| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 64 Zahnrad taucht öfter in Taskleiste aufWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.12.2014, 14:26
| #1 |
 |  Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Hallo Trojaner Board Support, seid heute bemerke ich, dass ein Zahnrad immer wieder in meiner Taskleiste auftaucht, was dort nicht hingehört. Es taucht kurz auf und verschwindet, bevor ich es überhaupt mal anwählen kann. Ich kann leider überhaupt nicht sagen, welche Software/Schadsoftware dahinter steckt. Hier sind schon mal ein paar aktuelle Logfiles dazu. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.12.2014 Suchlauf-Zeit: 09:59:31 Logdatei: Hilfe.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.22.03 Rootkit Datenbank: v2014.12.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: mathiaswolfgang Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 362319 Verstrichene Zeit: 23 Min, 33 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Optional.DownloadAdmin, C:\Users\mathiaswolfgang\Downloads\chatbot-setup.exe, In Quarantäne, [d449e77cbac2bd79216e2e2a09f7b44c], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter 360 Internet Security Scan log
Virus Database version: 2014-12-22 08:43
Date & time: 2014-12-22 13:58:08
Time elapsed: 00:04:08
Type: Quick Scan
Files scanned: 12408
Threats: 0
Threats cleared: 0
Current scan settings
----------------------
Scanned all files: No
Scanned Zip files: No
Resolution: User to decide on resolution
Scanned disk Boot Sector: Yes
Scanned for Rootkit: No
Used Cloud Engine: Yes
QVM Engine: Yes
Automatically repair: Yes
AV Engine settings: BitDefender
Scan content
----------------------
C:\Windows
C:\Windows\system
C:\Windows\system32
C:\Windows\fonts
C:\Windows\system32\drivers
C:\Windows\system32\dllcache
C:\Windows\temp
C:\Windows\tasks
C:\Windows\inf
C:\Program Files\Common Files
C:\Program Files\Common Files\System
C:\Program Files\Common Files\Microsoft Shared\DAO
Whitelist
----------------------
C:\SPIELE\Sword\MCIPlay.exe
Scan results
======================
No threats detected
Suspicious file upload results
----------------------
Upload failed
Upload failed
Upload failed
Upload failed
Upload failed
Upload failed
Upload failed
Upload failed
Upload failed
Upload failed
Code:
ATTFilter OTL logfile created on: 22.12.2014 13:51:07 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mathiaswolfgang\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17126) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 30,89% Memory free 4,00 Gb Paging File | 1,89 Gb Available in Paging File | 47,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 118,51 Gb Free Space | 79,51% Space Free | Partition Type: NTFS Drive D: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 223,56 Gb Total Space | 223,47 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Computer Name: DANTE_HASTA_PC | User Name: mathiaswolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\mathiaswolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation) PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\LiveUpd.exe () PRC - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe () PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () PRC - C:\Programme\360\360 Internet Security\safemon\360Tray.exe (Qihu 360 Software Co., Ltd.) PRC - C:\Programme\360\360 Internet Security\deepscan\QHActiveDefense.exe (Qihu 360 Software Co., Ltd.) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f6db4a5f721a164ce945d0a28f2ca7bd\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mobile Partner\QtGui4.dll () MOD - C:\Program Files (x86)\Mobile Partner\QtCore4.dll () MOD - C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll () MOD - C:\Program Files (x86)\Mobile Partner\NDISAPI.dll () MOD - C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\PluginContainer.dll () MOD - C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe () MOD - C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\core.dll () MOD - C:\Program Files (x86)\Mobile Partner\QtXml4.dll () MOD - C:\Program Files (x86)\Mobile Partner\USSDUIPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\Proxy.DLL () MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll () MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\sdk.dll () MOD - C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL () MOD - C:\Program Files (x86)\Mobile Partner\AtCodec.dll () MOD - C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\Common.dll () MOD - C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\XCodec.dll () MOD - C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\Trace.dll () MOD - C:\Program Files (x86)\Mobile Partner\OSDialup.dll () MOD - C:\Program Files (x86)\Mobile Partner\OSNDIS.dll () MOD - C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll () MOD - C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\Win7Support.dll () MOD - C:\Program Files (x86)\Mobile Partner\OSAdapt.dll () MOD - C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll () MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll () MOD - C:\Program Files (x86)\Mobile Partner\OSCall.dll () MOD - C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll () MOD - C:\Program Files (x86)\Mobile Partner\mingwm10.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FoxitCloudUpdateService) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation) SRV - (backupsvc5) -- C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe (Digital Dynamic) SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe () SRV - (ZhuDongFangYu) -- C:\Programme\360\360 Internet Security\deepscan\QHActiveDefense.exe (Qihu 360 Software Co., Ltd.) SRV - (360rp) -- C:\Programme\360\360 Internet Security\360rps.exe (Qihu 360 Software Co., Ltd.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (scan) -- C:\Programme\360\360 Internet Security\scan.dll (S.C. BitDefender S.R.L) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Driver Services (SafeList) ========== DRV:64bit: - (360fsflt) -- C:\Windows\SysNative\drivers\360FsFlt.sys (Qihu 360 Software Co., Ltd.) DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (360Box64) -- C:\Windows\SysNative\drivers\360Box64.sys (Qihu 360 Software Co., Ltd.) DRV:64bit: - (360Camera) -- C:\Windows\SysNative\drivers\360Camera64.sys (Qihu 360 Software Co., Ltd.) DRV:64bit: - (360AvFlt) -- C:\Windows\SysNative\drivers\360AvFlt.sys (Qihu 360 Software Co., Ltd.) DRV:64bit: - (360AntiHacker) -- C:\Windows\SysNative\drivers\360AntiHacker64.sys (Qihu 360 Software Co., Ltd.) DRV:64bit: - (BAPIDRV) -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS (Qihu 360 Software Co., Ltd.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 45 51 D6 D6 66 CF 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\mathiaswolfgang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) ========== Chrome ========== CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll CHR - plugin: Wajam (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft® DRM (Enabled) = F:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft® DRM (Enabled) = F:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Google Earth Plugin (Enabled) = F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Panda ActiveScan 2.0 (Enabled) = F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Ma-Config.com plugin (Enabled) = F:\Program Files\ma-config.com\nphardwaredetection.dll CHR - plugin: Silverlight Plug-In (Enabled) = f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.10.3_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiadippkbacigpadnembcfclhmmbifb\1.0.24_0\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Programme\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [360sd] C:\Program Files\360\360 Internet Security\360sdrun.exe (Qihu 360 Software Co., Ltd.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: NameServer = 193.189.244.206 193.189.244.225 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.07 21:46:00 | 000,000,113 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{4d6118ff-6d56-11e4-89d7-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{4d6118ff-6d56-11e4-89d7-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4d611902-6d56-11e4-89d7-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{4d611902-6d56-11e4-89d7-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4d611962-6d56-11e4-89d7-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{4d611962-6d56-11e4-89d7-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4d611965-6d56-11e4-89d7-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{4d611965-6d56-11e4-89d7-001966aa7536}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone) O33 - MountPoints2\{5d3367e2-d2c9-11e3-8b1b-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{5d3367e2-d2c9-11e3-8b1b-001966aa7536}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{6aa04554-e2f5-11e3-bf51-001e101fb681}\Shell - "" = AutoRun O33 - MountPoints2\{6aa04554-e2f5-11e3-bf51-001e101fb681}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{6b4f9a42-3c02-11e4-b851-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{6b4f9a42-3c02-11e4-b851-001966aa7536}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{6b4f9a82-3c02-11e4-b851-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{6b4f9a82-3c02-11e4-b851-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6b4f9a88-3c02-11e4-b851-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{6b4f9a88-3c02-11e4-b851-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b2aed7e2-072a-11e4-9f5e-001e101f36d9}\Shell - "" = AutoRun O33 - MountPoints2\{b2aed7e2-072a-11e4-9f5e-001e101f36d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ef4ae850-f0b7-11e3-8d17-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ef4ae850-f0b7-11e3-8d17-806e6f6e6963}\Shell\AutoRun\command - "" = D:\run.exe O33 - MountPoints2\{f119d995-83b4-11e4-b98e-001966aa7536}\Shell - "" = AutoRun O33 - MountPoints2\{f119d995-83b4-11e4-b98e-001966aa7536}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone) O33 - MountPoints2\{f8bb63f8-d2c5-11e3-b105-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f8bb63f8-d2c5-11e3-b105-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\cbs.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.12.22 13:52:18 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2014.12.22 00:11:42 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\voxelands-1412.00-win32 [2014.12.21 20:59:06 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Alice [2014.12.21 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Meine Pascal Programme [2014.12.21 11:26:42 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Local\lhelp [2014.12.21 08:18:22 | 000,000,000 | ---D | C] -- C:\OnlineUpdate [2014.12.21 08:18:22 | 000,000,000 | ---D | C] -- C:\log [2014.12.21 07:12:30 | 000,000,000 | ---D | C] -- C:\lazarus [2014.12.21 07:10:24 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Local\lazarus [2014.12.21 07:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus [2014.12.20 15:04:36 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\voxelands-1411.03-win32 [2014.12.20 01:06:19 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Local\Roblox [2014.12.18 11:09:07 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Savegame [2014.12.15 21:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014.12.14 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Neinmal Klug [2014.12.12 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Documents\Processing [2014.12.12 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Roaming\Processing [2014.12.12 17:17:25 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\processing-2.2.1 [2014.12.12 15:45:04 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Noocraft Server EN [2014.12.12 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Noocraft EN [2014.12.12 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Zauberkraft [2014.12.10 20:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs [2014.12.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Temp [2014.12.10 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Roaming\DJJava [2014.12.10 19:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2014.12.10 19:54:10 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Documents\DbgLogs [2014.12.07 01:29:43 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\gnomescroll21 [2014.12.06 19:44:29 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\minetest-0.4.10-win64 [2014.12.06 19:32:16 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Documents\Eternal Lands [2014.12.06 14:02:50 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Documents\Blockland [2014.12.05 19:22:55 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\My [2014.12.05 18:06:07 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Roaming\TerasologyLauncher [2014.12.05 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\TerasologyLauncher [2014.12.04 19:24:05 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\ManicDigger2014-08-05Binary [2014.12.04 17:44:58 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Local\CastleMinerZ [2014.12.01 11:15:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mathiaswolfgang\Desktop\OTL.exe [2014.12.01 11:11:03 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.12.01 11:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.12.01 11:10:33 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.12.01 11:10:22 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.12.01 11:10:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.12.01 11:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.12.01 11:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.11.27 01:00:02 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Roaming\java [2014.11.27 00:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2014.11.23 19:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2014.11.23 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\LiquidCubed-1.0.4c [2014.11.22 22:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2014.11.22 22:00:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.12.22 13:41:31 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.12.22 11:41:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.12.22 10:32:55 | 000,033,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.12.22 10:32:55 | 000,033,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.12.22 10:25:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.12.22 10:24:58 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys [2014.12.22 09:59:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.12.20 14:42:02 | 239,921,322 | ---- | M] () -- C:\Windows\MEMORY.DMP [2014.12.18 13:45:29 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.12.14 18:53:48 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.12.14 18:53:48 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.12.14 18:53:48 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.12.14 18:53:48 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.12.14 18:53:48 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.12.07 09:46:27 | 000,308,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.12.01 11:16:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mathiaswolfgang\Desktop\OTL.exe [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.12.22 13:55:34 | 003,826,628 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2014.12.20 14:42:02 | 239,921,322 | ---- | C] () -- C:\Windows\MEMORY.DMP [2014.12.01 11:10:38 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.09.24 07:23:15 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\NMOCOD.DLL [2014.09.24 07:23:15 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\INETWH32.DLL [2014.09.04 13:26:05 | 000,000,219 | ---- | C] () -- C:\Windows\spearhead.ini [2014.09.03 17:42:03 | 000,026,624 | ---- | C] () -- C:\Windows\SwordUn.EXE [2014.09.03 16:22:59 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2014.09.03 15:19:01 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll [2014.09.03 15:16:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\PATCHW32.DLL [2014.09.03 15:16:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\PATCHW.DLL [2014.08.30 15:43:07 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\fgkey.exe [2014.06.04 20:11:39 | 000,007,609 | ---- | C] () -- C:\Users\mathiaswolfgang\AppData\Local\Resmon.ResmonCfg [2014.05.04 10:06:42 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.12.19 14:28:18 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\.minecraft [2014.05.30 00:05:00 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\.mono [2014.12.22 00:11:34 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\360safe [2014.05.05 00:38:24 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\360SD [2014.07.22 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\3909 LLC [2014.10.04 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Das Fussball Studio [2014.12.10 19:57:08 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\DJJava [2014.07.13 08:50:24 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Foxit Software [2014.11.27 01:00:02 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\java [2014.11.11 10:29:34 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\mana [2014.05.12 23:18:23 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Online Games Downloader [2014.05.28 08:50:05 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\OpenOffice [2014.05.20 17:30:03 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software [2014.12.12 20:42:18 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Processing [2014.12.05 18:07:48 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\TerasologyLauncher [2014.05.30 00:04:47 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Unity [2014.09.15 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Vodafone [2014.12.22 13:44:43 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\XnView ========== Purity Check ========== < End of report > Mit freundlichen Grüßen, Dante Hasta Update: mehrere Versuche einen Screenshot anzufertigen scheiterten. Dafür poppt das Zahnrad einfach zu kurz auf. So kann ich auch nicht feststellen, welches Programm dahinter steckt. |
|
22.12.2014, 15:31
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
22.12.2014, 20:36
| #3 |
| | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Hallo @schrauber,
__________________vielen Dank für Deine Hilfe. Hier sind die benötigten Log Files. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by mathiaswolfgang (administrator) on DANTE_HASTA_PC on 22-12-2014 16:48:53
Running from C:\Users\mathiaswolfgang\Desktop
Loaded Profiles: mathiaswolfgang & UpdatusUser (Available profiles: mathiaswolfgang & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Digital Dynamic) C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2072576 2008-07-04] (Vodafone)
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: D - D:\cbs.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d6118ff-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611902-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611962-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611965-6d56-11e4-89d7-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {5d3367e2-d2c9-11e3-8b1b-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6aa04554-e2f5-11e3-bf51-001e101fb681} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a42-3c02-11e4-b851-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a82-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a88-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {b2aed7e2-072a-11e4-9f5e-001e101f36d9} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {ef4ae850-f0b7-11e3-8d17-806e6f6e6963} - D:\run.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f119d995-83b4-11e4-b98e-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f8bb63f8-d2c5-11e3-b105-806e6f6e6963} - D:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\..\Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3460778114-2026053698-264934852-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mathiaswolfgang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
Chrome:
=======
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google-Suche) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (NotScripts) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2014-06-08]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiadippkbacigpadnembcfclhmmbifb [2014-05-22]
CHR Extension: (Google Mail) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR Extension: (360 WebShield Plug-in) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - C:\Program Files\360\360 Internet Security\safemon\360webshield.crx [2014-05-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 backupsvc5; C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe [1473024 2014-06-10] (Digital Dynamic) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-05-03] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181080 2014-04-18] (Qihu 360 Software Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 16:48 - 2014-12-22 16:49 - 00016509 _____ () C:\Users\mathiaswolfgang\Desktop\FRST.txt
2014-12-22 16:48 - 2014-12-22 16:49 - 00000000 ____D () C:\FRST
2014-12-22 16:35 - 2014-12-22 16:47 - 02122240 _____ (Farbar) C:\Users\mathiaswolfgang\Desktop\FRST64.exe
2014-12-22 15:33 - 2014-12-22 15:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\NVIDIA
2014-12-22 15:33 - 2014-12-22 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-22 15:03 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 15:03 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 15:03 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 15:03 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-22 15:03 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-22 15:03 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-22 15:03 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 15:03 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-22 15:03 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 15:03 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-22 15:03 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-22 15:03 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-22 15:03 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-22 15:03 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-22 15:03 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-22 15:03 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-22 15:03 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-22 15:03 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-22 14:38 - 2014-12-22 14:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-22 14:38 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-22 14:23 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-22 14:23 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-22 14:23 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-12-22 14:23 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-22 14:23 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-22 14:23 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-22 14:23 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-22 14:07 - 2014-12-22 14:07 - 00079288 _____ () C:\Users\mathiaswolfgang\Desktop\OTL.Txt
2014-12-22 14:05 - 2014-12-22 14:05 - 00001310 _____ () C:\Users\mathiaswolfgang\Desktop\Hilfe.txt
2014-12-22 14:01 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-22 14:01 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-22 14:01 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-22 14:01 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-22 14:01 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-22 14:01 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-22 14:01 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-22 14:01 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-22 14:01 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-22 14:01 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-22 13:56 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-22 13:55 - 2014-07-02 11:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-22 13:37 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-22 13:37 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-22 13:33 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-12-22 13:33 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-12-22 13:33 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-22 13:33 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-12-22 13:33 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-12-22 13:33 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-12-22 13:33 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-12-22 13:33 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-12-22 12:03 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-22 12:03 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-22 12:03 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-22 12:03 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-22 12:03 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-22 12:03 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-22 12:03 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-22 12:03 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-22 12:03 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-22 12:03 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-22 12:03 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-22 12:03 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-22 12:03 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-22 12:03 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 12:03 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-22 12:03 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-22 12:03 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-22 12:03 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-22 12:03 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-22 12:03 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-22 12:03 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-22 12:03 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-22 12:03 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-22 12:03 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-22 12:03 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-22 12:03 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-22 12:03 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-22 12:03 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-22 12:03 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-22 12:03 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-22 12:03 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-22 12:03 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-22 12:03 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-22 12:03 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-22 12:03 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-22 12:03 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-22 12:03 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-22 12:03 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-22 12:03 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-22 12:03 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-22 12:03 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-22 12:03 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-22 12:03 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-22 12:03 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-22 12:03 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-22 12:03 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-22 12:03 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-22 12:03 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-22 12:03 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-22 12:03 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-22 12:03 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-22 12:03 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-22 12:03 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-22 12:03 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-22 12:03 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-22 12:03 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-22 11:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-22 11:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-22 10:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-22 10:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-22 10:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-22 10:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-22 10:59 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-22 10:59 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-22 10:57 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-22 10:57 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-22 10:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-22 10:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-22 10:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-22 10:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-22 10:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-22 10:56 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-12-22 10:56 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-12-22 10:55 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-22 10:55 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-22 10:55 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-22 10:55 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-22 10:55 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-22 10:55 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-22 10:54 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-22 10:54 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-22 10:54 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-22 10:54 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-22 10:54 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-22 10:54 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-22 10:54 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-22 10:54 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-22 10:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-22 10:54 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-22 10:54 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-22 10:53 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-22 10:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-22 10:52 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-22 10:52 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-22 10:52 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-22 10:52 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-22 10:52 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-22 10:52 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-22 10:52 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-22 10:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-22 10:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-22 10:52 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-22 10:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-22 10:52 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-22 10:52 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-22 10:52 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-22 10:52 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-22 10:52 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-22 10:52 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-22 10:51 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-22 10:51 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-22 10:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-22 10:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-22 10:47 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-22 10:47 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-22 10:47 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-22 10:47 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-22 10:46 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-22 10:46 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-22 10:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-22 10:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-22 10:46 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-22 10:41 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-22 10:41 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-12-22 00:11 - 2014-12-22 00:13 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\voxelands-1412.00-win32
