Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Sicherheits-Center deaktiviert sich von selbst, dann Systemabsturz (https://www.trojaner-board.de/136257-sicherheits-center-deaktiviert-selbst-dann-systemabsturz.html)

Covenanter 09.06.2013 15:59
Sicherheits-Center deaktiviert sich von selbst, dann Systemabsturz
 
Guten Tag zusammen! Vielen Dank, dass ihr euch die Zeit nehmt, euch mit meinem kleinen Problem(?) zu befassen.

Ich habe in letzter Zeit keine Programme installiert oder fremde EXE-Dateien angeklickt, UAC ist an, Firefox hat einen Ad- und einen Scriptblocker, seht ihr ja sicher alles aus den Logs.

Einziges Symptom ist/war folgendes: Ich habe in World of Tanks (Fenstermodus) mehr oder weniger rumge-idle-t, da geht ein SysTray-Balloon auf, der mir sagt, dass das Sicherheits-Center deaktiviert ist. Ich habe also drauf geklickt, um den Dienst neu zu starten, da kam eine Fehlermeldung, dass der Dienst nicht gestartet werden konnte. Noch zweimal wiederholt, man ist ja hartnäckig, aber ohne Erfolg. Ich beendete also WoT und wollte dem Problem gerade näher auf den Grund gehen (bis hierhin war ca. 1 Minute vergangen), da stürzt mein System komplett ab: Schwarzer Bildschirm und dann BIOS, normaler Bootvorgang.

Netzwerkkabel entfernt, Bootvorgang fortgesetzt. In Windows angemeldet, sah alles normal aus. Dienstmanager gestartet, um mal nach dem Rechten zu schauen. Folgende Dienste stehen auf Startart "Automatisch", waren aber nicht gestartet:
- Sicherheits-Center
- Windows Defender
- Windows Zeitgeber (liegt laut Ereignisanzeige an der fehlenden Netzwerkverbindung, leuchtet ja auch ein)

O. g. Dienste ohne Zwischenfall manuell gestartet. Nach dem Neustart hat mich Sicherheits-Center informiert, dass Automatische Updates deaktiviert sind (automatisch Suchen, aber manuell installieren). Bin ziemlich sicher, dass die normalerweise auf "automatisch installieren" stehen. Letzte Updates waren jedenfalls von gestern Nacht, und die habe ich ganz sicher nicht manuell gestartet. Netzwerkverbindung wiederhergestellt, und Updates erfolgreich 12 wichtige Updates installieren lassen, dann System wie gewünscht neu gestartet. Die o.g. Dienste wurden nach diesem Neustart, und allen weiteren, auch tatsächlich automatisch hochgezogen.

HijackThis runtergeladen und ausgeführt. Log wollt ihr hier ja nicht sehen, sah aber erstmal unspektakulär aus.

MalwareBytes' Anti-Malware runtergeladen und installiert, keine infizierten Objekte gefunden. Wieder deinstalliert.

Tools (defogger, OLT, GMER) runtergeladen und genau nach Anleitung ausgeführt. Beim ersten Durchlauf von GMER ist das System eingefroren, der zweite lief (nach Neustart, versteht sich) durch. Beim Start von GMER kam die Meldung, dass auf "c:\Windows\System32\config\system" nicht zugegriffen werden konnte, weil die Datei von einem anderen Prozess verwendet wird. Während des Scans kam noch einmal die gleiche Meldung, und noch eine für die Datei "C:\Users\CeeDub\ntuser.dat".

Ansonsten hatte ich bis jetzt keine Schwierigkeiten. Besteht noch Grund zur Sorge?

Vielen Dank für eure Hilfe!


OTL.TXT:
Code:
OTL logfile created on: 2013-06-09 15:06:11 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\CeeDub\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd
 
