B79243A AlternateDataStreams: C:\ProgramData\TEMP:8BE7A048 AlternateDataStreams: C:\ProgramData\TEMP:8C3C65BE AlternateDataStreams: C:\ProgramData\TEMP:8C8D234C AlternateDataStreams: C:\ProgramData\TEMP:8D565A9B AlternateDataStreams: C:\ProgramData\TEMP:8DBCF585 AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80 AlternateDataStreams: C:\ProgramData\TEMP:8EBF0142 AlternateDataStreams: C:\ProgramData\TEMP:8F6B75BF AlternateDataStreams: C:\ProgramData\TEMP:8FC568E1 AlternateDataStreams: C:\ProgramData\TEMP:90C320E1 AlternateDataStreams: C:\ProgramData\TEMP:918A387B AlternateDataStreams: C:\ProgramData\TEMP:9195103F AlternateDataStreams: C:\ProgramData\TEMP:9254F782 AlternateDataStreams: C:\ProgramData\TEMP:92BD9737 AlternateDataStreams: C:\ProgramData\TEMP:92CA7E75 AlternateDataStreams: C:\ProgramData\TEMP:9338F136 AlternateDataStreams: C:\ProgramData\TEMP:934CA750 AlternateDataStreams: C:\ProgramData\TEMP:943971F5 AlternateDataStreams: C:\ProgramData\TEMP:94B25DF5 AlternateDataStreams: C:\ProgramData\TEMP:95079543 AlternateDataStreams: C:\ProgramData\TEMP:9510DF8F AlternateDataStreams: C:\ProgramData\TEMP:952245B1 AlternateDataStreams: C:\ProgramData\TEMP:9524D821 AlternateDataStreams: C:\ProgramData\TEMP:95D421DF AlternateDataStreams: C:\ProgramData\TEMP:96372A73 AlternateDataStreams: C:\ProgramData\TEMP:968F624D AlternateDataStreams: C:\ProgramData\TEMP:96AFAB10 AlternateDataStreams: C:\ProgramData\TEMP:97427454 AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2 AlternateDataStreams: C:\ProgramData\TEMP:981456CB AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4 AlternateDataStreams: C:\ProgramData\TEMP:98CD9221 AlternateDataStreams: C:\ProgramData\TEMP:98CF1A39 AlternateDataStreams: C:\ProgramData\TEMP:98DD1050 AlternateDataStreams: C:\ProgramData\TEMP:991283D0 AlternateDataStreams: C:\ProgramData\TEMP:993185CB AlternateDataStreams: C:\ProgramData\TEMP:99515FFA AlternateDataStreams: C:\ProgramData\TEMP:9968F0E2 AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 AlternateDataStreams: C:\ProgramData\TEMP:99B20AD0 AlternateDataStreams: C:\ProgramData\TEMP:9A60A5B3 AlternateDataStreams: C:\ProgramData\TEMP:9A88B65D AlternateDataStreams: C:\ProgramData\TEMP:9B285B76 AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675 AlternateDataStreams: C:\ProgramData\TEMP:9C7A32BB AlternateDataStreams: C:\ProgramData\TEMP:9CE870B8 AlternateDataStreams: C:\ProgramData\TEMP:9E3D44B7 AlternateDataStreams: C:\ProgramData\TEMP:9E410D29 AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD AlternateDataStreams: C:\ProgramData\TEMP:9EE6560D AlternateDataStreams: C:\ProgramData\TEMP:A015B193 AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C AlternateDataStreams: C:\ProgramData\TEMP:A13B696A AlternateDataStreams: C:\ProgramData\TEMP:A19DFC74 AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0 AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369 AlternateDataStreams: C:\ProgramData\TEMP:A2FF94DF AlternateDataStreams: C:\ProgramData\TEMP:A391510C AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C AlternateDataStreams: C:\ProgramData\TEMP:A3E0A552 AlternateDataStreams: C:\ProgramData\TEMP:A4241298 AlternateDataStreams: C:\ProgramData\TEMP:A42B5698 AlternateDataStreams: C:\ProgramData\TEMP:A42FABF7 AlternateDataStreams: C:\ProgramData\TEMP:A4AF8D0D AlternateDataStreams: C:\ProgramData\TEMP:A4B4192F AlternateDataStreams: C:\ProgramData\TEMP:A4E7D25F AlternateDataStreams: C:\ProgramData\TEMP:A52D07E2 AlternateDataStreams: C:\ProgramData\TEMP:A5584049 AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1 AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67 