2014-12-22 00:10 - 2014-12-22 00:11 - 10607192 _____ () C:\Users\mathiaswolfgang\Downloads\voxelands-1412.00-win32.zip
2014-12-21 20:59 - 2014-12-21 20:59 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Alice
2014-12-21 20:58 - 2014-12-21 20:58 - 00544860 _____ () C:\Users\mathiaswolfgang\Downloads\winalice.zip
2014-12-21 20:41 - 2014-12-21 20:41 - 00198694 _____ () C:\Users\mathiaswolfgang\Downloads\cbsetup.exe
2014-12-21 20:32 - 2014-12-21 20:32 - 02709185 _____ () C:\Users\mathiaswolfgang\Downloads\dany11122000.zip
2014-12-21 20:18 - 2014-12-21 20:18 - 00002984 _____ () C:\Windows\System32\Tasks\{70346F41-F98B-467C-9A93-40C4A8C9AC67}
2014-12-21 20:18 - 2014-12-21 20:18 - 00000064 _____ () C:\Windows\SysWOW64\jeliza.log
2014-12-21 20:14 - 2014-12-21 20:15 - 07101452 _____ (Tobias Schulz ) C:\Users\mathiaswolfgang\Downloads\jeliza-setup-2.2.2.exe
2014-12-21 12:16 - 2014-12-21 15:32 - 00000000 ____D () C:\Users\Public\Documents\Meine Pascal Programme
2014-12-21 11:26 - 2014-12-21 11:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\lhelp
2014-12-21 08:18 - 2014-12-21 08:18 - 00000000 ____D () C:\OnlineUpdate
2014-12-21 08:18 - 2014-12-21 08:18 - 00000000 ____D () C:\log
2014-12-21 07:12 - 2014-12-21 10:46 - 00000000 ____D () C:\lazarus
2014-12-21 07:10 - 2014-12-21 12:20 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\lazarus
2014-12-21 07:06 - 2014-12-21 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
2014-12-21 06:55 - 2014-12-21 06:59 - 113534648 _____ (Lazarus Team ) C:\Users\mathiaswolfgang\Downloads\lazarus-1.2.6-fpc-2.6.4-win64.exe
2014-12-20 18:09 - 2014-12-20 18:11 - 16359964 _____ () C:\Users\mathiaswolfgang\Downloads\Vox_v0.34_DEMO.rar
2014-12-20 15:04 - 2014-12-20 15:08 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\voxelands-1411.03-win32
2014-12-20 14:42 - 2014-12-20 14:42 - 239921322 _____ () C:\Windows\MEMORY.DMP
2014-12-20 14:42 - 2014-12-20 14:42 - 00290728 _____ () C:\Windows\Minidump\122014-21453-01.dmp
2014-12-20 01:06 - 2014-12-20 01:17 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Roblox
2014-12-20 01:02 - 2014-12-20 01:02 - 00639856 _____ (ROBLOX Corporation) C:\Users\mathiaswolfgang\Downloads\RobloxPlayerLauncher.exe
2014-12-19 12:29 - 2014-12-22 15:31 - 00000560 _____ () C:\Windows\setupact.log
2014-12-19 12:29 - 2014-12-19 12:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 11:09 - 2014-12-19 12:16 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Savegame
2014-12-17 15:23 - 2014-12-17 15:23 - 02350021 _____ () C:\Users\mathiaswolfgang\Downloads\mcpatcher-4.3.2_03.exe
2014-12-15 21:49 - 2014-12-15 21:48 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-15 21:45 - 2014-12-15 21:47 - 31036328 _____ (Oracle Corporation) C:\Users\mathiaswolfgang\Downloads\jre-7u72-windows-x64.exe
2014-12-15 20:28 - 2014-12-15 20:29 - 07327993 _____ () C:\Users\mathiaswolfgang\Downloads\Millenaire5.2.zip
2014-12-15 20:20 - 2014-12-15 20:20 - 02965069 _____ () C:\Users\mathiaswolfgang\Downloads\forge-1.7.2-10.12.2.1147-installer-win.exe
2014-12-15 20:12 - 2014-12-15 20:12 - 02136983 _____ () C:\Users\mathiaswolfgang\Downloads\MillenaireInstallerWindows1.3.zip
2014-12-15 13:41 - 2014-12-15 13:41 - 00152007 _____ () C:\Users\mathiaswolfgang\Downloads\3D-Formel+Objekte.rar
2014-12-15 13:30 - 2014-12-15 13:30 - 00014457 _____ () C:\Users\mathiaswolfgang\Downloads\3D-Routine.zip
2014-12-14 16:23 - 2014-12-22 12:26 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Neinmal Klug
2014-12-14 16:22 - 2014-12-14 16:22 - 00238715 _____ () C:\Users\mathiaswolfgang\Downloads\Neunmalklug.zip
2014-12-14 16:20 - 2014-12-14 16:20 - 00870079 _____ () C:\Users\mathiaswolfgang\Downloads\Neunmalklug-SETUP.zip
2014-12-14 16:04 - 2014-12-14 16:04 - 00003086 _____ () C:\Windows\System32\Tasks\{9F68762D-9895-4ED1-B0B3-9D003EBC0746}
2014-12-12 18:13 - 2014-12-12 18:14 - 05415903 _____ () C:\Users\mathiaswolfgang\Downloads\JehkobasFantasy_4.zip
2014-12-12 17:22 - 2014-12-12 20:42 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Processing
2014-12-12 17:22 - 2014-12-12 17:22 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Processing
2014-12-12 17:17 - 2014-12-20 20:38 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\processing-2.2.1
2014-12-12 17:07 - 2014-12-12 17:14 - 116409778 _____ () C:\Users\mathiaswolfgang\Downloads\processing-2.2.1-windows64.zip
2014-12-12 16:08 - 2014-12-12 16:08 - 01555478 _____ () C:\Users\mathiaswolfgang\Downloads\NoocraftSource.zip
2014-12-12 15:45 - 2014-12-12 15:45 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Noocraft Server EN
2014-12-12 15:44 - 2014-12-12 16:10 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Noocraft EN
2014-12-12 15:44 - 2014-12-12 15:44 - 02636463 _____ () C:\Users\mathiaswolfgang\Downloads\Noocraft_EN_0.2.6.zip
2014-12-12 15:44 - 2014-12-12 15:44 - 00455033 _____ () C:\Users\mathiaswolfgang\Downloads\Noocraft_Server_EN_0.2.6.zip
2014-12-12 14:32 - 2014-12-12 14:32 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Zauberkraft
2014-12-12 14:31 - 2014-12-12 14:31 - 01006702 _____ () C:\Users\mathiaswolfgang\Downloads\ZauberCraft.zip
2014-12-12 14:13 - 2014-12-12 14:13 - 01572449 _____ () C:\Users\mathiaswolfgang\Downloads\Portfolio ICT6 tijdsroosters.zip
2014-12-10 19:55 - 2014-12-22 13:57 - 00000000 ____D () C:\Temp
2014-12-10 19:54 - 2014-12-10 19:57 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\DJJava
2014-12-10 19:54 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-10 19:50 - 2014-12-10 19:51 - 07543096 _____ () C:\Users\mathiaswolfgang\Downloads\SetupDJ312RN.exe
2014-12-10 16:40 - 2014-12-10 16:40 - 00736405 _____ () C:\Users\mathiaswolfgang\Downloads\4394.tmp
2014-12-07 11:57 - 2014-12-07 11:58 - 10567318 _____ () C:\Users\mathiaswolfgang\Downloads\voxelands-1411.03-win32.zip
2014-12-07 01:29 - 2014-12-07 01:30 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\gnomescroll21
2014-12-06 19:44 - 2014-12-08 20:54 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\minetest-0.4.10-win64
2014-12-06 19:42 - 2014-12-06 19:44 - 19461558 _____ () C:\Users\mathiaswolfgang\Downloads\minetest-0.4.10-win64-mingw.zip
2014-12-06 19:32 - 2014-12-06 19:32 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Eternal Lands
2014-12-06 14:02 - 2014-12-06 14:02 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Blockland
2014-12-05 19:48 - 2014-12-05 19:48 - 00003218 _____ () C:\Windows\System32\Tasks\{CD26E032-ACA3-4BCE-94AC-1E58D25641C6}
2014-12-05 19:22 - 2014-12-22 13:28 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\My
2014-12-05 19:17 - 2014-12-05 19:20 - 34469764 _____ () C:\Users\mathiaswolfgang\Downloads\Mythruna-20120627-Windows.zip
2014-12-05 18:54 - 2014-12-05 18:56 - 15529819 _____ () C:\Users\mathiaswolfgang\Downloads\gnomescroll21.zip
2014-12-05 18:06 - 2014-12-05 18:07 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\TerasologyLauncher
2014-12-05 18:05 - 2014-12-05 18:06 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\TerasologyLauncher
2014-12-05 18:04 - 2014-12-05 18:05 - 02650488 _____ () C:\Users\mathiaswolfgang\Downloads\TerasologyLauncher.zip
2014-12-04 19:24 - 2014-12-04 19:45 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\ManicDigger2014-08-05Binary
2014-12-04 19:23 - 2014-12-04 19:23 - 03835252 _____ () C:\Users\mathiaswolfgang\Downloads\ManicDigger2014-08-05Binary.zip
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\CastleMinerZ
2014-12-04 17:15 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-04 17:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-12-04 11:01 - 2014-12-04 11:04 - 42776464 _____ () C:\Users\mathiaswolfgang\Downloads\Terasology.zip
2014-12-01 11:15 - 2014-12-01 11:16 - 00602112 _____ (OldTimer Tools) C:\Users\mathiaswolfgang\Desktop\OTL.exe
2014-12-01 11:11 - 2014-12-22 14:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 11:10 - 2014-12-18 13:45 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-01 11:10 - 2014-12-18 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-01 11:10 - 2014-12-18 13:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-01 11:10 - 2014-12-01 11:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 11:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-01 11:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-01 11:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 01:00 - 2014-11-27 01:00 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\java
2014-11-27 00:58 - 2014-12-15 21:48 - 00000000 ____D () C:\Program Files\Java
2014-11-23 19:04 - 2014-11-23 19:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-11-23 19:04 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-11-23 19:04 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-11-23 19:04 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-11-23 19:04 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-11-23 19:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-11-23 19:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-11-23 18:36 - 2014-11-23 19:07 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\LiquidCubed-1.0.4c
2014-11-22 22:00 - 2014-11-22 22:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-22 22:00 - 2014-11-22 22:00 - 00000000 ____D () C:\ProgramData\Package Cache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 16:47 - 2014-05-05 00:38 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\360safe
2014-12-22 16:41 - 2014-09-30 18:50 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\.minecraft
2014-12-22 16:41 - 2014-05-03 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 16:37 - 2014-05-05 16:53 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\XnView
2014-12-22 16:33 - 2014-05-03 14:26 - 01502273 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 16:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-22 15:37 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 15:37 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 15:33 - 2014-05-03 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 15:32 - 2014-05-29 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 15:32 - 2009-07-14 05:45 - 00296120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 15:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 15:31 - 2010-11-21 04:47 - 00558922 _____ () C:\Windows\PFRO.log
2014-12-22 15:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 15:28 - 2014-05-06 10:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-22 15:28 - 2011-04-12 08:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-22 14:15 - 2014-05-04 10:06 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-22 14:15 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-12-22 14:15 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-12-22 14:15 - 2009-07-14 06:13 - 01591896 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 13:57 - 2014-05-29 13:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-22 13:57 - 2014-05-29 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-22 13:57 - 2014-05-29 13:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-22 13:22 - 2014-10-03 13:33 - 00000000 __SHD () C:\360Rec
2014-12-22 11:52 - 2014-09-17 14:07 - 00000000 ____D () C:\Seven Kingdoms AA
2014-12-21 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-12-20 14:42 - 2014-05-12 20:23 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 14:38 - 2014-07-05 18:09 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Skype
2014-12-18 20:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-18 15:33 - 2014-11-01 12:32 - 00000000 ____D () C:\Program Files (x86)\INNRevival
2014-12-18 13:49 - 2014-06-30 08:28 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-17 15:51 - 2014-06-03 12:16 - 00003864 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1400603381
2014-12-17 15:51 - 2014-05-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-14 18:18 - 2014-07-05 18:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-14 18:18 - 2014-07-05 18:08 - 00000000 ____D () C:\ProgramData\Skype
2014-12-13 19:39 - 2014-05-05 13:06 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Paint.NET
2014-12-12 14:15 - 2014-05-05 00:38 - 00000000 ____D () C:\ProgramData\360SD
2014-12-09 15:55 - 2014-10-27 18:00 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Minecraft Karten Betrachter
2014-12-08 15:55 - 2014-08-30 16:26 - 00000000 ____D () C:\Program Files (x86)\Sting
2014-12-06 14:03 - 2014-09-23 21:56 - 00000000 ____D () C:\ae
2014-12-06 14:03 - 2014-09-15 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO1602
2014-12-05 19:25 - 2014-05-03 14:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\VirtualStore
2014-12-05 18:07 - 2014-07-07 08:07 - 00000000 ____D () C:\SPIELE
2014-12-05 13:57 - 2014-11-04 11:58 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\BB 3D
2014-12-04 20:55 - 2014-05-12 19:49 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Facebook
2014-12-04 19:12 - 2014-05-03 14:54 - 00064808 _____ () C:\Users\mathiaswolfgang\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 18:48 - 2014-09-18 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2014-12-04 18:48 - 2014-09-18 07:50 - 00000000 ____D () C:\Westwood
2014-12-04 18:48 - 2014-09-11 00:13 - 00000000 ____D () C:\Program Files (x86)\Cultures
2014-12-04 18:47 - 2014-09-15 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Reign
2014-12-04 18:46 - 2014-08-11 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-04 18:44 - 2014-09-03 07:48 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-04 18:43 - 2014-05-03 14:54 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Deployment
2014-11-27 00:58 - 2014-09-30 18:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 06:43 - 2014-06-07 09:56 - 00000422 _____ () C:\Users\mathiaswolfgang\Documents\ortizboy.txt
Some content of TEMP:
====================
C:\Users\mathiaswolfgang\AppData\Local\Temp\project1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 00:54
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by mathiaswolfgang at 2014-12-22 16:50:52
Running from C:\Users\mathiaswolfgang\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4900 - Qihu 360 Software Co., Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Advanced Backup Manager 4.1.14159.376 (HKLM\...\Advanced Backup Manager) (Version: 4.1.14159.376 - Digital Dynamic)
Blitz3D 1.108 (HKLM-x32\...\Blitz3D_is1) (Version: - Blitz Research Ltd)
Byteria Saga: Heroine Iysayana (HKLM-x32\...\Byteria Saga: Heroine Iysayana) (Version: - )
CrystalDiskInfo 6.1.14 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.14 - Crystal Dew World)
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Lazarus 1.2.6 (HKLM\...\lazarus_is1) (Version: 1.2.6 - Lazarus Team)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Seven Kingdoms AA (HKLM-x32\...\7kaa) (Version: - )
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sting (HKLM-x32\...\Sting) (Version: - )
Sword (HKLM-x32\...\Sword) (Version: - )
Tower of the Ancients (HKLM-x32\...\{450A87FC-AEEB-4D21-900B-821E0846A24C}) (Version: - )
Unity Web Player (HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.1.211.000 - Check Point)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {103CA69D-71EA-4879-8C1B-B33A9435BA2E} - System32\Tasks\{4D0958FC-8AF8-4B4D-8952-A526B9634B1F} => D:\SEAFGT.EXE
Task: {14759DF3-7312-4CBF-AC68-E618F5150B6C} - System32\Tasks\{5F49EADF-C2C2-47EF-87E5-9B6E10C34CAC} => D:\Dream_dt\SETUP.EXE
Task: {1FC4984D-3C8A-4985-A542-F36D1A07D116} - System32\Tasks\{006D70BB-ECED-4F93-AB60-01163E21710D} => D:\Sword\SwordTe.exe
Task: {224A13A1-F8EE-4881-9B6B-2CFB2FD4259B} - System32\Tasks\{9CDB3321-E3BA-4283-BD73-8FFD21BE17AF} => C:\I-Magic\Vangers\road.exe
Task: {277AF161-C08E-45F4-8795-37A0A787DA55} - System32\Tasks\{E0D2FC71-2C21-46FF-9BDB-D5CA7EEC0296} => C:\I-Magic\Vangers\road.exe
Task: {33E9FA45-81A0-4A64-A5CC-8F9C068790F6} - System32\Tasks\{3FC4F284-82F6-4A11-B433-948210E9E3F2} => D:\MEDIA1.EXE
Task: {34EE2922-C999-462A-9563-9D050D445B1A} - System32\Tasks\{26B8FE32-186D-4842-A901-F4081FE7B812} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {39AD6171-BFA6-452F-AC19-CEC9BBB6199B} - System32\Tasks\{F39CADE0-2891-457C-A8D1-B04F90F978A0} => C:\Users\mathiaswolfgang\Desktop\Neuer Ordner (2)\install.exe
Task: {4336ABF0-3907-4B52-A69B-CF48377E974F} - System32\Tasks\{C4C0A2E8-0E08-4761-B2F1-29DC4A910901} => C:\Users\mathiaswolfgang\Desktop\Neuer Ordner (2)\SoMX.exe
Task: {4AB4B796-41D8-493A-AB71-378D409CAFA7} - System32\Tasks\{F6C9D31A-CB1B-4EA6-86BD-310E6AB1DB6F} => pcalua.exe -a D:\Install\Install.exe -d D:\Install
Task: {4E7DC9EC-9EDD-4F58-A7FF-9A40FFEF87BF} - System32\Tasks\Opera scheduled Autoupdate 1400603381 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {56E6FEAD-41BA-4361-8CA8-CD5392AA0E41} - \{B74DDCF5-CAC6-4139-9FF5-06659E17E212} No Task File <==== ATTENTION
Task: {5F27719C-61FF-44BE-835E-1A3EE1A36DF0} - System32\Tasks\{70346F41-F98B-467C-9A93-40C4A8C9AC67} => C:\Program Files (x86)\JEliza\JElizaGtk.exe
Task: {60159C16-C7E5-4757-AEC3-EE882B1A363B} - System32\Tasks\{6394D897-7E0D-420D-883E-D9B134FA6619} => D:\Sword\Sword.exe
Task: {6039C3EF-BDA2-4AAF-9F7A-324060F43AC8} - System32\Tasks\{6A3B89AA-285D-46DB-BEB2-096D88AFEDB1} => C:\Users\mathiaswolfgang\Desktop\traumfra.exe
Task: {6312C131-5BC9-4899-BE0A-77AA826F27DF} - System32\Tasks\{3EE3C452-E5E3-483D-B559-372AE53DC331} => C:\Users\mathiaswolfgang\Downloads\KOTCDemoVersion115.exe
Task: {63B9FC30-572A-465A-B556-0CA2CEF4CCE5} - System32\Tasks\{585F4A47-9843-4995-9415-B6BC24375FA3} => D:\SETUP.EXE
Task: {68E328C7-0CCB-4122-B645-F84FF4122B61} - System32\Tasks\{D5C943D5-8E47-49C7-9864-5825532A965F} => D:\exe\Stx.exe
Task: {6FFA9207-9300-4966-A3E0-3686CA2A9429} - System32\Tasks\{C04DCB75-EEA5-4E3D-8897-E68E0A5C7205} => D:\start31.exe
Task: {85141D60-C255-4537-991D-2D9F888653EF} - System32\Tasks\{173269E1-DB92-4BC7-A7F5-3E195645AC79} => D:\3DXWD\3DXWD.EXE
Task: {8A534365-EC81-46A4-BB3D-B47BD0E87F1B} - System32\Tasks\{9F52D3D2-EC42-4F1C-AF45-23F6F743CB52} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {9A84E65E-215C-4F69-816D-9119E1F13732} - System32\Tasks\{9DF6BE12-B8DC-42CB-9DEA-39E621FA85DD} => C:\Users\mathiaswolfgang\Eigene Spiele\TTD Win\Transport Tycoon Deluxe.exe
Task: {9D7B9672-2863-40C0-9A4E-9449177B6265} - System32\Tasks\fsupdate => C:\PROGRA~2\Flowsurf\fsupd.exe <==== ATTENTION
Task: {A2389745-078B-4AAA-8842-9E0976199393} - System32\Tasks\{CD26E032-ACA3-4BCE-94AC-1E58D25641C6} => pcalua.exe -a C:\Users\mathiaswolfgang\Desktop\My\Mythruna-20120627.exe -d C:\Users\mathiaswolfgang\Desktop\My
Task: {AA53B750-E789-425D-85EB-469C6C0D1964} - System32\Tasks\{1D5E208F-1715-4B64-BD80-FDB73055025F} => D:\Autorun.exe
Task: {AED6060A-020B-4744-878C-0F35F761B657} - System32\Tasks\{06879CE2-18CC-44CD-9514-05BB7788BF13} => C:\SPIELE\abandoned-places-a-time-for-heroes\START.EXE
Task: {B0F2FEFB-EE88-4056-81CC-89A5B8E54388} - System32\Tasks\{40AB0AC0-D60D-405F-A423-51F08F6CC298} => C:\Users\mathiaswolfgang\Eigene Spiele\Neuer Ordner\LORD.EXE
Task: {BB09B646-6673-40E5-88B9-7D99E1D3BD66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {BD068070-8542-4A0D-81B4-FA4D386FC677} - System32\Tasks\{616F63CC-AB51-49F0-956C-BF81443F17BB} => C:\I-Magic\Vangers\road.exe
Task: {C4F577FA-57C4-4CBD-8456-1BEF8AFFDA1F} - System32\Tasks\{9F68762D-9895-4ED1-B0B3-9D003EBC0746} => C:\Program Files (x86)\Pennsylvania State University CSE420W Project Group\AIBuddy\AIBuddy.exe
Task: {C9FFCEB4-FFC1-47A4-87E6-FB0410791F25} - System32\Tasks\{3B295F15-D02F-463C-8F98-E34FD7AB049E} => D:\Sword\SwordTe.exe
Task: {D48A42A4-68CC-4A0F-8758-2A5E7EE524C3} - System32\Tasks\{EF76FD33-39D9-44D1-87DB-4B480049FA1B} => C:\Program Files (x86)\ForgottenWorld\fw.exe
Task: {D889E863-625A-442E-A94A-6B09FB5127B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {DB6B0351-2489-4014-A3D9-C7BF1380BBF6} - System32\Tasks\{441E379D-BE8D-43C9-8F73-E0E8CDA6F803} => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {F03A26BD-080E-464D-80C2-135690D7FE84} - System32\Tasks\{A81AE87E-602B-4B31-8637-3F6F9BB1868B} => C:\Users\mathiaswolfgang\Eigene Spiele\TTD Win\Transport Tycoon Deluxe.exe
Task: {F09F4A6A-4B58-4DB7-AE8B-552E2D94AEE7} - System32\Tasks\{F2A810EA-B5FB-4E21-B49B-324741F9167A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-05-03 14:50 - 2014-05-03 14:49 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-05-29 13:04 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00514048 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2014-12-17 15:51 - 2014-12-17 15:51 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00054696 _____ () C:\Program Files\Java\jre7\bin\prism-d3d.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 00198568 _____ () C:\Program Files\Java\jre7\bin\glass.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 00640424 _____ () C:\Program Files\Java\jre7\bin\libxml2.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 00209832 _____ () C:\Program Files\Java\jre7\bin\libxslt.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 14867368 _____ () C:\Program Files\Java\jre7\bin\jfxwebkit.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 00320424 _____ () C:\Program Files\Java\jre7\bin\javafx-font.dll
2014-05-03 14:50 - 2014-05-03 14:49 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-05-03 14:50 - 2014-05-03 14:49 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-05-03 14:50 - 2014-05-03 14:49 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-05-03 14:50 - 2014-05-03 14:49 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-05-03 14:50 - 2014-05-03 14:49 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-05-03 14:50 - 2014-05-03 14:49 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00427008 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00264192 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 02415104 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 09515520 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00382464 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.DLL
2014-05-03 14:49 - 2014-05-03 14:49 - 00218112 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00135168 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00545280 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00238080 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00301056 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00237568 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00159744 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00176128 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00264704 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00217600 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00156672 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00338432 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00114688 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 01078272 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00670720 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00550400 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00547840 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00211968 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00101376 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00180224 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00131072 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 01101824 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00278528 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00538624 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00398336 _____ () C:\Program Files (x86)\Mobile Partner\QtXml4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00184832 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00123392 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00307200 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00117760 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00441856 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00093184 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00333824 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00295424 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00391168 _____ () C:\Program Files (x86)\Mobile Partner\USSDUIPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00484352 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00823808 _____ () C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00771072 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00209408 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00263168 _____ () C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL
2014-05-03 14:49 - 2014-05-03 14:49 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00082944 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00081920 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00192000 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00350720 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2014-05-03 14:49 - 2014-05-03 14:49 - 00370176 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-12-17 15:51 - 2014-12-17 15:51 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libglesv2.dll
2014-12-17 15:51 - 2014-12-17 15:51 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libegl.dll
2014-12-17 15:51 - 2014-12-17 15:51 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
2014-12-17 15:51 - 2014-12-17 15:51 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3460778114-2026053698-264934852-500 - Administrator - Disabled)
Gast (S-1-5-21-3460778114-2026053698-264934852-501 - Limited - Disabled)
mathiaswolfgang (S-1-5-21-3460778114-2026053698-264934852-1000 - Administrator - Enabled) => C:\Users\mathiaswolfgang
UpdatusUser (S-1-5-21-3460778114-2026053698-264934852-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/22/2014 04:27:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (12/22/2014 03:32:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2014 03:32:00 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
Error: (12/22/2014 03:29:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.Entity, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020
Error: (12/22/2014 03:28:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile SMSvcHost, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil because of the following error: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. (Exception from HRESULT: 0x80070020).