4,00 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 71,50% Memory free
7,99 Gb Paging File | 6,60 Gb Available in Paging File | 82,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 490,22 Gb Free Space | 35,09% Space Free | Partition Type: NTFS
Drive D: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 14,81 Gb Total Space | 5,78 Gb Free Space | 39,05% Space Free | Partition Type: FAT32
Drive H: | 7,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ISIS | User Name: CeeDub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-06-09 13:35:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CeeDub\Desktop\OTL.exe
PRC - [2013-05-09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-05-21 01:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010-05-21 01:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010-05-21 01:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010-05-21 01:56:12 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2010-05-21 00:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009-11-20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013-05-24 21:06:53 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-02-26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-11-09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-05-21 01:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010-05-21 01:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010-05-21 01:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010-05-21 00:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010-05-07 01:47:36 | 000,523,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2010-04-27 17:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-31 07:03:12 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009-03-30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009-03-30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2008-07-10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-05-09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-05-09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-05-09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-05-09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-05-09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-05-09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-05-09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-05-09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-10-07 22:31:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-05-21 01:57:12 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010-05-21 01:57:08 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010-05-21 01:57:04 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010-05-21 01:55:04 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010-05-21 01:54:52 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010-05-21 00:40:12 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010-05-20 22:19:20 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010-05-20 22:19:18 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010-05-20 22:19:18 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009-11-20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009-11-20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2010-04-27 17:41:34 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 B6 C0 75 9A 00 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B5e594888-3e8e-47da-b2c6-b0b545112f84%7D:1.3.13
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.3
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-24 21:06:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-05-15 19:26:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-24 21:06:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-05-15 19:26:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012-10-10 20:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Extensions
[2012-10-10 20:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013-05-29 07:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default\extensions
[2012-10-10 20:40:52 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013-05-29 07:27:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-12-28 23:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default.sic\extensions
[2012-12-28 23:09:34 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default.sic\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012-12-28 23:09:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default.sic\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-12-28 23:09:31 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default.sic\extensions\twitternotifier@naan.net
[2013-02-06 08:18:57 | 000,080,640 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi
[2013-05-26 08:34:44 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013-05-08 18:15:39 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-11-07 08:31:41 | 000,080,384 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default.sic\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi
[2012-12-18 07:46:44 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default.sic\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012-11-23 23:26:26 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default.sic\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2008-06-19 19:06:05 | 000,000,908 | ---- | M] () -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\searchplugins\imdb.xml
[2008-06-25 18:26:21 | 000,001,108 | ---- | M] () -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\searchplugins\wikipedia-en.xml
[2013-05-24 21:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-05-24 21:06:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-05-24 21:06:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013-05-24 21:06:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013-05-24 21:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013-05-24 21:06:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe (Greenshot)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\CeeDub\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe ()
O4 - Startup: C:\Users\CeeDub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\CeeDub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheUsualSuspects.lnk = C:\Program Files (x86)\TheUsualSuspects.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F520D9-ABB9-4720-8A4E-5DE03CDE787D}: NameServer = 172.16.19.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-06-09 14:04:52 | 026,957,289 | ---- | C] (Igor Pavlov) -- C:\Users\CeeDub\Documents\tor-browser-2.3.25-8_en-US.exe
[2013-06-09 13:35:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CeeDub\Desktop\OTL.exe
[2013-06-09 12:32:04 | 000,000,000 | ---D | C] -- C:\Users\CeeDub\AppData\Roaming\Malwarebytes
[2013-06-09 12:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-05-24 21:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-05-15 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013-06-09 15:04:45 | 000,001,990 | -H-- | M] () -- C:\Users\CeeDub\Documents\Default.rdp
[2013-06-09 15:03:35 | 000,000,000 | ---- | M] () -- C:\Users\CeeDub\defogger_reenable
[2013-06-09 14:54:22 | 000,377,856 | ---- | M] () -- C:\Users\CeeDub\Desktop\gmer_2.1.19163.exe
[2013-06-09 14:52:46 | 000,050,477 | ---- | M] () -- C:\Users\CeeDub\Desktop\Defogger.exe
[2013-06-09 14:09:35 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-09 14:09:35 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-09 14:05:25 | 026,957,289 | ---- | M] (Igor Pavlov) -- C:\Users\CeeDub\Documents\tor-browser-2.3.25-8_en-US.exe
[2013-06-09 14:00:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-09 14:00:51 | 3219,267,584 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-09 13:35:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CeeDub\Desktop\OTL.exe
[2013-06-09 13:12:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-06-09 12:25:51 | 000,369,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-05-21 01:08:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-05-21 01:08:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013-06-09 15:03:35 | 000,000,000 | ---- | C] () -- C:\Users\CeeDub\defogger_reenable
[2013-06-09 14:54:21 | 000,377,856 | ---- | C] () -- C:\Users\CeeDub\Desktop\gmer_2.1.19163.exe
[2013-06-09 14:52:45 | 000,050,477 | ---- | C] () -- C:\Users\CeeDub\Desktop\Defogger.exe
[2013-06-09 13:12:54 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-06-09 13:12:53 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-06-09 12:00:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013-06-09 11:59:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013-05-21 01:08:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-05-21 01:08:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013-04-13 14:04:34 | 000,002,104 | ---- | C] () -- C:\Users\CeeDub\AppData\Local\recently-used.xbel
[2012-11-05 22:03:22 | 000,000,000 | ---- | C] () -- C:\Users\CeeDub\AppData\Local\debuggee.mdmp
[2012-10-20 11:53:07 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-10-20 11:53:07 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-10-11 01:17:25 | 000,208,384 | ---- | C] () -- C:\Program Files (x86)\ShutdownTimer.exe
[2012-10-10 00:48:29 | 000,006,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-10-09 19:56:03 | 000,003,584 | ---- | C] () -- C:\Users\CeeDub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-10-09 18:48:55 | 000,000,658 | ---- | C] () -- C:\Program Files (x86)\TheUsualSuspects.bat
[2012-10-09 18:48:55 | 000,000,064 | ---- | C] () -- C:\Program Files (x86)\WhatsMyIP.bat
[2012-10-08 00:27:55 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-10-07 23:15:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012-10-09 22:43:43 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\BatMail
[2013-03-03 16:19:39 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\calibre
[2012-10-13 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Canneverbe Limited
[2012-10-09 21:33:05 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Esperanto
[2013-05-20 08:42:29 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\EVA
[2012-10-09 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\GHISLER
[2013-04-16 13:17:32 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Greenshot
[2012-10-09 20:19:09 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Helios
[2013-03-26 00:02:55 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\IrfanView
[2012-10-09 20:46:12 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Jubilation
[2012-10-09 20:25:20 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\LibreOffice
[2012-10-09 20:56:30 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Miranda
[2012-11-01 15:31:35 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\mp3DirectCut
[2012-10-09 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Notepad++
[2013-03-09 10:52:19 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\PassWordSafe
[2013-05-20 08:42:29 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\PWD
[2012-10-09 20:01:20 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Spacejock Software
[2012-12-05 22:17:02 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\SumatraPDF
[2012-12-16 19:51:22 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\TeamViewer
[2012-10-21 17:54:12 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Thumbnail me
[2012-10-09 18:07:47 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Thunderbird
[2013-04-09 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Thunderbird.sic
[2012-10-11 21:32:35 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\TrueCrypt
[2012-10-24 01:12:42 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\USBSafelyRemove
[2013-01-23 21:41:09 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 