AlternateDataStreams: C:\ProgramData\TEMP:A6F30843 AlternateDataStreams: C:\ProgramData\TEMP:A6FE7BCC AlternateDataStreams: C:\ProgramData\TEMP:A73595DE AlternateDataStreams: C:\ProgramData\TEMP:A78B31DD AlternateDataStreams: C:\ProgramData\TEMP:A798AA1A AlternateDataStreams: C:\ProgramData\TEMP:A7C40691 AlternateDataStreams: C:\ProgramData\TEMP:A8185163 AlternateDataStreams: C:\ProgramData\TEMP:A819A132 AlternateDataStreams: C:\ProgramData\TEMP:A8369371 AlternateDataStreams: C:\ProgramData\TEMP:A8ADEA55 AlternateDataStreams: C:\ProgramData\TEMP:A9223B61 AlternateDataStreams: C:\ProgramData\TEMP:A9562832 AlternateDataStreams: C:\ProgramData\TEMP:A9EBEE99 AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D AlternateDataStreams: C:\ProgramData\TEMP:AA0017FD AlternateDataStreams: C:\ProgramData\TEMP:AA5A61B2 AlternateDataStreams: C:\ProgramData\TEMP:AAA06E15 AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80 AlternateDataStreams: C:\ProgramData\TEMP:ABBFFEA2 AlternateDataStreams: C:\ProgramData\TEMP:AC9F291E AlternateDataStreams: C:\ProgramData\TEMP:ACB38255 AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538 AlternateDataStreams: C:\ProgramData\TEMP:AD020DC3 AlternateDataStreams: C:\ProgramData\TEMP:AD179392 AlternateDataStreams: C:\ProgramData\TEMP:AD2DB2F9 AlternateDataStreams: C:\ProgramData\TEMP:ADEBE9CA AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E AlternateDataStreams: C:\ProgramData\TEMP:AEC59117 AlternateDataStreams: C:\ProgramData\TEMP:AED4A2B7 AlternateDataStreams: C:\ProgramData\TEMP:AF465248 AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00 AlternateDataStreams: C:\ProgramData\TEMP:AFBD0680 AlternateDataStreams: C:\ProgramData\TEMP:AFC732F7 AlternateDataStreams: C:\ProgramData\TEMP:B01EC114 AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C AlternateDataStreams: C:\ProgramData\TEMP:B0A727D1 AlternateDataStreams: C:\ProgramData\TEMP:B0EA26E5 AlternateDataStreams: C:\ProgramData\TEMP:B1786630 AlternateDataStreams: C:\ProgramData\TEMP:B21F2857 AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69 AlternateDataStreams: C:\ProgramData\TEMP:B2DC8D6B AlternateDataStreams: C:\ProgramData\TEMP:B33464A5 AlternateDataStreams: C:\ProgramData\TEMP:B36361EE AlternateDataStreams: C:\ProgramData\TEMP:B3A5945E AlternateDataStreams: C:\ProgramData\TEMP:B3C7433B AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D AlternateDataStreams: C:\ProgramData\TEMP:B4530133 AlternateDataStreams: C:\ProgramData\TEMP:B4F7687B AlternateDataStreams: C:\ProgramData\TEMP:B504E4C2 AlternateDataStreams: C:\ProgramData\TEMP:B50D8729 AlternateDataStreams: C:\ProgramData\TEMP:B5FD4AA1 AlternateDataStreams: C:\ProgramData\TEMP:B61767F5 AlternateDataStreams: C:\ProgramData\TEMP:B64F7263 AlternateDataStreams: C:\ProgramData\TEMP:B69CF390 AlternateDataStreams: C:\ProgramData\TEMP:B6D84F71 AlternateDataStreams: C:\ProgramData\TEMP:B6E58523 AlternateDataStreams: C:\ProgramData\TEMP:B6E6C4EA AlternateDataStreams: C:\ProgramData\TEMP:B8408597 AlternateDataStreams: C:\ProgramData\TEMP:B8791731 AlternateDataStreams: C:\ProgramData\TEMP:B88DC997 AlternateDataStreams: C:\ProgramData\TEMP:B8EB1B99 AlternateDataStreams: C:\ProgramData\TEMP:BACC4A79 AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4 AlternateDataStreams: C:\ProgramData\TEMP:BBC9C1EB AlternateDataStreams: C:\ProgramData\TEMP:BC38C00C AlternateDataStreams: C:\ProgramData\TEMP:BCF55336 AlternateDataStreams: C:\ProgramData\TEMP:BCFEA004 AlternateDataStreams: C:\ProgramData\TEMP:BD0A043E AlternateDataStreams: C:\ProgramData\TEMP:BD34FFC5 AlternateDataStreams: C:\ProgramData\TEMP:BD414E4B AlternateDataStreams: C:\ProgramData\TEMP:BD50071F