Error: (12/22/2014 03:28:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile SMDiagnostics, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil because of the following error: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. (Exception from HRESULT: 0x80070020).
Error: (12/22/2014 01:36:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (12/22/2014 01:33:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (12/22/2014 01:32:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (12/22/2014 01:03:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WinAlice.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 558
Startzeit: 01d01dd9e3567282
Endzeit: 16
Anwendungspfad: C:\Users\mathiaswolfgang\Desktop\Alice\WinAlice.exe
Berichts-ID:
System errors:
=============
Error: (12/22/2014 03:35:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2952664)
Error: (12/22/2014 03:31:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/22/2014 03:31:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (12/22/2014 03:31:15 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (12/22/2014 03:29:55 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (12/22/2014 10:50:09 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
Error: (12/22/2014 10:34:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
Error: (12/22/2014 10:25:22 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
Error: (12/22/2014 10:25:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/22/2014 10:25:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Microsoft Office Sessions:
=========================
Error: (12/22/2014 04:27:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422
Error: (12/22/2014 03:32:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2014 03:32:00 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
Error: (12/22/2014 03:29:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.Entity, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020
System.Data.Entity, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil
Error: (12/22/2014 03:28:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile SMSvcHost, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil because of the following error: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. (Exception from HRESULT: 0x80070020).
SMSvcHost, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil
Error: (12/22/2014 03:28:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile SMDiagnostics, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil because of the following error: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. (Exception from HRESULT: 0x80070020).
SMDiagnostics, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil
Error: (12/22/2014 01:36:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (12/22/2014 01:33:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (12/22/2014 01:32:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (12/22/2014 01:03:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WinAlice.exe0.0.0.055801d01dd9e356728216C:\Users\mathiaswolfgang\Desktop\Alice\WinAlice.exe
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of memory in use: 66%
Total physical RAM: 2047.3 MB
Available physical RAM: 688.99 MB
Total Pagefile: 4094.61 MB
Available Pagefile: 1978.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Win7 Prof) (Fixed) (Total:149.05 GB) (Free:118.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Vodafone MCInsta) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive h: (Volume) (Fixed) (Total:223.56 GB) (Free:223.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: BA1BD3DB)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Vielleicht ist es wichtig, vielleicht hat es mit dem Problem nichts zu tun. Ich weiß es nicht. Ich habe aber festgestellt, dass scheinbar mit dem Zahnrad Symbol im Task Manager das Programm UIODetect.exe auftaucht und dann verschwindet. Update 2: Es deutete also irgendwie auf ein fehlerhaftes Programm hin und dieser Verdacht scheint sich zu erhärten. Ein Blick in die Ereignisanzeige brachte mir zumindest eine neue Erkenntnis.   Update 3: Das Problem scheint also die RunLiveUpdate.exe zu sein, aus meinem Mobile Partner Ordner. Nach dem ich diese probeweise in einen anderen Ordner verschoben habe, tauchte das Zahnrad nicht wieder auf. Als ich die Datei aber erneut in das Verzeichnis kopierte, tauchte das Zahnrad wieder auf, sowie weitere Meldungen in der Ereignisanzeige. Update 4: Meine Vermutung dazu. Ich verwende nicht mehr den Original Stick, der mit Mobile Partner ausgeliefert wird, sondern einen Ersatzstick. Dieser ist nach über 2 Jahren SimLock frei und funktioniert mit der SIM Karte problemlos. Allerdings könnte es Kompatibilitätsprobleme mit der Update Software auf dem Rechner geben, obwohl beides Huwai Sticks sind. Update 5: Es könnte aber auch Schadsoftware vorliegen, insofern verlasse ich mich da lieber auf ein Urteil von Dir schrauber, denn Du bist von uns beiden der Experte. Ich bin eher jemand, den man eigentlich nicht unbeaufsichtigt an einen PC lassen sollte. *seufz* |
|
23.12.2014, 17:56
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Du hast schon recht, ich würde Mobile Partner komplett deinstallieren und neu installieren. Trotzdem ist da noch bissl Arbeit. Was ist Laufwerk D und E?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.12.2014, 21:15
| #5 |
| | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Hallo schrauber, Eine saubere Neuinstallation scheint mir auch die beste Option zu sein, wobei ich die Treiber leider nicht mehr auf einem USB Stick vorliegen habe. Denn dieser USB Stick ist durch einen Fall soweit beschädigt worden, dass er nicht mehr erkannt wird. Daher auch der Ersatz Stick, wo nicht Tchibo Software drauf ist, sondern Mobillfon Software, was mir aber wohl nicht weiter hilft. Kann ich mir aus dem Internet beziehen, oder vielleicht auch eine andere Software dafür. D: ist der USB Huwai Mobile Internet Stick von Vodafon E: hängt gerade nicht dran, solle aber die USB Einheit sein für das Kartenlesegerät. Wo ich meine Fotos aus der Kamera auslesen kann und auf den PC überspielen kann. Ein anderes Problem habe ich vermutlich schon entdeckt und vielleicht auch behoben. Der IDE Controller 2 soll defekt sein, was jetzt in den letzten Tagen den PC komplett lahm gelegt hat. Die SATA Festplatte ist zwar schon recht alt (5 Jahre) 14.000 Arbeitsstunden, wird aber vom Zustand her als gut bezeichnet, laut dem Bericht von Crystal Disk Info. Auch ein Test mittels dem Windows Boardwerkzeug scheint das zu bestätigen. Ich vermute die Achilles Verse dürfte das Mainboard sein. Habe jetzt das Kabel umgesteckt und die Fehler sind seitdem nicht mehr aufgetaucht. Des weiteren hat Windows beim letzten Update wieder nicht alles mit rüber bekommen. Der Grund dafür ist, dass mein Internetflat während des Downloads gedrosselt wurde. Anscheinend reicht bessere Modegeschwindigkeit (oder ISDN Speed) in heutigen Zeiten einfach nicht mehr aus. Diese Problem werde ich erst im Januar beheben können. Gruß DanteHasta |
|
24.12.2014, 18:14
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Dann entfernen wir mal was noch da is: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 64 Zahnrad taucht öfter in Taskleiste auf |
|
24.12.2014, 23:10
| #7 |
| | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Hallo schrauber, das ging ja richtig Fix in dem Fall. Hatte die ADWCleaner.exe nur vom Download Verzeichnis auf den Desktop verschoben und dann wurde sie bereitsvon 360 Internet Secrurity aus dem Verkehr gezogen. Schätze was jetzt davon in Quarantäne davon übrig ist, brauche ich nicht wieder versuchen heraus zu holen. Denn die Sachen sind meist dann unbrauchbar. Also das ganze noch mal ohne Virenschutz probieren. Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 24/12/2014 um 22:40:34
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : mathiaswolfgang - DANTE_HASTA_PC
# Gestartet von : C:\Users\mathiaswolfgang\Desktop\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Datei Gelöscht : C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Datei Gelöscht : C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : fsupdate
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
Verknüpfung Desinfiziert : C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
[C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : www.mystartsearch.com/web/?type=ds&ts=1412287794&from=amt&uid=HitachiXHDT725040VLA360_VFK301R3DTT7VKDTT7VKX&q={searchTerms}
[C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : www.mystartsearch.com/web/?type=ds&ts=1412287794&from=amt&uid=HitachiXHDT725040VLA360_VFK301R3DTT7VKDTT7VKX&q={searchTerms}
-\\ Opera v26.0.1656.60
[C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : www.mystartsearch.com/web/?type=ds&ts=1412287794&from=amt&uid=HitachiXHDT725040VLA360_VFK301R3DTT7VKDTT7VKX&q={searchTerms}
[C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : www.mystartsearch.com/web/?type=ds&ts=1412287794&from=amt&uid=HitachiXHDT725040VLA360_VFK301R3DTT7VKDTT7VKX&q={searchTerms}
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\preferences] - Gelöscht [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
*************************
AdwCleaner[R0].txt - [3933 octets] - [24/12/2014 22:32:07]
AdwCleaner[S0].txt - [4766 octets] - [24/12/2014 22:40:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4826 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by mathiaswolfgang on 24.12.2014 at 22:56:38,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.12.2014 at 23:02:59,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by mathiaswolfgang (administrator) on DANTE_HASTA_PC on 24-12-2014 23:06:32
Running from C:\Users\mathiaswolfgang\Desktop
Loaded Profiles: mathiaswolfgang & UpdatusUser (Available profiles: mathiaswolfgang & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Digital Dynamic) C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2072576 2008-07-04] (Vodafone)
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: D - D:\cbs.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d6118ff-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611902-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611962-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611965-6d56-11e4-89d7-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {5d3367e2-d2c9-11e3-8b1b-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6aa04554-e2f5-11e3-bf51-001e101fb681} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a42-3c02-11e4-b851-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a82-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a88-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {b2aed7e2-072a-11e4-9f5e-001e101f36d9} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {ef4ae850-f0b7-11e3-8d17-806e6f6e6963} - D:\run.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f119d995-83b4-11e4-b98e-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f8bb63f8-d2c5-11e3-b105-806e6f6e6963} - D:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3460778114-2026053698-264934852-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\..\Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3460778114-2026053698-264934852-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mathiaswolfgang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
Chrome:
=======
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google-Suche) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (NotScripts) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2014-06-08]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiadippkbacigpadnembcfclhmmbifb [2014-05-22]
CHR Extension: (Google Mail) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR Extension: (360 WebShield Plug-in) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - C:\Program Files\360\360 Internet Security\safemon\360webshield.crx [2014-05-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 backupsvc5; C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe [1473024 2014-06-10] (Digital Dynamic) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-05-03] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181080 2014-04-18] (Qihu 360 Software Co., Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-24 23:02 - 2014-12-24 23:02 - 00000635 _____ () C:\Users\mathiaswolfgang\Desktop\JRT.txt
2014-12-24 22:56 - 2014-12-24 22:56 - 00000000 ____D () C:\Windows\ERUNT
2014-12-24 22:48 - 2014-12-24 22:55 - 01707646 _____ (Thisisu) C:\Users\mathiaswolfgang\Desktop\JRT.exe
2014-12-24 22:31 - 2014-12-24 22:40 - 00000000 ____D () C:\AdwCleaner
2014-12-24 22:07 - 2014-12-24 22:19 - 02173952 _____ () C:\Users\mathiaswolfgang\Desktop\AdwCleaner_4.106.exe
2014-12-23 13:56 - 2014-12-23 14:49 - 10108928 _____ () C:\Users\mathiaswolfgang\Documents\Default.mddbs
2014-12-22 16:50 - 2014-12-22 16:51 - 00031394 _____ () C:\Users\mathiaswolfgang\Desktop\Addition.txt
2014-12-22 16:48 - 2014-12-24 23:06 - 00016200 _____ () C:\Users\mathiaswolfgang\Desktop\FRST.txt
2014-12-22 16:48 - 2014-12-24 23:06 - 00000000 ____D () C:\FRST
2014-12-22 16:35 - 2014-12-22 16:47 - 02122240 _____ (Farbar) C:\Users\mathiaswolfgang\Desktop\FRST64.exe
2014-12-22 15:33 - 2014-12-22 15:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\NVIDIA
2014-12-22 15:33 - 2014-12-22 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-22 15:03 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 15:03 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 15:03 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 15:03 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-22 15:03 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-22 15:03 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-22 15:03 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 15:03 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-22 15:03 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 15:03 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-22 15:03 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-22 15:03 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-22 15:03 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-22 15:03 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-22 15:03 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-22 15:03 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-22 15:03 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-22 15:03 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-22 14:38 - 2014-12-22 14:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-22 14:38 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-22 14:23 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-22 14:23 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-22 14:23 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-12-22 14:23 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-22 14:23 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-22 14:23 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-22 14:23 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-22 14:07 - 2014-12-22 14:07 - 00079288 _____ () C:\Users\mathiaswolfgang\Desktop\OTL.Txt
2014-12-22 14:05 - 2014-12-22 14:05 - 00001310 _____ () C:\Users\mathiaswolfgang\Desktop\Hilfe.txt
2014-12-22 14:01 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-22 14:01 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-22 14:01 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-22 14:01 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-22 14:01 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-22 14:01 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-22 14:01 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-22 14:01 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-22 14:01 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-22 14:01 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-22 13:56 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-22 13:55 - 2014-07-02 11:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-22 13:37 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-22 13:37 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-22 13:33 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-12-22 13:33 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-12-22 13:33 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-22 13:33 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-12-22 13:33 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-12-22 13:33 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-12-22 13:33 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-12-22 13:33 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-12-22 12:03 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-22 12:03 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-22 12:03 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-22 12:03 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-22 12:03 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-22 12:03 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-22 12:03 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-22 12:03 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-22 12:03 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-22 12:03 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-22 12:03 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-22 12:03 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-22 12:03 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-22 12:03 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 12:03 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-22 12:03 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-22 12:03 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-22 12:03 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-22 12:03 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-22 12:03 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-22 12:03 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-22 12:03 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-22 12:03 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-22 12:03 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-22 12:03 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-22 12:03 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-22 12:03 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-22 12:03 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-22 12:03 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-22 12:03 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-22 12:03 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-22 12:03 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-22 12:03 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-22 12:03 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-22 12:03 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-22 12:03 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-22 12:03 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-22 12:03 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-22 12:03 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-22 12:03 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-22 12:03 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-22 12:03 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-22 12:03 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-22 12:03 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-22 12:03 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-22 12:03 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-22 12:03 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-22 12:03 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-22 12:03 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-22 12:03 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-22 12:03 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-22 12:03 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-22 12:03 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-22 12:03 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-22 12:03 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-22 12:03 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-22 11:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-22 11:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-22 10:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-22 10:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-22 10:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-22 10:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-22 10:59 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-22 10:59 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-22 10:57 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-22 10:57 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-22 10:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-22 10:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-22 10:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-22 10:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-22 10:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-22 10:56 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-12-22 10:56 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-12-22 10:55 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-22 10:55 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-22 10:55 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-22 10:55 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-22 10:55 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-22 10:55 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-22 10:54 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-22 10:54 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-22 10:54 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-22 10:54 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-22 10:54 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-22 10:54 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-22 10:54 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-22 10:54 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-22 10:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-22 10:54 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-22 10:54 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-22 10:53 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-22 10:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-22 10:52 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-22 10:52 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-22 10:52 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-22 10:52 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-22 10:52 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-22 10:52 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-22 10:52 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-22 10:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-22 10:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-22 10:52 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-22 10:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-22 10:52 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-22 10:52 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-22 10:52 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-22 10:52 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-22 10:52 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-22 10:52 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-22 10:51 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-22 10:51 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-22 10:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-22 10:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-22 10:47 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-22 10:47 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-22 10:47 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-22 10:47 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-22 10:46 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-22 10:46 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-22 10:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-22 10:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-22 10:46 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-22 10:41 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-22 10:41 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-12-22 00:10 - 2014-12-22 00:11 - 10607192 _____ () C:\Users\mathiaswolfgang\Downloads\voxelands-1412.00-win32.zip
2014-12-21 20:59 - 2014-12-21 20:59 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Alice
2014-12-21 20:58 - 2014-12-21 20:58 - 00544860 _____ () C:\Users\mathiaswolfgang\Downloads\winalice.zip
2014-12-21 20:41 - 2014-12-21 20:41 - 00198694 _____ () C:\Users\mathiaswolfgang\Downloads\cbsetup.exe
2014-12-21 20:32 - 2014-12-21 20:32 - 02709185 _____ () C:\Users\mathiaswolfgang\Downloads\dany11122000.zip
2014-12-21 20:18 - 2014-12-21 20:18 - 00002984 _____ () C:\Windows\System32\Tasks\{70346F41-F98B-467C-9A93-40C4A8C9AC67}
2014-12-21 20:18 - 2014-12-21 20:18 - 00000064 _____ () C:\Windows\SysWOW64\jeliza.log
2014-12-21 20:14 - 2014-12-21 20:15 - 07101452 _____ (Tobias Schulz ) C:\Users\mathiaswolfgang\Downloads\jeliza-setup-2.2.2.exe
2014-12-21 12:16 - 2014-12-21 15:32 - 00000000 ____D () C:\Users\Public\Documents\Meine Pascal Programme
2014-12-21 11:26 - 2014-12-21 11:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\lhelp
2014-12-21 08:18 - 2014-12-21 08:18 - 00000000 ____D () C:\OnlineUpdate
2014-12-21 08:18 - 2014-12-21 08:18 - 00000000 ____D () C:\log
2014-12-21 07:12 - 2014-12-21 10:46 - 00000000 ____D () C:\lazarus
2014-12-21 07:10 - 2014-12-21 12:20 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\lazarus
2014-12-21 07:06 - 2014-12-21 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
2014-12-21 06:55 - 2014-12-21 06:59 - 113534648 _____ (Lazarus Team ) C:\Users\mathiaswolfgang\Downloads\lazarus-1.2.6-fpc-2.6.4-win64.exe
2014-12-20 18:09 - 2014-12-20 18:11 - 16359964 _____ () C:\Users\mathiaswolfgang\Downloads\Vox_v0.34_DEMO.rar
2014-12-20 14:42 - 2014-12-20 14:42 - 239921322 _____ () C:\Windows\MEMORY.DMP
2014-12-20 14:42 - 2014-12-20 14:42 - 00290728 _____ () C:\Windows\Minidump\122014-21453-01.dmp
2014-12-20 01:06 - 2014-12-20 01:17 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Roblox
2014-12-20 01:02 - 2014-12-20 01:02 - 00639856 _____ (ROBLOX Corporation) C:\Users\mathiaswolfgang\Downloads\RobloxPlayerLauncher.exe
2014-12-19 12:29 - 2014-12-24 22:42 - 00000896 _____ () C:\Windows\setupact.log
2014-12-19 12:29 - 2014-12-19 12:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 11:09 - 2014-12-19 12:16 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Savegame
2014-12-17 15:23 - 2014-12-17 15:23 - 02350021 _____ () C:\Users\mathiaswolfgang\Downloads\mcpatcher-4.3.2_03.exe
2014-12-15 21:49 - 2014-12-15 21:48 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-15 21:45 - 2014-12-15 21:47 - 31036328 _____ (Oracle Corporation) C:\Users\mathiaswolfgang\Downloads\jre-7u72-windows-x64.exe
2014-12-15 20:28 - 2014-12-15 20:29 - 07327993 _____ () C:\Users\mathiaswolfgang\Downloads\Millenaire5.2.zip
2014-12-15 20:20 - 2014-12-15 20:20 - 02965069 _____ () C:\Users\mathiaswolfgang\Downloads\forge-1.7.2-10.12.2.1147-installer-win.exe
2014-12-15 20:12 - 2014-12-15 20:12 - 02136983 _____ () C:\Users\mathiaswolfgang\Downloads\MillenaireInstallerWindows1.3.zip
2014-12-15 13:41 - 2014-12-15 13:41 - 00152007 _____ () C:\Users\mathiaswolfgang\Downloads\3D-Formel+Objekte.rar
2014-12-15 13:30 - 2014-12-15 13:30 - 00014457 _____ () C:\Users\mathiaswolfgang\Downloads\3D-Routine.zip
2014-12-14 16:23 - 2014-12-22 12:26 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Neinmal Klug
2014-12-14 16:22 - 2014-12-14 16:22 - 00238715 _____ () C:\Users\mathiaswolfgang\Downloads\Neunmalklug.zip
2014-12-14 16:20 - 2014-12-14 16:20 - 00870079 _____ () C:\Users\mathiaswolfgang\Downloads\Neunmalklug-SETUP.zip
2014-12-14 16:04 - 2014-12-14 16:04 - 00003086 _____ () C:\Windows\System32\Tasks\{9F68762D-9895-4ED1-B0B3-9D003EBC0746}
2014-12-12 18:13 - 2014-12-12 18:14 - 05415903 _____ () C:\Users\mathiaswolfgang\Downloads\JehkobasFantasy_4.zip
2014-12-12 17:22 - 2014-12-12 20:42 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Processing
2014-12-12 17:22 - 2014-12-12 17:22 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Processing
2014-12-12 17:17 - 2014-12-22 20:23 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\processing-2.2.1
2014-12-12 17:07 - 2014-12-12 17:14 - 116409778 _____ () C:\Users\mathiaswolfgang\Downloads\processing-2.2.1-windows64.zip
2014-12-12 16:08 - 2014-12-12 16:08 - 01555478 _____ () C:\Users\mathiaswolfgang\Downloads\NoocraftSource.zip
2014-12-12 15:44 - 2014-12-12 15:44 - 02636463 _____ () C:\Users\mathiaswolfgang\Downloads\Noocraft_EN_0.2.6.zip
2014-12-12 15:44 - 2014-12-12 15:44 - 00455033 _____ () C:\Users\mathiaswolfgang\Downloads\Noocraft_Server_EN_0.2.6.zip
2014-12-12 14:32 - 2014-12-12 14:32 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Zauberkraft
2014-12-12 14:31 - 2014-12-12 14:31 - 01006702 _____ () C:\Users\mathiaswolfgang\Downloads\ZauberCraft.zip
2014-12-12 14:13 - 2014-12-12 14:13 - 01572449 _____ () C:\Users\mathiaswolfgang\Downloads\Portfolio ICT6 tijdsroosters.zip
2014-12-10 19:55 - 2014-12-22 13:57 - 00000000 ____D () C:\Temp
2014-12-10 19:54 - 2014-12-10 19:57 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\DJJava
2014-12-10 19:54 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-10 19:50 - 2014-12-10 19:51 - 07543096 _____ () C:\Users\mathiaswolfgang\Downloads\SetupDJ312RN.exe
2014-12-10 16:40 - 2014-12-10 16:40 - 00736405 _____ () C:\Users\mathiaswolfgang\Downloads\4394.tmp
2014-12-07 11:57 - 2014-12-07 11:58 - 10567318 _____ () C:\Users\mathiaswolfgang\Downloads\voxelands-1411.03-win32.zip
2014-12-07 01:29 - 2014-12-07 01:30 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\gnomescroll21
2014-12-06 19:44 - 2014-12-24 14:40 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\minetest-0.4.10-win64
2014-12-06 19:42 - 2014-12-06 19:44 - 19461558 _____ () C:\Users\mathiaswolfgang\Downloads\minetest-0.4.10-win64-mingw.zip
2014-12-06 19:32 - 2014-12-06 19:32 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Eternal Lands
2014-12-06 14:02 - 2014-12-06 14:02 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Blockland
2014-12-05 19:48 - 2014-12-05 19:48 - 00003218 _____ () C:\Windows\System32\Tasks\{CD26E032-ACA3-4BCE-94AC-1E58D25641C6}
2014-12-05 19:17 - 2014-12-05 19:20 - 34469764 _____ () C:\Users\mathiaswolfgang\Downloads\Mythruna-20120627-Windows.zip
2014-12-05 18:54 - 2014-12-05 18:56 - 15529819 _____ () C:\Users\mathiaswolfgang\Downloads\gnomescroll21.zip
2014-12-05 18:06 - 2014-12-05 18:07 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\TerasologyLauncher
2014-12-05 18:05 - 2014-12-05 18:06 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\TerasologyLauncher
2014-12-05 18:04 - 2014-12-05 18:05 - 02650488 _____ () C:\Users\mathiaswolfgang\Downloads\TerasologyLauncher.zip
2014-12-04 19:24 - 2014-12-04 19:45 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\ManicDigger2014-08-05Binary
2014-12-04 19:23 - 2014-12-04 19:23 - 03835252 _____ () C:\Users\mathiaswolfgang\Downloads\ManicDigger2014-08-05Binary.zip
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\CastleMinerZ
2014-12-04 17:15 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-04 17:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-12-04 11:01 - 2014-12-04 11:04 - 42776464 _____ () C:\Users\mathiaswolfgang\Downloads\Terasology.zip
2014-12-01 11:15 - 2014-12-01 11:16 - 00602112 _____ (OldTimer Tools) C:\Users\mathiaswolfgang\Desktop\OTL.exe
2014-12-01 11:11 - 2014-12-23 21:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 11:10 - 2014-12-18 13:45 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-01 11:10 - 2014-12-18 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-01 11:10 - 2014-12-18 13:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-01 11:10 - 2014-12-01 11:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 11:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-01 11:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-01 11:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 01:00 - 2014-11-27 01:00 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\java
2014-11-27 00:58 - 2014-12-15 21:48 - 00000000 ____D () C:\Program Files\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-24 22:49 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 22:49 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 22:46 - 2014-05-03 14:26 - 01591712 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 22:42 - 2014-05-29 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-24 22:42 - 2014-05-03 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 22:42 - 2010-11-21 04:47 - 00573832 _____ () C:\Windows\PFRO.log
2014-12-24 22:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 22:41 - 2014-05-03 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 22:00 - 2014-05-05 00:38 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\360safe
2014-12-24 21:52 - 2014-05-05 16:53 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\XnView
2014-12-24 15:53 - 2014-11-04 11:58 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\BB 3D
2014-12-24 12:12 - 2014-05-05 13:06 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Paint.NET
2014-12-24 00:37 - 2014-10-03 13:33 - 00000000 __SHD () C:\360Rec
2014-12-23 13:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-23 10:52 - 2014-09-12 03:15 - 00000000 ____D () C:\Program Files (x86)\Skullbyte
2014-12-23 10:51 - 2014-08-11 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-23 09:06 - 2014-09-30 18:50 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\.minecraft
2014-12-23 07:41 - 2014-09-17 14:07 - 00000000 ____D () C:\Seven Kingdoms AA
2014-12-22 16:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-22 15:32 - 2009-07-14 05:45 - 00296120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 15:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 15:28 - 2014-05-06 10:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-22 15:28 - 2011-04-12 08:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-22 14:15 - 2014-05-04 10:06 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-22 14:15 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-12-22 14:15 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-12-22 14:15 - 2009-07-14 06:13 - 01591896 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 13:57 - 2014-05-29 13:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-22 13:57 - 2014-05-29 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-22 13:57 - 2014-05-29 13:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-21 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-12-20 14:42 - 2014-05-12 20:23 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 14:38 - 2014-07-05 18:09 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Skype
2014-12-18 15:33 - 2014-11-01 12:32 - 00000000 ____D () C:\Program Files (x86)\INNRevival
2014-12-18 13:49 - 2014-06-30 08:28 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-17 15:51 - 2014-06-03 12:16 - 00003864 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1400603381
2014-12-17 15:51 - 2014-05-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-14 18:18 - 2014-07-05 18:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-14 18:18 - 2014-07-05 18:08 - 00000000 ____D () C:\ProgramData\Skype
2014-12-12 14:15 - 2014-05-05 00:38 - 00000000 ____D () C:\ProgramData\360SD
2014-12-09 15:55 - 2014-10-27 18:00 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Minecraft Karten Betrachter
2014-12-08 15:55 - 2014-08-30 16:26 - 00000000 ____D () C:\Program Files (x86)\Sting
2014-12-06 14:03 - 2014-09-23 21:56 - 00000000 ____D () C:\ae
2014-12-06 14:03 - 2014-09-15 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO1602
2014-12-05 19:25 - 2014-05-03 14:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\VirtualStore
2014-12-05 18:07 - 2014-07-07 08:07 - 00000000 ____D () C:\SPIELE
2014-12-04 20:55 - 2014-05-12 19:49 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Facebook
2014-12-04 19:12 - 2014-05-03 14:54 - 00064808 _____ () C:\Users\mathiaswolfgang\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 18:48 - 2014-09-18 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2014-12-04 18:48 - 2014-09-18 07:50 - 00000000 ____D () C:\Westwood
2014-12-04 18:48 - 2014-09-11 00:13 - 00000000 ____D () C:\Program Files (x86)\Cultures
2014-12-04 18:44 - 2014-09-03 07:48 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-04 18:43 - 2014-05-03 14:54 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Deployment
2014-11-27 00:58 - 2014-09-30 18:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\mathiaswolfgang\AppData\Local\Temp\project1.exe
C:\Users\mathiaswolfgang\AppData\Local\Temp\Quarantine.exe
C:\Users\mathiaswolfgang\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 00:54
==================== End Of Log ============================
--- --- --- Geändert von DanteHasta (24.12.2014 um 23:04 Uhr) |
|
24.12.2014, 23:14
| #8 |
| | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by mathiaswolfgang (administrator) on DANTE_HASTA_PC on 24-12-2014 23:06:32
Running from C:\Users\mathiaswolfgang\Desktop
Loaded Profiles: mathiaswolfgang & UpdatusUser (Available profiles: mathiaswolfgang & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Digital Dynamic) C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2072576 2008-07-04] (Vodafone)
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: D - D:\cbs.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d6118ff-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611902-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611962-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611965-6d56-11e4-89d7-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {5d3367e2-d2c9-11e3-8b1b-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6aa04554-e2f5-11e3-bf51-001e101fb681} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a42-3c02-11e4-b851-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a82-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a88-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {b2aed7e2-072a-11e4-9f5e-001e101f36d9} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {ef4ae850-f0b7-11e3-8d17-806e6f6e6963} - D:\run.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f119d995-83b4-11e4-b98e-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f8bb63f8-d2c5-11e3-b105-806e6f6e6963} - D:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3460778114-2026053698-264934852-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\..\Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3460778114-2026053698-264934852-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mathiaswolfgang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
Chrome:
=======
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google-Suche) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (NotScripts) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2014-06-08]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiadippkbacigpadnembcfclhmmbifb [2014-05-22]
CHR Extension: (Google Mail) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR Extension: (360 WebShield Plug-in) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - C:\Program Files\360\360 Internet Security\safemon\360webshield.crx [2014-05-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 backupsvc5; C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe [1473024 2014-06-10] (Digital Dynamic) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-05-03] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181080 2014-04-18] (Qihu 360 Software Co., Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-24 23:02 - 2014-12-24 23:02 - 00000635 _____ () C:\Users\mathiaswolfgang\Desktop\JRT.txt
2014-12-24 22:56 - 2014-12-24 22:56 - 00000000 ____D () C:\Windows\ERUNT
2014-12-24 22:48 - 2014-12-24 22:55 - 01707646 _____ (Thisisu) C:\Users\mathiaswolfgang\Desktop\JRT.exe
2014-12-24 22:31 - 2014-12-24 22:40 - 00000000 ____D () C:\AdwCleaner
2014-12-24 22:07 - 2014-12-24 22:19 - 02173952 _____ () C:\Users\mathiaswolfgang\Desktop\AdwCleaner_4.106.exe
2014-12-23 13:56 - 2014-12-23 14:49 - 10108928 _____ () C:\Users\mathiaswolfgang\Documents\Default.mddbs
2014-12-22 16:50 - 2014-12-22 16:51 - 00031394 _____ () C:\Users\mathiaswolfgang\Desktop\Addition.txt
2014-12-22 16:48 - 2014-12-24 23:06 - 00016200 _____ () C:\Users\mathiaswolfgang\Desktop\FRST.txt
2014-12-22 16:48 - 2014-12-24 23:06 - 00000000 ____D () C:\FRST
2014-12-22 16:35 - 2014-12-22 16:47 - 02122240 _____ (Farbar) C:\Users\mathiaswolfgang\Desktop\FRST64.exe
2014-12-22 15:33 - 2014-12-22 15:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\NVIDIA
2014-12-22 15:33 - 2014-12-22 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-22 15:03 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 15:03 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 15:03 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 15:03 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-22 15:03 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-22 15:03 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-22 15:03 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 15:03 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-22 15:03 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 15:03 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-22 15:03 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-22 15:03 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-22 15:03 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-22 15:03 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-22 15:03 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-22 15:03 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-22 15:03 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-22 15:03 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-22 14:38 - 2014-12-22 14:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-22 14:38 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-22 14:23 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-22 14:23 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-22 14:23 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-12-22 14:23 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-22 14:23 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-22 14:23 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-22 14:23 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-22 14:07 - 2014-12-22 14:07 - 00079288 _____ () C:\Users\mathiaswolfgang\Desktop\OTL.Txt
2014-12-22 14:05 - 2014-12-22 14:05 - 00001310 _____ () C:\Users\mathiaswolfgang\Desktop\Hilfe.txt
2014-12-22 14:01 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-22 14:01 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-22 14:01 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-22 14:01 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-22 14:01 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-22 14:01 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-22 14:01 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-22 14:01 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-22 14:01 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-22 14:01 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-22 13:56 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-22 13:55 - 2014-07-02 11:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-22 13:37 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-22 13:37 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-22 13:33 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-12-22 13:33 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-12-22 13:33 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-22 13:33 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-12-22 13:33 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-12-22 13:33 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-12-22 13:33 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-12-22 13:33 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-12-22 12:03 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-22 12:03 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-22 12:03 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-22 12:03 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-22 12:03 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-22 12:03 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-22 12:03 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-22 12:03 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-22 12:03 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-22 12:03 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-22 12:03 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-22 12:03 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-22 12:03 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-22 12:03 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 12:03 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-22 12:03 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-22 12:03 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-22 12:03 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-22 12:03 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-22 12:03 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-22 12:03 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-22 12:03 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-22 12:03 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-22 12:03 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-22 12:03 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-22 12:03 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-22 12:03 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-22 12:03 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-22 12:03 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-22 12:03 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-22 12:03 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-22 12:03 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-22 12:03 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-22 12:03 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-22 12:03 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-22 12:03 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-22 12:03 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-22 12:03 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-22 12:03 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-22 12:03 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-22 12:03 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-22 12:03 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-22 12:03 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-22 12:03 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-22 12:03 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-22 12:03 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-22 12:03 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-22 12:03 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-22 12:03 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-22 12:03 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-22 12:03 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-22 12:03 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-22 12:03 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-22 12:03 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-22 12:03 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-22 12:03 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-22 11:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-22 11:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-22 10:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-22 10:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-22 10:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-22 10:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-22 10:59 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-22 10:59 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-22 10:57 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-22 10:57 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-22 10:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-22 10:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-22 10:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-22 10:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-22 10:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-22 10:56 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-12-22 10:56 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-12-22 10:55 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-22 10:55 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-22 10:55 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-22 10:55 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-22 10:55 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-22 10:55 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-22 10:54 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-22 10:54 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-22 10:54 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-22 10:54 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-22 10:54 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-22 10:54 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-22 10:54 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-22 10:54 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-22 10:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-22 10:54 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-22 10:54 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-22 10:53 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-22 10:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-22 10:52 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-22 10:52 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-22 10:52 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-22 10:52 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-22 10:52 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-22 10:52 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-22 10:52 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-22 10:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-22 10:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-22 10:52 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-22 10:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-22 10:52 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-22 10:52 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-22 10:52 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-22 10:52 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-22 10:52 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-22 10:52 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-22 10:51 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-22 10:51 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-22 10:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-22 10:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-22 10:47 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-22 10:47 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-22 10:47 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-22 10:47 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-22 10:46 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-22 10:46 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-22 10:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-22 10:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-22 10:46 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-22 10:41 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-22 10:41 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-12-22 00:10 - 2014-12-22 00:11 - 10607192 _____ () C:\Users\mathiaswolfgang\Downloads\voxelands-1412.00-win32.zip