AlternateDataStreams: C:\ProgramData\TEMP:BD84F7D6 AlternateDataStreams: C:\ProgramData\TEMP:BDDA21B6 AlternateDataStreams: C:\ProgramData\TEMP:BE0654D6 AlternateDataStreams: C:\ProgramData\TEMP:BE40C8A2 AlternateDataStreams: C:\ProgramData\TEMP:BE6B5FC3 AlternateDataStreams: C:\ProgramData\TEMP:BECA50FF AlternateDataStreams: C:\ProgramData\TEMP:BEF18713 AlternateDataStreams: C:\ProgramData\TEMP:BF6C4AAC AlternateDataStreams: C:\ProgramData\TEMP:C00C7190 AlternateDataStreams: C:\ProgramData\TEMP:C0D23A2F AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 AlternateDataStreams: C:\ProgramData\TEMP:C26A6AB3 AlternateDataStreams: C:\ProgramData\TEMP:C2F24DB5 AlternateDataStreams: C:\ProgramData\TEMP:C368C9EA AlternateDataStreams: C:\ProgramData\TEMP:C370B84F AlternateDataStreams: C:\ProgramData\TEMP:C37283B5 AlternateDataStreams: C:\ProgramData\TEMP:C3899C0B AlternateDataStreams: C:\ProgramData\TEMP:C3A047E3 AlternateDataStreams: C:\ProgramData\TEMP:C3E7F2E9 AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1 AlternateDataStreams: C:\ProgramData\TEMP:C55217E2 AlternateDataStreams: C:\ProgramData\TEMP:C5D15631 AlternateDataStreams: C:\ProgramData\TEMP:C6104C4F AlternateDataStreams: C:\ProgramData\TEMP:C65B4BD1 AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1 AlternateDataStreams: C:\ProgramData\TEMP:C6920A5D AlternateDataStreams: C:\ProgramData\TEMP:C76D8487 AlternateDataStreams: C:\ProgramData\TEMP:C78DADEA AlternateDataStreams: C:\ProgramData\TEMP:C7F08EA3 AlternateDataStreams: C:\ProgramData\TEMP:C82CA1C0 AlternateDataStreams: C:\ProgramData\TEMP:C89D1773 AlternateDataStreams: C:\ProgramData\TEMP:C8E3A625 AlternateDataStreams: C:\ProgramData\TEMP:C900B47A AlternateDataStreams: C:\ProgramData\TEMP:C98828D3 AlternateDataStreams: C:\ProgramData\TEMP:CA1AFE85 AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16 AlternateDataStreams: C:\ProgramData\TEMP:CAB0171A AlternateDataStreams: C:\ProgramData\TEMP:CB3667AF AlternateDataStreams: C:\ProgramData\TEMP:CB5AA1E6 AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30 AlternateDataStreams: C:\ProgramData\TEMP:CC141B05 AlternateDataStreams: C:\ProgramData\TEMP:CCD8056E AlternateDataStreams: C:\ProgramData\TEMP:CE3AADB7 AlternateDataStreams: C:\ProgramData\TEMP:CE506F23 AlternateDataStreams: C:\ProgramData\TEMP:CF8AEC6E AlternateDataStreams: C:\ProgramData\TEMP  026A5A4AlternateDataStreams: C:\ProgramData\TEMP 086B88DAlternateDataStreams: C:\ProgramData\TEMP 103E81EAlternateDataStreams: C:\ProgramData\TEMP 1FE35E7AlternateDataStreams: C:\ProgramData\TEMP 434342FAlternateDataStreams: C:\ProgramData\TEMP 4558A0BAlternateDataStreams: C:\ProgramData\TEMP 4DD372DAlternateDataStreams: C:\ProgramData\TEMP 4E62FA9AlternateDataStreams: C:\ProgramData\TEMP 4F5419AAlternateDataStreams: C:\ProgramData\TEMP 621CFB8AlternateDataStreams: C:\ProgramData\TEMP 64DD961AlternateDataStreams: C:\ProgramData\TEMP 6A43EB0AlternateDataStreams: C:\ProgramData\TEMP 7740E2AAlternateDataStreams: C:\ProgramData\TEMP 7D0B4AFAlternateDataStreams: C:\ProgramData\TEMP 8A1AC56AlternateDataStreams: C:\ProgramData\TEMP 8F64D5AAlternateDataStreams: C:\ProgramData\TEMP 92A5893AlternateDataStreams: C:\ProgramData\TEMP B76C881AlternateDataStreams: C:\ProgramData\TEMP B77E2C4AlternateDataStreams: C:\ProgramData\TEMP C0B1070AlternateDataStreams: C:\ProgramData\TEMP C7EDF41AlternateDataStreams: C:\ProgramData\TEMP C9915D2AlternateDataStreams: C:\ProgramData\TEMP F5ABA3DAlternateDataStreams: C:\ProgramData\TEMP F7A2D3EAlternateDataStreams: C:\ProgramData\TEMP FFB9E98AlternateDataStreams: C:\ProgramData\TEMP:E11D90D0 AlternateDataStreams: C:\ProgramData\TEMP:E1520A02 