2014-12-21 20:59 - 2014-12-21 20:59 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Alice
2014-12-21 20:58 - 2014-12-21 20:58 - 00544860 _____ () C:\Users\mathiaswolfgang\Downloads\winalice.zip
2014-12-21 20:41 - 2014-12-21 20:41 - 00198694 _____ () C:\Users\mathiaswolfgang\Downloads\cbsetup.exe
2014-12-21 20:32 - 2014-12-21 20:32 - 02709185 _____ () C:\Users\mathiaswolfgang\Downloads\dany11122000.zip
2014-12-21 20:18 - 2014-12-21 20:18 - 00002984 _____ () C:\Windows\System32\Tasks\{70346F41-F98B-467C-9A93-40C4A8C9AC67}
2014-12-21 20:18 - 2014-12-21 20:18 - 00000064 _____ () C:\Windows\SysWOW64\jeliza.log
2014-12-21 20:14 - 2014-12-21 20:15 - 07101452 _____ (Tobias Schulz ) C:\Users\mathiaswolfgang\Downloads\jeliza-setup-2.2.2.exe
2014-12-21 12:16 - 2014-12-21 15:32 - 00000000 ____D () C:\Users\Public\Documents\Meine Pascal Programme
2014-12-21 11:26 - 2014-12-21 11:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\lhelp
2014-12-21 08:18 - 2014-12-21 08:18 - 00000000 ____D () C:\OnlineUpdate
2014-12-21 08:18 - 2014-12-21 08:18 - 00000000 ____D () C:\log
2014-12-21 07:12 - 2014-12-21 10:46 - 00000000 ____D () C:\lazarus
2014-12-21 07:10 - 2014-12-21 12:20 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\lazarus
2014-12-21 07:06 - 2014-12-21 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
2014-12-21 06:55 - 2014-12-21 06:59 - 113534648 _____ (Lazarus Team ) C:\Users\mathiaswolfgang\Downloads\lazarus-1.2.6-fpc-2.6.4-win64.exe
2014-12-20 18:09 - 2014-12-20 18:11 - 16359964 _____ () C:\Users\mathiaswolfgang\Downloads\Vox_v0.34_DEMO.rar
2014-12-20 14:42 - 2014-12-20 14:42 - 239921322 _____ () C:\Windows\MEMORY.DMP
2014-12-20 14:42 - 2014-12-20 14:42 - 00290728 _____ () C:\Windows\Minidump\122014-21453-01.dmp
2014-12-20 01:06 - 2014-12-20 01:17 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Roblox
2014-12-20 01:02 - 2014-12-20 01:02 - 00639856 _____ (ROBLOX Corporation) C:\Users\mathiaswolfgang\Downloads\RobloxPlayerLauncher.exe
2014-12-19 12:29 - 2014-12-24 22:42 - 00000896 _____ () C:\Windows\setupact.log
2014-12-19 12:29 - 2014-12-19 12:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 11:09 - 2014-12-19 12:16 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Savegame
2014-12-17 15:23 - 2014-12-17 15:23 - 02350021 _____ () C:\Users\mathiaswolfgang\Downloads\mcpatcher-4.3.2_03.exe
2014-12-15 21:49 - 2014-12-15 21:48 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-15 21:45 - 2014-12-15 21:47 - 31036328 _____ (Oracle Corporation) C:\Users\mathiaswolfgang\Downloads\jre-7u72-windows-x64.exe
2014-12-15 20:28 - 2014-12-15 20:29 - 07327993 _____ () C:\Users\mathiaswolfgang\Downloads\Millenaire5.2.zip
2014-12-15 20:20 - 2014-12-15 20:20 - 02965069 _____ () C:\Users\mathiaswolfgang\Downloads\forge-1.7.2-10.12.2.1147-installer-win.exe
2014-12-15 20:12 - 2014-12-15 20:12 - 02136983 _____ () C:\Users\mathiaswolfgang\Downloads\MillenaireInstallerWindows1.3.zip
2014-12-15 13:41 - 2014-12-15 13:41 - 00152007 _____ () C:\Users\mathiaswolfgang\Downloads\3D-Formel+Objekte.rar
2014-12-15 13:30 - 2014-12-15 13:30 - 00014457 _____ () C:\Users\mathiaswolfgang\Downloads\3D-Routine.zip
2014-12-14 16:23 - 2014-12-22 12:26 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Neinmal Klug
2014-12-14 16:22 - 2014-12-14 16:22 - 00238715 _____ () C:\Users\mathiaswolfgang\Downloads\Neunmalklug.zip
2014-12-14 16:20 - 2014-12-14 16:20 - 00870079 _____ () C:\Users\mathiaswolfgang\Downloads\Neunmalklug-SETUP.zip
2014-12-14 16:04 - 2014-12-14 16:04 - 00003086 _____ () C:\Windows\System32\Tasks\{9F68762D-9895-4ED1-B0B3-9D003EBC0746}
2014-12-12 18:13 - 2014-12-12 18:14 - 05415903 _____ () C:\Users\mathiaswolfgang\Downloads\JehkobasFantasy_4.zip
2014-12-12 17:22 - 2014-12-12 20:42 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Processing
2014-12-12 17:22 - 2014-12-12 17:22 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Processing
2014-12-12 17:17 - 2014-12-22 20:23 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\processing-2.2.1
2014-12-12 17:07 - 2014-12-12 17:14 - 116409778 _____ () C:\Users\mathiaswolfgang\Downloads\processing-2.2.1-windows64.zip
2014-12-12 16:08 - 2014-12-12 16:08 - 01555478 _____ () C:\Users\mathiaswolfgang\Downloads\NoocraftSource.zip
2014-12-12 15:44 - 2014-12-12 15:44 - 02636463 _____ () C:\Users\mathiaswolfgang\Downloads\Noocraft_EN_0.2.6.zip
2014-12-12 15:44 - 2014-12-12 15:44 - 00455033 _____ () C:\Users\mathiaswolfgang\Downloads\Noocraft_Server_EN_0.2.6.zip
2014-12-12 14:32 - 2014-12-12 14:32 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Zauberkraft
2014-12-12 14:31 - 2014-12-12 14:31 - 01006702 _____ () C:\Users\mathiaswolfgang\Downloads\ZauberCraft.zip
2014-12-12 14:13 - 2014-12-12 14:13 - 01572449 _____ () C:\Users\mathiaswolfgang\Downloads\Portfolio ICT6 tijdsroosters.zip
2014-12-10 19:55 - 2014-12-22 13:57 - 00000000 ____D () C:\Temp
2014-12-10 19:54 - 2014-12-10 19:57 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\DJJava
2014-12-10 19:54 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-10 19:50 - 2014-12-10 19:51 - 07543096 _____ () C:\Users\mathiaswolfgang\Downloads\SetupDJ312RN.exe
2014-12-10 16:40 - 2014-12-10 16:40 - 00736405 _____ () C:\Users\mathiaswolfgang\Downloads\4394.tmp
2014-12-07 11:57 - 2014-12-07 11:58 - 10567318 _____ () C:\Users\mathiaswolfgang\Downloads\voxelands-1411.03-win32.zip
2014-12-07 01:29 - 2014-12-07 01:30 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\gnomescroll21
2014-12-06 19:44 - 2014-12-24 14:40 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\minetest-0.4.10-win64
2014-12-06 19:42 - 2014-12-06 19:44 - 19461558 _____ () C:\Users\mathiaswolfgang\Downloads\minetest-0.4.10-win64-mingw.zip
2014-12-06 19:32 - 2014-12-06 19:32 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Eternal Lands
2014-12-06 14:02 - 2014-12-06 14:02 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Blockland
2014-12-05 19:48 - 2014-12-05 19:48 - 00003218 _____ () C:\Windows\System32\Tasks\{CD26E032-ACA3-4BCE-94AC-1E58D25641C6}
2014-12-05 19:17 - 2014-12-05 19:20 - 34469764 _____ () C:\Users\mathiaswolfgang\Downloads\Mythruna-20120627-Windows.zip
2014-12-05 18:54 - 2014-12-05 18:56 - 15529819 _____ () C:\Users\mathiaswolfgang\Downloads\gnomescroll21.zip
2014-12-05 18:06 - 2014-12-05 18:07 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\TerasologyLauncher
2014-12-05 18:05 - 2014-12-05 18:06 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\TerasologyLauncher
2014-12-05 18:04 - 2014-12-05 18:05 - 02650488 _____ () C:\Users\mathiaswolfgang\Downloads\TerasologyLauncher.zip
2014-12-04 19:24 - 2014-12-04 19:45 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\ManicDigger2014-08-05Binary
2014-12-04 19:23 - 2014-12-04 19:23 - 03835252 _____ () C:\Users\mathiaswolfgang\Downloads\ManicDigger2014-08-05Binary.zip
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\CastleMinerZ
2014-12-04 17:15 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-04 17:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-12-04 11:01 - 2014-12-04 11:04 - 42776464 _____ () C:\Users\mathiaswolfgang\Downloads\Terasology.zip
2014-12-01 11:15 - 2014-12-01 11:16 - 00602112 _____ (OldTimer Tools) C:\Users\mathiaswolfgang\Desktop\OTL.exe
2014-12-01 11:11 - 2014-12-23 21:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 11:10 - 2014-12-18 13:45 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-01 11:10 - 2014-12-18 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-01 11:10 - 2014-12-18 13:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-01 11:10 - 2014-12-01 11:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 11:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-01 11:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-01 11:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 01:00 - 2014-11-27 01:00 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\java
2014-11-27 00:58 - 2014-12-15 21:48 - 00000000 ____D () C:\Program Files\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-24 22:49 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 22:49 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 22:46 - 2014-05-03 14:26 - 01591712 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 22:42 - 2014-05-29 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-24 22:42 - 2014-05-03 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 22:42 - 2010-11-21 04:47 - 00573832 _____ () C:\Windows\PFRO.log
2014-12-24 22:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 22:41 - 2014-05-03 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 22:00 - 2014-05-05 00:38 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\360safe
2014-12-24 21:52 - 2014-05-05 16:53 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\XnView
2014-12-24 15:53 - 2014-11-04 11:58 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\BB 3D
2014-12-24 12:12 - 2014-05-05 13:06 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Paint.NET
2014-12-24 00:37 - 2014-10-03 13:33 - 00000000 __SHD () C:\360Rec
2014-12-23 13:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-23 10:52 - 2014-09-12 03:15 - 00000000 ____D () C:\Program Files (x86)\Skullbyte
2014-12-23 10:51 - 2014-08-11 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-23 09:06 - 2014-09-30 18:50 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\.minecraft
2014-12-23 07:41 - 2014-09-17 14:07 - 00000000 ____D () C:\Seven Kingdoms AA
2014-12-22 16:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-22 15:32 - 2009-07-14 05:45 - 00296120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 15:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 15:28 - 2014-05-06 10:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-22 15:28 - 2011-04-12 08:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-22 14:15 - 2014-05-04 10:06 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-22 14:15 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-12-22 14:15 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-12-22 14:15 - 2009-07-14 06:13 - 01591896 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 13:57 - 2014-05-29 13:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-22 13:57 - 2014-05-29 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-22 13:57 - 2014-05-29 13:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-21 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-12-20 14:42 - 2014-05-12 20:23 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 14:38 - 2014-07-05 18:09 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Skype
2014-12-18 15:33 - 2014-11-01 12:32 - 00000000 ____D () C:\Program Files (x86)\INNRevival
2014-12-18 13:49 - 2014-06-30 08:28 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-17 15:51 - 2014-06-03 12:16 - 00003864 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1400603381
2014-12-17 15:51 - 2014-05-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-14 18:18 - 2014-07-05 18:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-14 18:18 - 2014-07-05 18:08 - 00000000 ____D () C:\ProgramData\Skype
2014-12-12 14:15 - 2014-05-05 00:38 - 00000000 ____D () C:\ProgramData\360SD
2014-12-09 15:55 - 2014-10-27 18:00 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Minecraft Karten Betrachter
2014-12-08 15:55 - 2014-08-30 16:26 - 00000000 ____D () C:\Program Files (x86)\Sting
2014-12-06 14:03 - 2014-09-23 21:56 - 00000000 ____D () C:\ae
2014-12-06 14:03 - 2014-09-15 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO1602
2014-12-05 19:25 - 2014-05-03 14:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\VirtualStore
2014-12-05 18:07 - 2014-07-07 08:07 - 00000000 ____D () C:\SPIELE
2014-12-04 20:55 - 2014-05-12 19:49 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Facebook
2014-12-04 19:12 - 2014-05-03 14:54 - 00064808 _____ () C:\Users\mathiaswolfgang\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 18:48 - 2014-09-18 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2014-12-04 18:48 - 2014-09-18 07:50 - 00000000 ____D () C:\Westwood
2014-12-04 18:48 - 2014-09-11 00:13 - 00000000 ____D () C:\Program Files (x86)\Cultures
2014-12-04 18:44 - 2014-09-03 07:48 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-04 18:43 - 2014-05-03 14:54 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Deployment
2014-11-27 00:58 - 2014-09-30 18:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\mathiaswolfgang\AppData\Local\Temp\project1.exe
C:\Users\mathiaswolfgang\AppData\Local\Temp\Quarantine.exe
C:\Users\mathiaswolfgang\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 00:54
==================== End Of Log ============================
--- --- --- --- --- --- Mit freundlichen Grüßen, Dante Hasta Mit freundlichen Grüßen, Dante Hasta |
|
25.12.2014, 19:33
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7 64 Zahnrad taucht öfter in Taskleiste aufESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.12.2014, 12:24
| #10 |
| | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Hallo schrauber, es hat einfach mit meinem Kindergarteninternet keinen Sinn, irgendwie zu versuchen etwas runter zu laden. Esa hat sich versucht, über 1,5 Stunde lang zu aktualisieren und hat dann mit einem Fehlercode abgebrochen. Modegeschwindigkeit reicht einfach in heutiger Zeit nicht mehr aus. Ich hoffe am 27. 12 wieder entsperrt zu werden. Das ich dann wieder das "normale" Kindergarteninternet von Tchibo nutzen darf. Ich bin gerade wieder richtig sauer. In so fern schlage ich vor, unterbrechen wir das ganze, bis mein Internet wieder entsperrt ist. Probleme scheint es momentan mit meinem Rechner nicht mehr zu geben. Darüber bin ich schon recht erleichtert. Werde aber natürlich auch die letzten Tests noch mitnehmen, um ganz sicher zu gehen. Vielen Danke dann erst mal soweit von mir, für Deine wirklich tolle Hilfe. Liebe Grüße, Dante Hasta |
|
26.12.2014, 22:08
| #11 | |
| /// the machine /// TB-Ausbilder | Windows 7 64 Zahnrad taucht öfter in Taskleiste aufZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.12.2014, 09:51
| #12 |
| | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Hallo schrauber, ich bitte noch mal um Entschuldigung für die Verzögerung. Hier sind dann die von Dir erbetenen Logfiles: Code:
ATTFilter all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=89b69562a9740749bc2e4c0ebc0aba46
# engine=21716
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-27 07:17:00
# local_time=2014-12-27 08:17:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 7995 171294470 0 0
# compatibility_mode_1='360 Internet Security'
# compatibility_mode=16386 16777213 100 100 7224 58390027 0 0
# scanned=211229
# found=0
# cleaned=0
# scan_time=3466
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
360 Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Mobile Partner OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by mathiaswolfgang (administrator) on DANTE_HASTA_PC on 27-12-2014 08:29:37
Running from C:\Users\mathiaswolfgang\Desktop
Loaded Profiles: mathiaswolfgang & UpdatusUser (Available profiles: mathiaswolfgang & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Digital Dynamic) C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2072576 2008-07-04] (Vodafone)
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: D - D:\cbs.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d6118ff-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611902-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611962-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611965-6d56-11e4-89d7-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {5d3367e2-d2c9-11e3-8b1b-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6aa04554-e2f5-11e3-bf51-001e101fb681} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a42-3c02-11e4-b851-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a82-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a88-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {b2aed7e2-072a-11e4-9f5e-001e101f36d9} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {ef4ae850-f0b7-11e3-8d17-806e6f6e6963} - D:\run.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f119d995-83b4-11e4-b98e-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f8bb63f8-d2c5-11e3-b105-806e6f6e6963} - D:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3460778114-2026053698-264934852-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\..\Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3460778114-2026053698-264934852-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mathiaswolfgang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
Chrome:
=======
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google-Suche) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (NotScripts) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2014-06-08]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiadippkbacigpadnembcfclhmmbifb [2014-05-22]
CHR Extension: (Google Mail) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR Extension: (360 WebShield Plug-in) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - C:\Program Files\360\360 Internet Security\safemon\360webshield.crx [2014-05-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 backupsvc5; C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe [1473024 2014-06-10] (Digital Dynamic) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-05-03] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181080 2014-04-18] (Qihu 360 Software Co., Ltd.)
S3 ALSysIO; \??\C:\Users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-27 08:29 - 2014-12-27 08:29 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\FRST-OlderVersion
2014-12-27 08:22 - 2014-12-27 08:22 - 00852505 _____ () C:\Users\mathiaswolfgang\Desktop\SecurityCheck.exe
2014-12-27 08:18 - 2014-12-27 08:18 - 00000000 __SHD () C:\Users\mathiaswolfgang\AppData\Local\EmieBrowserModeList
2014-12-27 07:02 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-27 07:02 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-27 07:02 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-27 07:02 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-26 11:35 - 2014-12-26 11:35 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Neuer Ordner
2014-12-26 11:19 - 2014-12-26 11:33 - 00495597 _____ () C:\Users\mathiaswolfgang\Downloads\Penthouse Hot Numbers (1992)(Magic Bytes).zip
2014-12-26 09:41 - 2014-12-26 09:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-26 09:10 - 2014-12-26 09:33 - 02347384 _____ (ESET) C:\Users\mathiaswolfgang\Downloads\esetsmartinstaller_deu.exe
2014-12-26 01:22 - 2014-12-26 01:26 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Escape
2014-12-26 01:22 - 2014-12-26 01:25 - 01166319 _____ () C:\Users\mathiaswolfgang\Downloads\escape.zip
2014-12-26 00:17 - 2014-12-26 00:18 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Eisplanet
2014-12-25 23:50 - 2014-12-26 00:02 - 03401276 _____ () C:\Users\mathiaswolfgang\Downloads\eisplanet.zip
2014-12-25 20:21 - 2014-12-25 20:21 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\crosso
2014-12-25 20:18 - 2014-12-25 20:20 - 00667174 _____ () C:\Users\mathiaswolfgang\Downloads\crosso.zip
2014-12-25 20:10 - 2014-12-25 20:10 - 00003004 _____ () C:\Windows\System32\Tasks\{57D4D9F1-00C5-4DCA-80ED-C98358789A0C}
2014-12-25 20:09 - 2014-12-25 20:09 - 00003004 _____ () C:\Windows\System32\Tasks\{7BD56DB0-213F-4D63-A263-922A87837671}
2014-12-25 20:09 - 2014-12-25 20:09 - 00003004 _____ () C:\Windows\System32\Tasks\{42B8E2D9-5649-4EE7-945C-4D2905790FD5}
2014-12-25 20:06 - 2014-12-25 20:07 - 00305505 _____ () C:\Users\mathiaswolfgang\Downloads\blue40.zip
2014-12-25 20:03 - 2014-12-25 20:03 - 00035800 _____ () C:\Users\mathiaswolfgang\Downloads\maxit101.zip
2014-12-25 00:51 - 2014-12-25 00:51 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Blue Angel
2014-12-25 00:47 - 2014-12-25 00:49 - 00610728 _____ () C:\Users\mathiaswolfgang\Downloads\blue-angel-69.zip
2014-12-24 23:02 - 2014-12-24 23:02 - 00000635 _____ () C:\Users\mathiaswolfgang\Desktop\JRT.txt
2014-12-24 22:56 - 2014-12-24 22:56 - 00000000 ____D () C:\Windows\ERUNT
2014-12-24 22:48 - 2014-12-24 22:55 - 01707646 _____ (Thisisu) C:\Users\mathiaswolfgang\Desktop\JRT.exe
2014-12-24 22:31 - 2014-12-24 22:40 - 00000000 ____D () C:\AdwCleaner
2014-12-24 22:07 - 2014-12-24 22:19 - 02173952 _____ () C:\Users\mathiaswolfgang\Desktop\AdwCleaner_4.106.exe
2014-12-23 13:56 - 2014-12-23 14:49 - 10108928 _____ () C:\Users\mathiaswolfgang\Documents\Default.mddbs
2014-12-22 16:50 - 2014-12-22 16:51 - 00031394 _____ () C:\Users\mathiaswolfgang\Desktop\Addition.txt
2014-12-22 16:48 - 2014-12-27 08:29 - 00016440 _____ () C:\Users\mathiaswolfgang\Desktop\FRST.txt
2014-12-22 16:48 - 2014-12-27 08:29 - 00000000 ____D () C:\FRST
2014-12-22 16:35 - 2014-12-27 08:29 - 02122752 _____ (Farbar) C:\Users\mathiaswolfgang\Desktop\FRST64.exe
2014-12-22 15:33 - 2014-12-22 15:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\NVIDIA
2014-12-22 15:33 - 2014-12-22 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-22 15:03 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 15:03 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 15:03 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 15:03 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-22 15:03 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-22 15:03 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-22 15:03 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 15:03 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-22 15:03 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 15:03 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-22 15:03 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-22 15:03 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-22 15:03 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-22 15:03 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-22 15:03 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-22 15:03 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-22 14:38 - 2014-12-22 14:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-22 14:38 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-22 14:23 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-22 14:23 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-22 14:23 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-12-22 14:23 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-22 14:23 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-22 14:07 - 2014-12-22 14:07 - 00079288 _____ () C:\Users\mathiaswolfgang\Desktop\OTL.Txt
2014-12-22 14:05 - 2014-12-22 14:05 - 00001310 _____ () C:\Users\mathiaswolfgang\Desktop\Hilfe.txt
2014-12-22 14:01 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-22 14:01 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-22 14:01 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-22 14:01 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-22 14:01 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-22 14:01 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-22 14:01 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-22 14:01 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-22 14:01 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-22 14:01 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-22 13:56 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-22 13:55 - 2014-07-02 11:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-22 13:37 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-22 13:37 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-22 13:33 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-12-22 13:33 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-12-22 13:33 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-22 13:33 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-12-22 13:33 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-12-22 13:33 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-12-22 13:33 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-12-22 13:33 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-12-22 12:03 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-22 12:03 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-22 12:03 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-22 12:03 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-22 12:03 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-22 12:03 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-22 12:03 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-22 12:03 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-22 12:03 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-22 12:03 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-22 12:03 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-22 12:03 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-22 12:03 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-22 12:03 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 12:03 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-22 12:03 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-22 12:03 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-22 12:03 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-22 12:03 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-22 12:03 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-22 12:03 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-22 12:03 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-22 12:03 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-22 12:03 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-22 12:03 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-22 12:03 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-22 12:03 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-22 12:03 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-22 12:03 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-22 12:03 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-22 12:03 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-22 12:03 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-22 12:03 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-22 12:03 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-22 12:03 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-22 12:03 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-22 12:03 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-22 12:03 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-22 12:03 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-22 12:03 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-22 12:03 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-22 12:03 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-22 12:03 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-22 12:03 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-22 12:03 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-22 12:03 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-22 12:03 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-22 12:03 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-22 12:03 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-22 12:03 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-22 12:03 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-22 12:03 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-22 12:03 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-22 12:03 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-22 12:03 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-22 12:03 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-22 11:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-22 11:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-22 11:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-22 10:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-22 10:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-22 10:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-22 10:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-22 10:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-22 10:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-22 10:59 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-22 10:59 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-22 10:57 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-22 10:57 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-22 10:57 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-22 10:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-22 10:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-22 10:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-22 10:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-22 10:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-22 10:56 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-12-22 10:56 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-12-22 10:55 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-22 10:55 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-22 10:55 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-22 10:55 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-22 10:55 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-22 10:55 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-22 10:54 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-22 10:54 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-22 10:54 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-22 10:54 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-22 10:54 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-22 10:54 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-22 10:54 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-22 10:54 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-22 10:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-22 10:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-22 10:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-22 10:54 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-22 10:54 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-22 10:53 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-22 10:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-22 10:52 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-22 10:52 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-22 10:52 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-22 10:52 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-22 10:52 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-22 10:52 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-22 10:52 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-22 10:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-22 10:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-22 10:52 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-22 10:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-22 10:52 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-22 10:52 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-22 10:52 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-22 10:52 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-22 10:52 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-22 10:52 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-22 10:51 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-22 10:51 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-22 10:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-22 10:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-22 10:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-22 10:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-22 10:47 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-22 10:47 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-22 10:47 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-22 10:47 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-22 10:47 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-22 10:46 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-22 10:46 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-22 10:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-22 10:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-22 10:46 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-22 10:41 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-22 10:41 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-12-22 00:10 - 2014-12-22 00:11 - 10607192 _____ () C:\Users\mathiaswolfgang\Downloads\voxelands-1412.00-win32.zip
2014-12-21 20:59 - 2014-12-21 20:59 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Alice
2014-12-21 20:58 - 2014-12-21 20:58 - 00544860 _____ () C:\Users\mathiaswolfgang\Downloads\winalice.zip
2014-12-21 20:41 - 2014-12-21 20:41 - 00198694 _____ () C:\Users\mathiaswolfgang\Downloads\cbsetup.exe
2014-12-21 20:32 - 2014-12-21 20:32 - 02709185 _____ () C:\Users\mathiaswolfgang\Downloads\dany11122000.zip
2014-12-21 20:18 - 2014-12-21 20:18 - 00002984 _____ () C:\Windows\System32\Tasks\{70346F41-F98B-467C-9A93-40C4A8C9AC67}
2014-12-21 20:18 - 2014-12-21 20:18 - 00000064 _____ () C:\Windows\SysWOW64\jeliza.log
2014-12-21 20:14 - 2014-12-21 20:15 - 07101452 _____ (Tobias Schulz ) C:\Users\mathiaswolfgang\Downloads\jeliza-setup-2.2.2.exe
2014-12-21 12:16 - 2014-12-21 15:32 - 00000000 ____D () C:\Users\Public\Documents\Meine Pascal Programme
2014-12-21 11:26 - 2014-12-21 11:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\lhelp
2014-12-21 08:18 - 2014-12-21 08:18 - 00000000 ____D () C:\OnlineUpdate
2014-12-21 08:18 - 2014-12-21 08:18 - 00000000 ____D () C:\log
2014-12-21 07:12 - 2014-12-21 10:46 - 00000000 ____D () C:\lazarus
2014-12-21 07:10 - 2014-12-21 12:20 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\lazarus
2014-12-21 07:06 - 2014-12-21 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
2014-12-21 06:55 - 2014-12-21 06:59 - 113534648 _____ (Lazarus Team ) C:\Users\mathiaswolfgang\Downloads\lazarus-1.2.6-fpc-2.6.4-win64.exe
2014-12-20 18:09 - 2014-12-20 18:11 - 16359964 _____ () C:\Users\mathiaswolfgang\Downloads\Vox_v0.34_DEMO.rar
2014-12-20 14:42 - 2014-12-20 14:42 - 239921322 _____ () C:\Windows\MEMORY.DMP
2014-12-20 14:42 - 2014-12-20 14:42 - 00290728 _____ () C:\Windows\Minidump\122014-21453-01.dmp
2014-12-20 01:06 - 2014-12-20 01:17 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Roblox
2014-12-20 01:02 - 2014-12-20 01:02 - 00639856 _____ (ROBLOX Corporation) C:\Users\mathiaswolfgang\Downloads\RobloxPlayerLauncher.exe
2014-12-19 12:29 - 2014-12-27 07:06 - 00001064 _____ () C:\Windows\setupact.log
2014-12-19 12:29 - 2014-12-19 12:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 11:09 - 2014-12-19 12:16 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Savegame
2014-12-17 15:23 - 2014-12-17 15:23 - 02350021 _____ () C:\Users\mathiaswolfgang\Downloads\mcpatcher-4.3.2_03.exe
2014-12-15 21:49 - 2014-12-15 21:48 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-15 21:48 - 2014-12-15 21:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-15 21:48 - 2014-12-15 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-15 21:45 - 2014-12-15 21:47 - 31036328 _____ (Oracle Corporation) C:\Users\mathiaswolfgang\Downloads\jre-7u72-windows-x64.exe
2014-12-15 20:28 - 2014-12-15 20:29 - 07327993 _____ () C:\Users\mathiaswolfgang\Downloads\Millenaire5.2.zip
2014-12-15 20:20 - 2014-12-15 20:20 - 02965069 _____ () C:\Users\mathiaswolfgang\Downloads\forge-1.7.2-10.12.2.1147-installer-win.exe
2014-12-15 20:12 - 2014-12-15 20:12 - 02136983 _____ () C:\Users\mathiaswolfgang\Downloads\MillenaireInstallerWindows1.3.zip
2014-12-15 13:41 - 2014-12-15 13:41 - 00152007 _____ () C:\Users\mathiaswolfgang\Downloads\3D-Formel+Objekte.rar
2014-12-15 13:30 - 2014-12-15 13:30 - 00014457 _____ () C:\Users\mathiaswolfgang\Downloads\3D-Routine.zip
2014-12-14 16:23 - 2014-12-25 14:51 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Neinmal Klug
2014-12-14 16:22 - 2014-12-14 16:22 - 00238715 _____ () C:\Users\mathiaswolfgang\Downloads\Neunmalklug.zip
2014-12-14 16:20 - 2014-12-14 16:20 - 00870079 _____ () C:\Users\mathiaswolfgang\Downloads\Neunmalklug-SETUP.zip
2014-12-14 16:04 - 2014-12-14 16:04 - 00003086 _____ () C:\Windows\System32\Tasks\{9F68762D-9895-4ED1-B0B3-9D003EBC0746}
2014-12-12 18:13 - 2014-12-12 18:14 - 05415903 _____ () C:\Users\mathiaswolfgang\Downloads\JehkobasFantasy_4.zip
2014-12-12 17:22 - 2014-12-12 20:42 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Processing
2014-12-12 17:22 - 2014-12-12 17:22 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Processing
2014-12-12 17:17 - 2014-12-24 23:51 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\processing-2.2.1
2014-12-12 17:07 - 2014-12-12 17:14 - 116409778 _____ () C:\Users\mathiaswolfgang\Downloads\processing-2.2.1-windows64.zip
2014-12-12 16:08 - 2014-12-12 16:08 - 01555478 _____ () C:\Users\mathiaswolfgang\Downloads\NoocraftSource.zip
2014-12-12 15:44 - 2014-12-12 15:44 - 02636463 _____ () C:\Users\mathiaswolfgang\Downloads\Noocraft_EN_0.2.6.zip
2014-12-12 15:44 - 2014-12-12 15:44 - 00455033 _____ () C:\Users\mathiaswolfgang\Downloads\Noocraft_Server_EN_0.2.6.zip
2014-12-12 14:32 - 2014-12-12 14:32 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Zauberkraft
2014-12-12 14:31 - 2014-12-12 14:31 - 01006702 _____ () C:\Users\mathiaswolfgang\Downloads\ZauberCraft.zip
2014-12-12 14:13 - 2014-12-12 14:13 - 01572449 _____ () C:\Users\mathiaswolfgang\Downloads\Portfolio ICT6 tijdsroosters.zip
2014-12-10 19:55 - 2014-12-22 13:57 - 00000000 ____D () C:\Temp
2014-12-10 19:54 - 2014-12-10 19:57 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\DJJava
2014-12-10 19:54 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-10 19:50 - 2014-12-10 19:51 - 07543096 _____ () C:\Users\mathiaswolfgang\Downloads\SetupDJ312RN.exe
2014-12-10 16:40 - 2014-12-10 16:40 - 00736405 _____ () C:\Users\mathiaswolfgang\Downloads\4394.tmp
2014-12-07 11:57 - 2014-12-07 11:58 - 10567318 _____ () C:\Users\mathiaswolfgang\Downloads\voxelands-1411.03-win32.zip
2014-12-07 01:29 - 2014-12-07 01:30 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\gnomescroll21
2014-12-06 19:44 - 2014-12-24 14:40 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\minetest-0.4.10-win64
2014-12-06 19:42 - 2014-12-06 19:44 - 19461558 _____ () C:\Users\mathiaswolfgang\Downloads\minetest-0.4.10-win64-mingw.zip
2014-12-06 19:32 - 2014-12-06 19:32 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Eternal Lands
2014-12-06 14:02 - 2014-12-06 14:02 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\Blockland
2014-12-05 19:48 - 2014-12-05 19:48 - 00003218 _____ () C:\Windows\System32\Tasks\{CD26E032-ACA3-4BCE-94AC-1E58D25641C6}
2014-12-05 19:17 - 2014-12-05 19:20 - 34469764 _____ () C:\Users\mathiaswolfgang\Downloads\Mythruna-20120627-Windows.zip
2014-12-05 18:54 - 2014-12-05 18:56 - 15529819 _____ () C:\Users\mathiaswolfgang\Downloads\gnomescroll21.zip
2014-12-05 18:06 - 2014-12-05 18:07 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\TerasologyLauncher
2014-12-05 18:05 - 2014-12-05 18:06 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\TerasologyLauncher
2014-12-05 18:04 - 2014-12-05 18:05 - 02650488 _____ () C:\Users\mathiaswolfgang\Downloads\TerasologyLauncher.zip
2014-12-04 19:24 - 2014-12-04 19:45 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\ManicDigger2014-08-05Binary
2014-12-04 19:23 - 2014-12-04 19:23 - 03835252 _____ () C:\Users\mathiaswolfgang\Downloads\ManicDigger2014-08-05Binary.zip
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\CastleMinerZ
2014-12-04 17:15 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-04 17:15 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-04 17:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-12-04 11:01 - 2014-12-04 11:04 - 42776464 _____ () C:\Users\mathiaswolfgang\Downloads\Terasology.zip
2014-12-01 11:15 - 2014-12-01 11:16 - 00602112 _____ (OldTimer Tools) C:\Users\mathiaswolfgang\Desktop\OTL.exe
2014-12-01 11:11 - 2014-12-23 21:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 11:10 - 2014-12-18 13:45 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-01 11:10 - 2014-12-18 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-01 11:10 - 2014-12-18 13:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-01 11:10 - 2014-12-01 11:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 11:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-01 11:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-01 11:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 01:00 - 2014-11-27 01:00 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\java
2014-11-27 00:58 - 2014-12-15 21:48 - 00000000 ____D () C:\Program Files\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-27 08:21 - 2014-05-03 14:26 - 01738777 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 08:11 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 08:11 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 08:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-27 07:41 - 2014-05-03 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 07:07 - 2014-05-03 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 07:06 - 2014-05-29 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-27 07:06 - 2010-11-21 04:47 - 00585890 _____ () C:\Windows\PFRO.log
2014-12-27 07:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 18:32 - 2014-09-17 14:07 - 00000000 ____D () C:\Program Files (x86)\Seven Kingdoms AA
2014-12-26 18:04 - 2014-05-05 00:38 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\360safe
2014-12-26 12:54 - 2014-09-30 18:50 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\.minecraft
2014-12-26 10:43 - 2014-05-05 16:53 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\XnView
2014-12-25 20:22 - 2014-05-05 11:50 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-12-25 11:30 - 2014-11-04 11:58 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\BB 3D
2014-12-24 12:12 - 2014-05-05 13:06 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Paint.NET
2014-12-24 00:37 - 2014-10-03 13:33 - 00000000 __SHD () C:\360Rec
2014-12-23 13:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-23 10:51 - 2014-08-11 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 16:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-22 15:32 - 2009-07-14 05:45 - 00296120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 15:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 15:28 - 2014-05-06 10:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-22 15:28 - 2011-04-12 08:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-22 14:15 - 2014-05-04 10:06 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-22 14:15 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-12-22 14:15 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-12-22 14:15 - 2009-07-14 06:13 - 01591896 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 13:57 - 2014-05-29 13:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-22 13:57 - 2014-05-29 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-22 13:57 - 2014-05-29 13:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-21 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-12-20 14:42 - 2014-05-12 20:23 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 14:38 - 2014-07-05 18:09 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Skype
2014-12-18 15:33 - 2014-11-01 12:32 - 00000000 ____D () C:\Program Files (x86)\INNRevival
2014-12-18 13:49 - 2014-06-30 08:28 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-17 15:51 - 2014-06-03 12:16 - 00003864 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1400603381
2014-12-17 15:51 - 2014-05-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-14 18:18 - 2014-07-05 18:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-14 18:18 - 2014-07-05 18:08 - 00000000 ____D () C:\ProgramData\Skype
2014-12-12 14:15 - 2014-05-05 00:38 - 00000000 ____D () C:\ProgramData\360SD
2014-12-09 15:55 - 2014-10-27 18:00 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\Minecraft Karten Betrachter
2014-12-08 15:55 - 2014-08-30 16:26 - 00000000 ____D () C:\Program Files (x86)\Sting
2014-12-06 14:03 - 2014-09-23 21:56 - 00000000 ____D () C:\ae
2014-12-05 19:25 - 2014-05-03 14:33 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\VirtualStore
2014-12-05 18:07 - 2014-07-07 08:07 - 00000000 ____D () C:\SPIELE
2014-12-04 20:55 - 2014-05-12 19:49 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Facebook
2014-12-04 19:12 - 2014-05-03 14:54 - 00064808 _____ () C:\Users\mathiaswolfgang\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 18:44 - 2014-09-03 07:48 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-04 18:43 - 2014-05-03 14:54 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Deployment
2014-11-27 00:58 - 2014-09-30 18:50 - 00000000 ____D () C:\ProgramData\Oracle
Some content of TEMP:
====================
C:\Users\mathiaswolfgang\AppData\Local\Temp\project1.exe
C:\Users\mathiaswolfgang\AppData\Local\Temp\Quarantine.exe
C:\Users\mathiaswolfgang\AppData\Local\Temp\sqlite3.dll
C:\Users\mathiaswolfgang\AppData\Local\Temp\wcduninst.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-25 03:52
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Jetzt mit normaler Internetgeschwindigkeit war das kein Problem mehr. Folgende Dinge hätte ich noch auf dem Herzen. Ich bekomme 3 Updates von Windows nicht installiert: -Update Internet Explorer 11 -Update für Windows 7 x64 basierte Systeme (*2) Ich habe einen Ordner auf dem Computer, den ich mit nichts zuordnen kann. C:\Programme(X86)\Online Games Downloader Ist das etwas von Windows? Eher nicht, oder? Immerhin gibt es einen Bug Report. Aber schlauer macht mich das nicht. Code:
ATTFilter date/time : 2014-05-13, 00:15:39, 794ms
computer name : DANTE_HASTA_PC
user name : mathiaswolfgang <admin>
registered owner : mathiaswolfgang
operating system : Windows 7 x64 Service Pack 1 build 7601
system language : German
system up time : 2 hours 52 minutes
program up time : 4 minutes 33 seconds
processors : 2x AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
physical memory : 914/2047 MB (free/total)
free disk space : (C:) 123,93 GB
display mode : 1280x1024, 32 bit
process id : $f7c
allocated memory : 54,83 MB
executable : GamesDownloader.exe
exec. date/time : 2010-11-12 17:32
version : 2.0.0.379
compiled with : Delphi 2009
madExcept version : 3.0i
callstack crc : $ccfbe16c, $adf49216, $adf49216
exception number : 1
exception class : ERegistryException
exception message : Invalid data type for 'Flags'.