AlternateDataStreams: C:\ProgramData\TEMP:E265ED33 AlternateDataStreams: C:\ProgramData\TEMP:E2CFA9CD AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE AlternateDataStreams: C:\ProgramData\TEMP:E3615992 AlternateDataStreams: C:\ProgramData\TEMP:E3B0ACE0 AlternateDataStreams: C:\ProgramData\TEMP:E40AB54F AlternateDataStreams: C:\ProgramData\TEMP:E4272706 AlternateDataStreams: C:\ProgramData\TEMP:E446CB48 AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B AlternateDataStreams: C:\ProgramData\TEMP:E4996D81 AlternateDataStreams: C:\ProgramData\TEMP:E4E83517 AlternateDataStreams: C:\ProgramData\TEMP:E4FD113F AlternateDataStreams: C:\ProgramData\TEMP:E517FE76 AlternateDataStreams: C:\ProgramData\TEMP:E5496666 AlternateDataStreams: C:\ProgramData\TEMP:E5AF754F AlternateDataStreams: C:\ProgramData\TEMP:E6708F08 AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40 AlternateDataStreams: C:\ProgramData\TEMP:E87AB4E3 AlternateDataStreams: C:\ProgramData\TEMP:E894A3ED AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF AlternateDataStreams: C:\ProgramData\TEMP:E8B61305 AlternateDataStreams: C:\ProgramData\TEMP:E8BE0B80 AlternateDataStreams: C:\ProgramData\TEMP:E8C44CB4 AlternateDataStreams: C:\ProgramData\TEMP:E94FA418 AlternateDataStreams: C:\ProgramData\TEMP:E96A2658 AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047 AlternateDataStreams: C:\ProgramData\TEMP:EBCF5924 AlternateDataStreams: C:\ProgramData\TEMP:EBF0842B AlternateDataStreams: C:\ProgramData\TEMP:EC0A74A1 AlternateDataStreams: C:\ProgramData\TEMP:ED0B32CA AlternateDataStreams: C:\ProgramData\TEMP:ED92736E AlternateDataStreams: C:\ProgramData\TEMP:EDB03249 AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30 AlternateDataStreams: C:\ProgramData\TEMP:EE198B1F AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C AlternateDataStreams: C:\ProgramData\TEMP:EF0BD3A1 AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33 AlternateDataStreams: C:\ProgramData\TEMP:EF123AF6 AlternateDataStreams: C:\ProgramData\TEMP:EF53A5CA AlternateDataStreams: C:\ProgramData\TEMP:F1174C93 AlternateDataStreams: C:\ProgramData\TEMP:F135A76C AlternateDataStreams: C:\ProgramData\TEMP:F1381B87 AlternateDataStreams: C:\ProgramData\TEMP:F13867C6 AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6 AlternateDataStreams: C:\ProgramData\TEMP:F26F5952 AlternateDataStreams: C:\ProgramData\TEMP:F2B81C2E AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD AlternateDataStreams: C:\ProgramData\TEMP:F2EDC57C AlternateDataStreams: C:\ProgramData\TEMP:F2F0A8AC AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE AlternateDataStreams: C:\ProgramData\TEMP:F49868C8 AlternateDataStreams: C:\ProgramData\TEMP:F4BF61E8 AlternateDataStreams: C:\ProgramData\TEMP:F52DB269 AlternateDataStreams: C:\ProgramData\TEMP:F56BE392 AlternateDataStreams: C:\ProgramData\TEMP:F5B99CA4 AlternateDataStreams: C:\ProgramData\TEMP:F610C203 AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4 AlternateDataStreams: C:\ProgramData\TEMP:F6DA3F39 AlternateDataStreams: C:\ProgramData\TEMP:F74EC668 AlternateDataStreams: C:\ProgramData\TEMP:F7BF538D AlternateDataStreams: C:\ProgramData\TEMP:F7F4DC88 AlternateDataStreams: C:\ProgramData\TEMP:F7FFE8AF AlternateDataStreams: C:\ProgramData\TEMP:F816645E AlternateDataStreams: C:\ProgramData\TEMP:F817E159 AlternateDataStreams: C:\ProgramData\TEMP:F83E8359 AlternateDataStreams: C:\ProgramData\TEMP:F860DBFD AlternateDataStreams: C:\ProgramData\TEMP:F89F2593 AlternateDataStreams: C:\ProgramData\TEMP:F8DE80DB AlternateDataStreams: C:\ProgramData\TEMP:F94DE3B1 AlternateDataStreams: C:\ProgramData\TEMP:F9689B72 AlternateDataStreams: C:\ProgramData\TEMP:F9F58B80 AlternateDataStreams: C:\ProgramData\TEMP:FB4262DE AlternateDataStreams: C:\ProgramData\TEMP:FB71A279 AlternateDataStreams: C:\ProgramData\TEMP:FBA79096 AlternateDataStreams: C:\ProgramData\TEMP:FCBEDCFD AlternateDataStreams: C:\ProgramData\TEMP:FD11E093 AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3 AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9 AlternateDataStreams: C:\ProgramData\TEMP:FD6DB82C AlternateDataStreams: C:\ProgramData\TEMP:FD7DCDA6 AlternateDataStreams: C:\ProgramData\TEMP:FDEE14AC AlternateDataStreams: C:\ProgramData\TEMP:FF717A18 AlternateDataStreams: C:\ProgramData\TEMP:FFC3922F AlternateDataStreams: C:\Users\Bernhard Gramüller\Downloads\PayPal_aktualisiert_die_AGB.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: ogmservice => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: TabletInputService => 3 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WPCSvc => 3 ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-01-25 06:34:09.455 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-25 06:25:58.756 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-24 22:14:30.635 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-24 21:32:44.012 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-24 19:49:09.962 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-24 18:38:08.596 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-24 16:15:13.727 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-24 15:11:19.212 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-24 14:48:34.356 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-24 12:10:48.436 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 4094.05 MB Available physical RAM: 2277.26 MB Total Pagefile: 8186.29 MB Available Pagefile: 6051.25 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:636.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Volume) (Fixed) (Total:232.42 GB) (Free:203.87 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (Volume) (Fixed) (Total:233.34 GB) (Free:233.23 GB) NTFS Drive f: (PX-1263) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3EEEB4A7) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 466 GB) (Disk ID: 4B83CCE6) Partition 1: (Active) - (Size=232 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=233 GB) - (Type=OF Extended) ==================== End Of Log ============================ Den GMER-Log konnte ich nicht erstellen, da sich das Programm beide Male mitten im Scan aufgehangen und meinen PC mit lahmgelegt hat. Ich hoffe ihr könnt mir helfen, bin schon ein bisschen am Verzweifeln. Danke schon mal Andrea |
|
03.07.2014, 06:50
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 - V-9.1HD - hartnäckiger kleiner Teufel hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ |
|
03.07.2014, 16:45
| #3 |
| | Windows 7 - V-9.1HD - hartnäckiger kleiner Teufel Danke für die schnelle Antwort, das mit den Code-Tags hab ich wohl überlesen, sorry.
__________________Ich werde mich morgen gleich drum kümmern, wenn ich wieder am PC bin. |
|
04.07.2014, 13:08
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 - V-9.1HD - hartnäckiger kleiner Teufel ok 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 - V-9.1HD - hartnäckiger kleiner Teufel |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, antivir, anyprotect, avira, browser, ccsetup, converter, defender, desktop, einstellungen, firefox, flash player, helper, homepage, iexplore.exe, langsam, mozilla, newtab, object, online games, port, realtek, registry, security, services.exe, software, svchost.exe, teredo, usb, windows |
Linear-Darstellung