main thread ($e54):
004885df +023 GamesDownloader.exe Registry ReadError
00488e5a +062 GamesDownloader.exe Registry TRegistry.ReadString
00620543 +183 GamesDownloader.exe uRegPlugIn 59 +25 IEBHOInstall
00625869 +059 GamesDownloader.exe uMain 993 +4 TfmMain.UpdateOptions
00624129 +031 GamesDownloader.exe uMain 491 +6 TfmMain.SelPage
0062386a +2ba GamesDownloader.exe uMain 402 +62 TfmMain.btnApplyClick
004d4cdb +06f GamesDownloader.exe Controls TControl.Click
004a87aa +01e GamesDownloader.exe StdCtrls TCustomButton.Click
004a920c +010 GamesDownloader.exe StdCtrls TCustomButton.CNCommand
004d4772 +2d2 GamesDownloader.exe Controls TControl.WndProc
004d8c77 +513 GamesDownloader.exe Controls TWinControl.WndProc
004a8470 +06c GamesDownloader.exe StdCtrls TButtonControl.WndProc
004d4398 +024 GamesDownloader.exe Controls TControl.Perform
004d8dc7 +023 GamesDownloader.exe Controls DoControlMsg
004d97c3 +00b GamesDownloader.exe Controls TWinControl.WMCommand
004d4772 +2d2 GamesDownloader.exe Controls TControl.WndProc
004d8c77 +513 GamesDownloader.exe Controls TWinControl.WndProc
004d8390 +02c GamesDownloader.exe Controls TWinControl.MainWndProc
004837c8 +014 GamesDownloader.exe Classes StdWndProc
77540107 +02b ntdll.dll KiUserCallbackDispatcher
75ef96c0 +047 USER32.dll SendMessageW
75f00d48 +016 USER32.dll CallWindowProcW
004d8d73 +0d7 GamesDownloader.exe Controls TWinControl.DefaultHandler
004d50f8 +010 GamesDownloader.exe Controls TControl.WMLButtonUp
004d4772 +2d2 GamesDownloader.exe Controls TControl.WndProc
004d8c77 +513 GamesDownloader.exe Controls TWinControl.WndProc
004a8470 +06c GamesDownloader.exe StdCtrls TButtonControl.WndProc
004d8390 +02c GamesDownloader.exe Controls TWinControl.MainWndProc
004837c8 +014 GamesDownloader.exe Classes StdWndProc
75ef7885 +00a USER32.dll DispatchMessageW
004f493b +0f3 GamesDownloader.exe Forms TApplication.ProcessMessage
004f497e +00a GamesDownloader.exe Forms TApplication.HandleMessage
004f4ca9 +0c9 GamesDownloader.exe Forms TApplication.Run
0062b9df +13f GamesDownloader.exe GamesDownloader 156 +31 initialization
76a63388 +010 kernel32.dll BaseThreadInitThunk
thread $41c:
76a63388 +10 kernel32.dll BaseThreadInitThunk
thread $4cc:
76a63388 +10 kernel32.dll BaseThreadInitThunk
thread $f6c:
76a63388 +10 kernel32.dll BaseThreadInitThunk
thread $170:
76a63388 +10 kernel32.dll BaseThreadInitThunk
thread $8cc:
76a63388 +10 kernel32.dll BaseThreadInitThunk
thread $ce8:
76a63388 +10 kernel32.dll BaseThreadInitThunk
modules:
00400000 GamesDownloader.exe 2.0.0.379 C:\Program Files (x86)\Online Games Downloader
60900000 sqlite3.dll C:\Program Files (x86)\Online Games Downloader
6ec90000 ntshrui.dll 6.1.7601.17755 C:\Windows\system32
70f90000 NetworkExplorer.dll 6.1.7601.17514 C:\Windows\system32
712d0000 tiptsf.dll 6.1.7600.16385 C:\Program Files (x86)\Common Files\microsoft shared\ink
713e0000 DUI70.dll 6.1.7600.16385 C:\Windows\system32
714a0000 explorerframe.dll 6.1.7601.17514 C:\Windows\system32
71790000 wsock32.dll 6.1.7600.16385 C:\Windows\system32
717a0000 EhStorShell.dll 6.1.7600.16385 C:\Windows\system32
72ff0000 dwmapi.dll 6.1.7600.16385 C:\Windows\system32
730a0000 shdocvw.dll 6.1.7601.18222 C:\Windows\System32
73240000 Fwpuclnt.dll 6.1.7601.18283 C:\Windows\system32
73490000 uxtheme.dll 6.1.7600.16385 C:\Windows\system32
73570000 slc.dll 6.1.7600.16385 C:\Windows\system32
73580000 cscapi.dll 6.1.7601.17514 C:\Windows\system32
73590000 SAMLIB.dll 6.1.7600.16385 C:\Windows\system32
73890000 wship6.dll 6.1.7600.16385 C:\Windows\System32
73970000 rasadhlp.dll 6.1.7600.16385 C:\Windows\system32
73980000 msimg32.dll 6.1.7600.16385 C:\Windows\system32
73a70000 wshtcpip.dll 6.1.7600.16385 C:\Windows\System32
73aa0000 DUser.dll 6.1.7600.16385 C:\Windows\system32
73b00000 DNSAPI.dll 6.1.7601.17570 C:\Windows\system32
73b50000 mswsock.dll 6.1.7601.18254 C:\Windows\system32
73b90000 safemon.dll 8.2.2.1305 C:\Program Files\360\360 Internet Security\safemon
73ef0000 WindowsCodecs.dll 6.2.9200.16809 C:\Windows\system32
74160000 gdiplus.dll 6.1.7601.18120 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36
742f0000 samcli.dll 6.1.7601.17514 C:\Windows\system32
747a0000 apphelp.dll 6.1.7601.17514 C:\Windows\system32
74800000 ntmarta.dll 6.1.7600.16385 C:\Windows\system32
74830000 comctl32.dll 6.10.7601.17514 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
749d0000 PROPSYS.dll 7.0.7601.17514 C:\Windows\system32
74b60000 Secur32.dll 6.1.7601.18270 C:\Windows\system32
74bf0000 winmm.dll 6.1.7601.17514 C:\Windows\system32
74c40000 WINNSI.DLL 6.1.7600.16385 C:\Windows\system32
74c50000 IPHLPAPI.DLL 6.1.7601.17514 C:\Windows\system32
74cf0000 wkscli.dll 6.1.7601.17514 C:\Windows\system32
74d00000 srvcli.dll 6.1.7601.17514 C:\Windows\system32
74d20000 netutils.dll 6.1.7601.17514 C:\Windows\system32
74d30000 NETAPI32.dll 6.1.7601.17887 C:\Windows\system32
74e30000 profapi.dll 6.1.7600.16385 C:\Windows\system32
74e70000 version.dll 6.1.7600.16385 C:\Windows\system32
74f50000 CRYPTBASE.dll 6.1.7600.16385 C:\Windows\syswow64
74f60000 SspiCli.dll 6.1.7601.18270 C:\Windows\syswow64
74fc0000 ole32.dll 6.1.7601.17514 C:\Windows\syswow64
75150000 CLBCatQ.DLL 2001.12.8530.16385 C:\Windows\syswow64
751e0000 ADVAPI32.dll 6.1.7601.18247 C:\Windows\syswow64
75280000 shell32.dll 6.1.7601.18222 C:\Windows\syswow64
75ed0000 api-ms-win-downlevel-advapi32-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
75ee0000 USER32.dll 6.1.7601.17514 C:\Windows\syswow64
76120000 api-ms-win-downlevel-shlwapi-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76140000 api-ms-win-downlevel-normaliz-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76150000 GDI32.dll 6.1.7601.18275 C:\Windows\syswow64
76270000 msvcrt.dll 7.0.7601.17744 C:\Windows\syswow64
76440000 USP10.dll 1.626.7601.18009 C:\Windows\syswow64
764e0000 LPK.dll 6.1.7601.18177 C:\Windows\syswow64
764f0000 api-ms-win-downlevel-user32-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76500000 MSCTF.dll 6.1.7600.16385 C:\Windows\syswow64
765d0000 SHLWAPI.dll 6.1.7601.17514 C:\Windows\syswow64
76630000 SETUPAPI.dll 6.1.7601.17514 C:\Windows\syswow64
767d0000 sechost.dll 6.1.7600.16385 C:\Windows\SysWOW64
767f0000 RPCRT4.dll 6.1.7601.18205 C:\Windows\syswow64
768e0000 api-ms-win-downlevel-version-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
768f0000 WS2_32.dll 6.1.7601.17514 C:\Windows\syswow64
76930000 comdlg32.dll 6.1.7601.17514 C:\Windows\syswow64
769b0000 KERNELBASE.dll 6.1.7601.18229 C:\Windows\syswow64
76a00000 WLDAP32.dll 6.1.7601.17514 C:\Windows\syswow64
76a50000 kernel32.dll 6.1.7601.18409 C:\Windows\syswow64
76b60000 PSAPI.DLL 6.1.7600.16385 C:\Windows\syswow64
76b70000 IMM32.DLL 6.1.7601.17514 C:\Windows\system32
76bd0000 iertutil.dll 11.0.9600.17041 C:\Windows\syswow64
76df0000 NSI.dll 6.1.7600.16385 C:\Windows\syswow64
76e00000 WININET.dll 11.0.9600.17041 C:\Windows\syswow64
76fc0000 oleaut32.dll 6.1.7601.17676 C:\Windows\syswow64
77080000 CFGMGR32.dll 6.1.7601.17621 C:\Windows\syswow64
77110000 DEVOBJ.dll 6.1.7601.17621 C:\Windows\syswow64
77500000 normaliz.DLL 6.1.7600.16385 C:\Windows\syswow64
77530000 ntdll.dll 6.1.7601.18247 C:\Windows\SysWOW64
processes:
000 Idle 0 0 0
004 System 0 0 0
110 smss.exe 0 0 0
168 csrss.exe 0 0 0
1dc wininit.exe 0 0 0
1f4 csrss.exe 1 0 0
214 services.exe 0 0 0
230 lsass.exe 0 0 0
238 lsm.exe 0 0 0
278 winlogon.exe 1 0 0
2d4 svchost.exe 0 0 0
330 svchost.exe 0 0 0
388 svchost.exe 0 0 0
3c4 svchost.exe 0 0 0
3e0 svchost.exe 0 0 0
070 svchost.exe 0 0 0
454 360rps.exe 0 0 0
47c QHActiveDefense.exe 0 0 0
4dc svchost.exe 0 0 0
554 svchost.exe 0 0 0
5a8 spoolsv.exe 0 0 0
5fc HWDeviceService64.exe 0 0 0
69c ouc.exe 0 0 0
448 taskhost.exe 1 29 24 normal
428 dwm.exe 1 17 2 high
534 WUDFHost.exe 0 0 0
6c0 explorer.exe 1 842 605 normal
860 DCSHelper.exe 1 14 14 normal C:\ProgramData\DatacardService
948 360sd.exe 1 433 262 normal
a10 DCSHelper.exe 1 9 2 normal C:\ProgramData\DatacardService
a28 Mobile Partner.exe 1 146 210 normal C:\Program Files (x86)\Mobile Partner
aa0 360rp.exe 1 9 2 normal
b38 SearchIndexer.exe 0 0 0
b5c 360tray.exe 1 209 69 normal C:\Program Files\360\360 Internet Security\safemon
2e0 svchost.exe 0 0 0
950 sppsvc.exe 0 0 0
8e8 svchost.exe 0 0 0
e68 chrome.exe 1 236 58 normal C:\Program Files (x86)\Google\Chrome\Application
ec4 chrome.exe 1 11 4 normal C:\Program Files (x86)\Google\Chrome\Application
cb4 chrome.exe 1 11 1 normal C:\Program Files (x86)\Google\Chrome\Application
918 chrome.exe 1 113 1 below normal C:\Program Files (x86)\Google\Chrome\Application
d1c wuauclt.exe 1 12 6 normal
c54 taskmgr.exe 1 126 105 high
988 svchost.exe 0 0 0
ae8 audiodg.exe 0 0 0
f7c GamesDownloader.exe 1 224 104 normal C:\Program Files (x86)\Online Games Downloader
998 taskeng.exe 0 0 0
2c8 iexplore.exe 1 259 93 normal
cfc IEXPLORE.EXE 1 21 79 normal C:\Program Files (x86)\Internet Explorer
f4c IEXPLORE.EXE 1 58 69 normal C:\Program Files (x86)\Internet Explorer
9ec SearchProtocolHost.exe 1 5 7 idle
dc4 SearchFilterHost.exe 0 0 0 idle
hardware:
+ Computer
- ACPI x64-based PC
+ Disk drives
- HUAWEI SD Storage USB Device
- ST3160021A ATA Device
- USB DISK 2.0 USB Device
+ Display adapters
- NVIDIA GeForce 9500 GT (Microsoft Corporation - WDDM v1.1) (driver 8.15.11.8593)
+ DVD/CD-ROM drives
- HUAWEI Mass Storage USB Device
+ Floppy disk drives
- Diskettenlaufwerk
+ Floppy drive controllers
- Standard-Diskettenlaufwerkcontroller
+ Human Interface Devices
- HID-konformer Gamecontroller
- USB-Eingabegerät
+ IDE ATA/ATAPI controllers
- ATA Channel 0
- ATA Channel 0
- ATA Channel 1
- ATA Channel 1
- Standard-Zweikanal-PCI-IDE-Controller
- Standard-Zweikanal-PCI-IDE-Controller
+ Keyboards
- Standardtastatur (PS/2)
+ Mice and other pointing devices
- Microsoft PS/2-Maus
+ Modems
- HUAWEI Mobile Connect - 3G Modem (driver 2.0.6.706)
+ Monitors
- PnP-Monitor (Standard)
+ Network adapters
- HUAWEI Mobile Connect - 3G Network Card (driver 6,0,1,279)
- NVIDIA nForce-Netzwerkcontroller
+ Portable Devices
- E:\
- UUI
+ Ports (COM & LPT)
- ECP-Druckeranschluss (LPT1)
- HUAWEI Mobile Connect - 3G Application Interface (COM4) (driver 2.0.6.706)
- HUAWEI Mobile Connect - 3G PC UI Interface (COM5) (driver 2.0.6.706)
- Kommunikationsanschluss (COM1)
+ Processors
- AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
- AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
+ Sound, video and game controllers
- High Definition Audio-Gerät
+ Storage volume shadow copies
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
+ System devices
- ACPI-Einschaltknopf
- ACPI-Schalter
- AMD DRAM und HyperTransport(tm)-Nachverfolgungsmoduskonfiguration
- AMD HyperTransport(tm)-Konfiguration
- AMD-Adresszuordnungskonfiguration
- Busenumerator für Verbundgeräte
- DMA-Controller
- Enumerator-Treiber für Microsoft Virtual Drive
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- High Definition Audio-Controller
- Logische Schnittstelle für Druckeranschluss
- Microsoft ACPI-konformes System
- Microsoft Windows-Verwaltungsschnittstelle für ACPI
- Microsoft-Systemverwaltungs-BIOS-Treiber
- Numerischer Coprozessor
- NVIDIA nForce PCI-Systemverwaltung
- PCI Standard-ISA-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-RAM-Controller
- PCI-Bus
- PnP-Softwaregeräte-Enumerator
- Programmierbarer Interruptcontroller
- Remote Desktop Device Redirector Bus
- Sonstige AMD-Konfiguration
- System CMOS/Echtzeituhr
- Systemlautsprecher
- Systemplatine
- Systemzeitgeber
- Terminalserver-Maustreiber
- Terminalserver-Tastaturtreiber
- Treiber für Datei-als-Volume
- UMBus-Stamm-Busenumerator
- UMBusenumerator
- UMBusenumerator
- Volume-Verwaltung
+ Universal Serial Bus controllers
- HUAWEI Mobile Connect - Bus Enumerate Device (driver 2.6.2.1605)
- Standard OpenHCD USB-Hostcontroller
- Standard OpenHCD USB-Hostcontroller
- Standard PCI-zu-USB erweiterter Hostcontroller
- Standard PCI-zu-USB erweiterter Hostcontroller
- USB-Massenspeichergerät
- USB-Massenspeichergerät
- USB-Massenspeichergerät
- USB-Root-Hub
- USB-Root-Hub
- USB-Root-Hub
- USB-Root-Hub
- USB-Verbundgerät
disassembling:
[...]
00620534 test al, al
00620536 jz loc_62057f
00620538 59 lea ecx, [ebp-$2c]
0062053b mov edx, $62076c
00620540 mov eax, [ebp-$14]
00620543 > call -$197750 ($488df8) ; Registry.TRegistry.ReadString
00620548 mov eax, [ebp-$2c]
0062054b mov edx, $620784
00620550 call -$219869 ($406cec) ; System.@UStrEqual
00620555 jnz loc_62057a
00620557 lea ecx, [ebp-$30]
[...]
date/time : 2014-05-13, 00:15:57, 324ms
computer name : DANTE_HASTA_PC
user name : mathiaswolfgang <admin>
registered owner : mathiaswolfgang
operating system : Windows 7 x64 Service Pack 1 build 7601
system language : German
system up time : 2 hours 52 minutes
program up time : 11 seconds
processors : 2x AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
physical memory : 919/2047 MB (free/total)
free disk space : (C:) 123,93 GB
display mode : 1280x1024, 32 bit
process id : $c38
allocated memory : 56,00 MB
executable : GamesDownloader.exe
exec. date/time : 2010-11-12 17:32
version : 2.0.0.379
compiled with : Delphi 2009
madExcept version : 3.0i
callstack crc : $ccfbe16c, $b6e91e15, $b6e91e15
exception number : 2
exception class : ERegistryException
exception message : Invalid data type for 'Flags'.
main thread ($b68):
004885df +023 GamesDownloader.exe Registry ReadError
00488e5a +062 GamesDownloader.exe Registry TRegistry.ReadString
00620543 +183 GamesDownloader.exe uRegPlugIn 59 +25 IEBHOInstall
00625869 +059 GamesDownloader.exe uMain 993 +4 TfmMain.UpdateOptions
00624129 +031 GamesDownloader.exe uMain 491 +6 TfmMain.SelPage
00624c52 +002 GamesDownloader.exe uMain 772 +0 TfmMain.lblHomeClick
004d4cdb +06f GamesDownloader.exe Controls TControl.Click
004d514e +066 GamesDownloader.exe Controls TControl.WMLButtonUp
004d4772 +2d2 GamesDownloader.exe Controls TControl.WndProc
004d88fa +196 GamesDownloader.exe Controls TWinControl.WndProc
004d4398 +024 GamesDownloader.exe Controls TControl.Perform
004d8390 +02c GamesDownloader.exe Controls TWinControl.MainWndProc
004d4772 +2d2 GamesDownloader.exe Controls TControl.WndProc
004d4398 +024 GamesDownloader.exe Controls TControl.Perform
004d8607 +097 GamesDownloader.exe Controls TWinControl.IsControlMouseMsg
004d8b22 +3be GamesDownloader.exe Controls TWinControl.WndProc
004d8390 +02c GamesDownloader.exe Controls TWinControl.MainWndProc
004837c8 +014 GamesDownloader.exe Classes StdWndProc
75ef7885 +00a USER32.dll DispatchMessageW
004f493b +0f3 GamesDownloader.exe Forms TApplication.ProcessMessage
004f497e +00a GamesDownloader.exe Forms TApplication.HandleMessage
004f4ca9 +0c9 GamesDownloader.exe Forms TApplication.Run
0062b9df +13f GamesDownloader.exe GamesDownloader 156 +31 initialization
76a63388 +010 kernel32.dll BaseThreadInitThunk
thread $a30:
76a63388 +10 kernel32.dll BaseThreadInitThunk
modules:
00400000 GamesDownloader.exe 2.0.0.379 C:\Program Files (x86)\Online Games Downloader
60900000 sqlite3.dll C:\Program Files (x86)\Online Games Downloader
71790000 wsock32.dll 6.1.7600.16385 C:\Windows\system32
72ff0000 dwmapi.dll 6.1.7600.16385 C:\Windows\system32
73490000 uxtheme.dll 6.1.7600.16385 C:\Windows\system32
73980000 msimg32.dll 6.1.7600.16385 C:\Windows\system32
73b90000 safemon.dll 8.2.2.1305 C:\Program Files\360\360 Internet Security\safemon
73ef0000 WindowsCodecs.dll 6.2.9200.16809 C:\Windows\system32
74160000 gdiplus.dll 6.1.7601.18120 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36
74830000 comctl32.dll 6.10.7601.17514 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
74bf0000 winmm.dll 6.1.7601.17514 C:\Windows\system32
74cf0000 wkscli.dll 6.1.7601.17514 C:\Windows\system32
74d00000 srvcli.dll 6.1.7601.17514 C:\Windows\system32
74d20000 netutils.dll 6.1.7601.17514 C:\Windows\system32
74d30000 NETAPI32.dll 6.1.7601.17887 C:\Windows\system32
74e30000 profapi.dll 6.1.7600.16385 C:\Windows\system32
74e70000 version.dll 6.1.7600.16385 C:\Windows\system32
74f50000 CRYPTBASE.dll 6.1.7600.16385 C:\Windows\syswow64
74f60000 SspiCli.dll 6.1.7601.18270 C:\Windows\syswow64
74fc0000 ole32.dll 6.1.7601.17514 C:\Windows\syswow64
75120000 WINTRUST.dll 6.1.7601.18205 C:\Windows\syswow64
751e0000 ADVAPI32.dll 6.1.7601.18247 C:\Windows\syswow64
75280000 shell32.dll 6.1.7601.18222 C:\Windows\syswow64
75ed0000 api-ms-win-downlevel-advapi32-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
75ee0000 USER32.dll 6.1.7601.17514 C:\Windows\syswow64
75fe0000 MSASN1.dll 6.1.7601.17514 C:\Windows\syswow64
76120000 api-ms-win-downlevel-shlwapi-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76140000 api-ms-win-downlevel-normaliz-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76150000 GDI32.dll 6.1.7601.18275 C:\Windows\syswow64
76270000 msvcrt.dll 7.0.7601.17744 C:\Windows\syswow64
76320000 CRYPT32.dll 6.1.7601.18277 C:\Windows\syswow64
76440000 USP10.dll 1.626.7601.18009 C:\Windows\syswow64
764e0000 LPK.dll 6.1.7601.18177 C:\Windows\syswow64
764f0000 api-ms-win-downlevel-user32-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76500000 MSCTF.dll 6.1.7600.16385 C:\Windows\syswow64
765d0000 SHLWAPI.dll 6.1.7601.17514 C:\Windows\syswow64
767d0000 sechost.dll 6.1.7600.16385 C:\Windows\SysWOW64
767f0000 RPCRT4.dll 6.1.7601.18205 C:\Windows\syswow64
768e0000 api-ms-win-downlevel-version-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
768f0000 WS2_32.dll 6.1.7601.17514 C:\Windows\syswow64
76930000 comdlg32.dll 6.1.7601.17514 C:\Windows\syswow64
769b0000 KERNELBASE.dll 6.1.7601.18229 C:\Windows\syswow64
76a50000 kernel32.dll 6.1.7601.18409 C:\Windows\syswow64
76b60000 PSAPI.DLL 6.1.7600.16385 C:\Windows\syswow64
76b70000 IMM32.DLL 6.1.7601.17514 C:\Windows\system32
76bd0000 iertutil.dll 11.0.9600.17041 C:\Windows\syswow64
76df0000 NSI.dll 6.1.7600.16385 C:\Windows\syswow64
76e00000 WININET.dll 11.0.9600.17041 C:\Windows\syswow64
76fc0000 oleaut32.dll 6.1.7601.17676 C:\Windows\syswow64
77500000 normaliz.DLL 6.1.7600.16385 C:\Windows\syswow64
77530000 ntdll.dll 6.1.7601.18247 C:\Windows\SysWOW64
processes:
000 Idle 0 0 0
004 System 0 0 0
110 smss.exe 0 0 0
168 csrss.exe 0 0 0
1dc wininit.exe 0 0 0
1f4 csrss.exe 1 0 0
214 services.exe 0 0 0
230 lsass.exe 0 0 0
238 lsm.exe 0 0 0
278 winlogon.exe 1 0 0
2d4 svchost.exe 0 0 0
330 svchost.exe 0 0 0
388 svchost.exe 0 0 0
3c4 svchost.exe 0 0 0
3e0 svchost.exe 0 0 0
070 svchost.exe 0 0 0
454 360rps.exe 0 0 0
47c QHActiveDefense.exe 0 0 0
4dc svchost.exe 0 0 0
554 svchost.exe 0 0 0
5a8 spoolsv.exe 0 0 0
5fc HWDeviceService64.exe 0 0 0
69c ouc.exe 0 0 0
448 taskhost.exe 1 29 23 normal
428 dwm.exe 1 17 2 high
534 WUDFHost.exe 0 0 0
6c0 explorer.exe 1 853 608 normal
860 DCSHelper.exe 1 14 14 normal C:\ProgramData\DatacardService
948 360sd.exe 1 433 262 normal
a10 DCSHelper.exe 1 9 2 normal C:\ProgramData\DatacardService
a28 Mobile Partner.exe 1 146 210 normal C:\Program Files (x86)\Mobile Partner
aa0 360rp.exe 1 9 2 normal
b38 SearchIndexer.exe 0 0 0
b5c 360tray.exe 1 209 69 normal C:\Program Files\360\360 Internet Security\safemon
2e0 svchost.exe 0 0 0
950 sppsvc.exe 0 0 0
8e8 svchost.exe 0 0 0
e68 chrome.exe 1 236 58 normal C:\Program Files (x86)\Google\Chrome\Application
ec4 chrome.exe 1 11 4 normal C:\Program Files (x86)\Google\Chrome\Application
cb4 chrome.exe 1 11 1 normal C:\Program Files (x86)\Google\Chrome\Application
918 chrome.exe 1 113 1 below normal C:\Program Files (x86)\Google\Chrome\Application
d1c wuauclt.exe 1 12 6 normal
c54 taskmgr.exe 1 126 105 high
988 svchost.exe 0 0 0
ae8 audiodg.exe 0 0 0
998 taskeng.exe 0 0 0
2c8 iexplore.exe 1 260 94 normal
cfc IEXPLORE.EXE 1 21 79 normal C:\Program Files (x86)\Internet Explorer
f4c IEXPLORE.EXE 1 58 69 normal C:\Program Files (x86)\Internet Explorer
9ec SearchProtocolHost.exe 1 5 7 idle
dc4 SearchFilterHost.exe 0 0 0 idle
c38 GamesDownloader.exe 1 190 99 normal C:\Program Files (x86)\Online Games Downloader
hardware:
+ Computer
- ACPI x64-based PC
+ Disk drives
- HUAWEI SD Storage USB Device
- ST3160021A ATA Device
- USB DISK 2.0 USB Device
+ Display adapters
- NVIDIA GeForce 9500 GT (Microsoft Corporation - WDDM v1.1) (driver 8.15.11.8593)
+ DVD/CD-ROM drives
- HUAWEI Mass Storage USB Device
+ Floppy disk drives
- Diskettenlaufwerk
+ Floppy drive controllers
- Standard-Diskettenlaufwerkcontroller
+ Human Interface Devices
- HID-konformer Gamecontroller
- USB-Eingabegerät
+ IDE ATA/ATAPI controllers
- ATA Channel 0
- ATA Channel 0
- ATA Channel 1
- ATA Channel 1
- Standard-Zweikanal-PCI-IDE-Controller
- Standard-Zweikanal-PCI-IDE-Controller
+ Keyboards
- Standardtastatur (PS/2)
+ Mice and other pointing devices
- Microsoft PS/2-Maus
+ Modems
- HUAWEI Mobile Connect - 3G Modem (driver 2.0.6.706)
+ Monitors
- PnP-Monitor (Standard)
+ Network adapters
- HUAWEI Mobile Connect - 3G Network Card (driver 6,0,1,279)
- NVIDIA nForce-Netzwerkcontroller
+ Portable Devices
- E:\
- UUI
+ Ports (COM & LPT)
- ECP-Druckeranschluss (LPT1)
- HUAWEI Mobile Connect - 3G Application Interface (COM4) (driver 2.0.6.706)
- HUAWEI Mobile Connect - 3G PC UI Interface (COM5) (driver 2.0.6.706)
- Kommunikationsanschluss (COM1)
+ Processors
- AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
- AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
+ Sound, video and game controllers
- High Definition Audio-Gerät
+ Storage volume shadow copies
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
+ System devices
- ACPI-Einschaltknopf
- ACPI-Schalter
- AMD DRAM und HyperTransport(tm)-Nachverfolgungsmoduskonfiguration
- AMD HyperTransport(tm)-Konfiguration
- AMD-Adresszuordnungskonfiguration
- Busenumerator für Verbundgeräte
- DMA-Controller
- Enumerator-Treiber für Microsoft Virtual Drive
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- High Definition Audio-Controller
- Logische Schnittstelle für Druckeranschluss
- Microsoft ACPI-konformes System
- Microsoft Windows-Verwaltungsschnittstelle für ACPI
- Microsoft-Systemverwaltungs-BIOS-Treiber
- Numerischer Coprozessor
- NVIDIA nForce PCI-Systemverwaltung
- PCI Standard-ISA-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-RAM-Controller
- PCI-Bus
- PnP-Softwaregeräte-Enumerator
- Programmierbarer Interruptcontroller
- Remote Desktop Device Redirector Bus
- Sonstige AMD-Konfiguration
- System CMOS/Echtzeituhr
- Systemlautsprecher
- Systemplatine
- Systemzeitgeber
- Terminalserver-Maustreiber
- Terminalserver-Tastaturtreiber
- Treiber für Datei-als-Volume
- UMBus-Stamm-Busenumerator
- UMBusenumerator
- UMBusenumerator
- Volume-Verwaltung
+ Universal Serial Bus controllers
- HUAWEI Mobile Connect - Bus Enumerate Device (driver 2.6.2.1605)
- Standard OpenHCD USB-Hostcontroller
- Standard OpenHCD USB-Hostcontroller
- Standard PCI-zu-USB erweiterter Hostcontroller
- Standard PCI-zu-USB erweiterter Hostcontroller
- USB-Massenspeichergerät
- USB-Massenspeichergerät
- USB-Massenspeichergerät
- USB-Root-Hub
- USB-Root-Hub
- USB-Root-Hub
- USB-Root-Hub
- USB-Verbundgerät
disassembling:
[...]
00620534 test al, al
00620536 jz loc_62057f
00620538 59 lea ecx, [ebp-$2c]
0062053b mov edx, $62076c
00620540 mov eax, [ebp-$14]
00620543 > call -$197750 ($488df8) ; Registry.TRegistry.ReadString
00620548 mov eax, [ebp-$2c]
0062054b mov edx, $620784
00620550 call -$219869 ($406cec) ; System.@UStrEqual
00620555 jnz loc_62057a
00620557 lea ecx, [ebp-$30]
[...]
date/time : 2014-05-13, 00:16:10, 553ms
computer name : DANTE_HASTA_PC
user name : mathiaswolfgang <admin>
registered owner : mathiaswolfgang
operating system : Windows 7 x64 Service Pack 1 build 7601
system language : German
system up time : 2 hours 53 minutes
program up time : 182 milliseconds
processors : 2x AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
physical memory : 920/2047 MB (free/total)
free disk space : (C:) 123,93 GB
display mode : 1280x1024, 32 bit
process id : $d0c
allocated memory : 40,39 MB
executable : GamesDownloader.exe
exec. date/time : 2010-11-12 17:32
version : 2.0.0.379
compiled with : Delphi 2009
madExcept version : 3.0i
callstack crc : $ccfbe16c, $480ecc41, $480ecc41
count : 2
exception number : 1
exception class : ERegistryException
exception message : Invalid data type for 'Flags'.
main thread ($4f4):
004885df +023 GamesDownloader.exe Registry ReadError
00488e5a +062 GamesDownloader.exe Registry TRegistry.ReadString
00620543 +183 GamesDownloader.exe uRegPlugIn 59 +25 IEBHOInstall
00625869 +059 GamesDownloader.exe uMain 993 +4 TfmMain.UpdateOptions
00624129 +031 GamesDownloader.exe uMain 491 +6 TfmMain.SelPage
00624887 +073 GamesDownloader.exe uMain 670 +10 TfmMain.FormCreate
004eb1b5 +031 GamesDownloader.exe Forms TCustomForm.DoCreate
004eadfd +011 GamesDownloader.exe Forms TCustomForm.AfterConstruction
004048d9 +01d GamesDownloader.exe System 20 +0 @AfterConstruction
004eadd3 +18f GamesDownloader.exe Forms TCustomForm.Create
004f4b06 +076 GamesDownloader.exe Forms TApplication.CreateForm
0062b9c5 +125 GamesDownloader.exe GamesDownloader 154 +29 initialization
76a63388 +010 kernel32.dll BaseThreadInitThunk
modules:
00400000 GamesDownloader.exe 2.0.0.379 C:\Program Files (x86)\Online Games Downloader
60900000 sqlite3.dll C:\Program Files (x86)\Online Games Downloader
71790000 wsock32.dll 6.1.7600.16385 C:\Windows\system32
72ff0000 dwmapi.dll 6.1.7600.16385 C:\Windows\system32
73490000 uxtheme.dll 6.1.7600.16385 C:\Windows\system32
73980000 msimg32.dll 6.1.7600.16385 C:\Windows\system32
73b90000 safemon.dll 8.2.2.1305 C:\Program Files\360\360 Internet Security\safemon
73ef0000 WindowsCodecs.dll 6.2.9200.16809 C:\Windows\system32
74160000 gdiplus.dll 6.1.7601.18120 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36
74830000 comctl32.dll 6.10.7601.17514 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
74bf0000 winmm.dll 6.1.7601.17514 C:\Windows\system32
74cf0000 wkscli.dll 6.1.7601.17514 C:\Windows\system32
74d00000 srvcli.dll 6.1.7601.17514 C:\Windows\system32
74d20000 netutils.dll 6.1.7601.17514 C:\Windows\system32
74d30000 NETAPI32.dll 6.1.7601.17887 C:\Windows\system32
74e30000 profapi.dll 6.1.7600.16385 C:\Windows\system32
74e70000 version.dll 6.1.7600.16385 C:\Windows\system32
74f50000 CRYPTBASE.dll 6.1.7600.16385 C:\Windows\syswow64
74f60000 SspiCli.dll 6.1.7601.18270 C:\Windows\syswow64
74fc0000 ole32.dll 6.1.7601.17514 C:\Windows\syswow64
751e0000 ADVAPI32.dll 6.1.7601.18247 C:\Windows\syswow64
75280000 shell32.dll 6.1.7601.18222 C:\Windows\syswow64
75ed0000 api-ms-win-downlevel-advapi32-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
75ee0000 USER32.dll 6.1.7601.17514 C:\Windows\syswow64
76120000 api-ms-win-downlevel-shlwapi-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76140000 api-ms-win-downlevel-normaliz-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76150000 GDI32.dll 6.1.7601.18275 C:\Windows\syswow64
76270000 msvcrt.dll 7.0.7601.17744 C:\Windows\syswow64
76440000 USP10.dll 1.626.7601.18009 C:\Windows\syswow64
764e0000 LPK.dll 6.1.7601.18177 C:\Windows\syswow64
764f0000 api-ms-win-downlevel-user32-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
76500000 MSCTF.dll 6.1.7600.16385 C:\Windows\syswow64
765d0000 SHLWAPI.dll 6.1.7601.17514 C:\Windows\syswow64
767d0000 sechost.dll 6.1.7600.16385 C:\Windows\SysWOW64
767f0000 RPCRT4.dll 6.1.7601.18205 C:\Windows\syswow64
768e0000 api-ms-win-downlevel-version-l1-1-0.dll 6.2.9200.16492 C:\Windows\syswow64
768f0000 WS2_32.dll 6.1.7601.17514 C:\Windows\syswow64
76930000 comdlg32.dll 6.1.7601.17514 C:\Windows\syswow64
769b0000 KERNELBASE.dll 6.1.7601.18229 C:\Windows\syswow64
76a50000 kernel32.dll 6.1.7601.18409 C:\Windows\syswow64
76b60000 PSAPI.DLL 6.1.7600.16385 C:\Windows\syswow64
76b70000 IMM32.DLL 6.1.7601.17514 C:\Windows\system32
76bd0000 iertutil.dll 11.0.9600.17041 C:\Windows\syswow64
76df0000 NSI.dll 6.1.7600.16385 C:\Windows\syswow64
76e00000 WININET.dll 11.0.9600.17041 C:\Windows\syswow64
76fc0000 oleaut32.dll 6.1.7601.17676 C:\Windows\syswow64
77500000 normaliz.DLL 6.1.7600.16385 C:\Windows\syswow64
77530000 ntdll.dll 6.1.7601.18247 C:\Windows\SysWOW64
processes:
000 Idle 0 0 0
004 System 0 0 0
110 smss.exe 0 0 0
168 csrss.exe 0 0 0
1dc wininit.exe 0 0 0
1f4 csrss.exe 1 0 0
214 services.exe 0 0 0
230 lsass.exe 0 0 0
238 lsm.exe 0 0 0
278 winlogon.exe 1 0 0
2d4 svchost.exe 0 0 0
330 svchost.exe 0 0 0
388 svchost.exe 0 0 0
3c4 svchost.exe 0 0 0
3e0 svchost.exe 0 0 0
070 svchost.exe 0 0 0
454 360rps.exe 0 0 0
47c QHActiveDefense.exe 0 0 0
4dc svchost.exe 0 0 0
554 svchost.exe 0 0 0
5a8 spoolsv.exe 0 0 0
5fc HWDeviceService64.exe 0 0 0
69c ouc.exe 0 0 0
448 taskhost.exe 1 29 22 normal
428 dwm.exe 1 17 2 high
534 WUDFHost.exe 0 0 0
6c0 explorer.exe 1 873 621 normal
860 DCSHelper.exe 1 14 14 normal C:\ProgramData\DatacardService
948 360sd.exe 1 433 262 normal
a10 DCSHelper.exe 1 9 2 normal C:\ProgramData\DatacardService
a28 Mobile Partner.exe 1 146 210 normal C:\Program Files (x86)\Mobile Partner
aa0 360rp.exe 1 9 2 normal
b38 SearchIndexer.exe 0 0 0
b5c 360tray.exe 1 209 69 normal C:\Program Files\360\360 Internet Security\safemon
2e0 svchost.exe 0 0 0
950 sppsvc.exe 0 0 0
8e8 svchost.exe 0 0 0
e68 chrome.exe 1 236 58 normal C:\Program Files (x86)\Google\Chrome\Application
ec4 chrome.exe 1 11 4 normal C:\Program Files (x86)\Google\Chrome\Application
cb4 chrome.exe 1 11 1 normal C:\Program Files (x86)\Google\Chrome\Application
918 chrome.exe 1 113 1 below normal C:\Program Files (x86)\Google\Chrome\Application
d1c wuauclt.exe 1 12 6 normal
988 svchost.exe 0 0 0
ae8 audiodg.exe 0 0 0
998 taskeng.exe 0 0 0
2c8 iexplore.exe 1 252 95 normal
cfc IEXPLORE.EXE 1 21 84 normal C:\Program Files (x86)\Internet Explorer
f4c IEXPLORE.EXE 1 58 69 normal C:\Program Files (x86)\Internet Explorer
5ec dllhost.exe 1 0 0
e54 dllhost.exe 0 0 0
d0c GamesDownloader.exe 1 179 79 normal C:\Program Files (x86)\Online Games Downloader
hardware:
+ Computer
- ACPI x64-based PC
+ Disk drives
- HUAWEI SD Storage USB Device
- ST3160021A ATA Device
- USB DISK 2.0 USB Device
+ Display adapters
- NVIDIA GeForce 9500 GT (Microsoft Corporation - WDDM v1.1) (driver 8.15.11.8593)
+ DVD/CD-ROM drives
- HUAWEI Mass Storage USB Device
+ Floppy disk drives
- Diskettenlaufwerk
+ Floppy drive controllers
- Standard-Diskettenlaufwerkcontroller
+ Human Interface Devices
- HID-konformer Gamecontroller
- USB-Eingabegerät
+ IDE ATA/ATAPI controllers
- ATA Channel 0
- ATA Channel 0
- ATA Channel 1
- ATA Channel 1
- Standard-Zweikanal-PCI-IDE-Controller
- Standard-Zweikanal-PCI-IDE-Controller
+ Keyboards
- Standardtastatur (PS/2)
+ Mice and other pointing devices
- Microsoft PS/2-Maus
+ Modems
- HUAWEI Mobile Connect - 3G Modem (driver 2.0.6.706)
+ Monitors
- PnP-Monitor (Standard)
+ Network adapters
- HUAWEI Mobile Connect - 3G Network Card (driver 6,0,1,279)
- NVIDIA nForce-Netzwerkcontroller
+ Portable Devices
- E:\
- UUI
+ Ports (COM & LPT)
- ECP-Druckeranschluss (LPT1)
- HUAWEI Mobile Connect - 3G Application Interface (COM4) (driver 2.0.6.706)
- HUAWEI Mobile Connect - 3G PC UI Interface (COM5) (driver 2.0.6.706)
- Kommunikationsanschluss (COM1)
+ Processors
- AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
- AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
+ Sound, video and game controllers
- High Definition Audio-Gerät
+ Storage volume shadow copies
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
- Standard-Volumeschattenkopie
+ System devices
- ACPI-Einschaltknopf
- ACPI-Schalter
- AMD DRAM und HyperTransport(tm)-Nachverfolgungsmoduskonfiguration
- AMD HyperTransport(tm)-Konfiguration
- AMD-Adresszuordnungskonfiguration
- Busenumerator für Verbundgeräte
- DMA-Controller
- Enumerator-Treiber für Microsoft Virtual Drive
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- Hauptplatinenressourcen
- High Definition Audio-Controller
- Logische Schnittstelle für Druckeranschluss
- Microsoft ACPI-konformes System
- Microsoft Windows-Verwaltungsschnittstelle für ACPI
- Microsoft-Systemverwaltungs-BIOS-Treiber
- Numerischer Coprozessor
- NVIDIA nForce PCI-Systemverwaltung
- PCI Standard-ISA-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-PCI-zu-PCI-Brücke
- PCI Standard-RAM-Controller
- PCI-Bus
- PnP-Softwaregeräte-Enumerator
- Programmierbarer Interruptcontroller
- Remote Desktop Device Redirector Bus
- Sonstige AMD-Konfiguration
- System CMOS/Echtzeituhr
- Systemlautsprecher
- Systemplatine
- Systemzeitgeber
- Terminalserver-Maustreiber
- Terminalserver-Tastaturtreiber
- Treiber für Datei-als-Volume
- UMBus-Stamm-Busenumerator
- UMBusenumerator
- UMBusenumerator
- Volume-Verwaltung
+ Universal Serial Bus controllers
- HUAWEI Mobile Connect - Bus Enumerate Device (driver 2.6.2.1605)
- Standard OpenHCD USB-Hostcontroller
- Standard OpenHCD USB-Hostcontroller
- Standard PCI-zu-USB erweiterter Hostcontroller
- Standard PCI-zu-USB erweiterter Hostcontroller
- USB-Massenspeichergerät
- USB-Massenspeichergerät
- USB-Massenspeichergerät
- USB-Root-Hub
- USB-Root-Hub
- USB-Root-Hub
- USB-Root-Hub
- USB-Verbundgerät
disassembling:
[...]
00620534 test al, al
00620536 jz loc_62057f
00620538 59 lea ecx, [ebp-$2c]
0062053b mov edx, $62076c
00620540 mov eax, [ebp-$14]
00620543 > call -$197750 ($488df8) ; Registry.TRegistry.ReadString
00620548 mov eax, [ebp-$2c]
0062054b mov edx, $620784
00620550 call -$219869 ($406cec) ; System.@UStrEqual
00620555 jnz loc_62057a
00620557 lea ecx, [ebp-$30]
[...]
War ja auch einiges wieder an unerwünschter Software drauf. Mit freundlichen Grüßen, Dante Hasta Update: Nach dem ich Microsoft, Windows und Bill Gates tüchtig beschimpft habe, in allen mir verfügbaren Sprachen, wurden die 3 Updates nun doch korrekt anscheinend heruntergeladen und Installiert. Und Windows hat mir gerade noch mal eifrig mitgeteilt, dass nun alles gut wird. Aber warum muss man denn erst schimpfen? Update 2: Ich sehe, dass auf meinem PC Zone Alarm Free Firewall mit drauf ist. Eingesetzt habe ich das wohl noch nicht. Ist diese Firewall besser wie die von Microsoft, oder sollte ich Zone Firewall besser deinstallieren? Die letzte Frage habe ich mir gerade selber beantwortet. Zone Alarm Free Firewall hat mächtig viele Einschränkungen, die nur in den kostenpflichtigen teuren Versionen nicht vorhanden sind. Damit fliegt das mal gleich von der Platte runter. |
|
28.12.2014, 00:04
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Ich würde Zone Alarm deinstallieren, WIndows Firewall reicht. Und den Ordner kannste einfach löschen. SOnst noch Probleme mit dem System?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.12.2014, 11:17
| #14 |
| | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf Ich würde sagen, aus einem relative instabilen System, wurde wieder ein recht stabiles System. Was aufgrund der vorhandenen Hardware natürlich kein Turbo sein kann. Wichtig war mir vor allem ein sauberes System, frei von unerwünschtem. Das hat Dank deiner tollen Hilfe ja geklappt. Das das Anfangsproblem "nur" eine defekte Datei war, wer hätte das Ahnen können. Ein Zahnrad ploppt auf und verschwindet sofort wieder. Das ist ja schon verdächtig. Trotzdem war mein System ja infiziert und dadurch vermutlich langsamer als gewollt. Windows hat ein Fehlerbenachrichtigungsdienst für Software. Den habe ich jetzt deaktiviert. Er nervt nur und bringt vermutlich 0 Lösungen. Wenn eines meiner Wald und Wiesen Spiel abstürzt, wird kein Microsoft Mitarbeiter schauen, wie da Abhilfe möglich wäre. Von Microsoft gibt es da eher 0 Hilfe. Eine gute Entscheidung? Es kostet immerhin wertvolle Ressourcen. Ich denke wir können dann hier zum Schluss kommen und langsam die Reste weg fegen. Ich sage auf jeden Fall schon mal...  |
|
28.12.2014, 19:30
| #15 |
| /// the machine /// TB-Ausbilder | Windows 7 64 Zahnrad taucht öfter in Taskleiste auf ja gute Entscheidung Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 64 Zahnrad taucht öfter in Taskleiste auf |
| adobe, autorun, bho, browser, defender, explorer, firefox, format, internet, logfiles, malwarebytes, microsoft, nvidia, opera, pdf, programme, registry, scan, schutz, security, taskleiste, trojaner, trojaner board, windows, winlogon |
Linear-Darstellung