< End of report >
ETA: Ich konnte nicht alle Logs als Code posten (zu lang), deshalb habe ich ausnahmsweise auch ohne Anfrage von einem Helfer ein 7z-Archiv hochgeladen. Ich hoffe, das ist okay.

schrauber 09.06.2013 16:40
Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Covenanter 09.06.2013 17:34
FRST.txt:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013
Ran by CeeDub (administrator) on 09-06-2013 18:22:07
Running from C:\Users\CeeDub\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
() C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(SourceForge.net) C:\Program Files (x86)\PassWordSafe\pwsafe.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe [462848 2012-10-30] (Greenshot)
HKCU\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1516496 2012-10-07] (TrueCrypt Foundation)
HKCU\...\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup [1498448 2010-05-07] ()
HKCU\...\Run: [SkyDrive] "C:\Users\CeeDub\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [257136 2013-06-03] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129584 2010-05-21] (VMware, Inc.)
Startup: C:\Users\CeeDub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\CeeDub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheUsualSuspects.lnk
ShortcutTarget: TheUsualSuspects.lnk -> C:\Program Files (x86)\TheUsualSuspects.bat ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346672] (VMware, Inc.)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346672] (VMware, Inc.)
Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446512] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446512] (VMware, Inc.)
Tcpip\..\Interfaces\{00F520D9-ABB9-4720-8A4E-5DE03CDE787D}: [NameServer]172.16.19.1

FireFox:
========
FF ProfilePath: C:\Users\CeeDub\AppData\Roaming\Mozilla\Firefox\Profiles\73d2a0ts.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Extension: EPUBReader - C:\Users\CeeDub\AppData\Roaming\Mozilla\Firefox\Profiles\73d2a0ts.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: DownloadHelper - C:\Users\CeeDub\AppData\Roaming\Mozilla\Firefox\Profiles\73d2a0ts.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\CeeDub\AppData\Roaming\Mozilla\Firefox\Profiles\73d2a0ts.default\Extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi
FF Extension: No Name - C:\Users\CeeDub\AppData\Roaming\Mozilla\Firefox\Profiles\73d2a0ts.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\CeeDub\AppData\Roaming\Mozilla\Firefox\Profiles\73d2a0ts.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-04-27] (VMware, Inc.)
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [523576 2010-05-07] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [18480 2010-05-21] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-04-27] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-04-27] (VMware, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-09 18:20 - 2013-06-09 18:20 - 00000000 ____D C:\FRST
2013-06-09 17:56 - 2013-06-09 17:54 - 01919988 ____A (Farbar) C:\Users\CeeDub\Desktop\FRST64.exe
2013-06-09 16:57 - 2013-06-09 16:57 - 00022698 ____A C:\Users\CeeDub\Documents\Logs.7z
2013-06-09 15:03 - 2013-06-09 15:03 - 00000474 ____A C:\Users\CeeDub\Desktop\defogger_disable.log
2013-06-09 15:03 - 2013-06-09 15:03 - 00000000 ____A C:\Users\CeeDub\defogger_reenable
2013-06-09 14:54 - 2013-06-09 14:54 - 00377856 ____A C:\Users\CeeDub\Desktop\gmer_2.1.19163.exe
2013-06-09 14:52 - 2013-06-09 14:52 - 00050477 ____A C:\Users\CeeDub\Desktop\Defogger.exe
2013-06-09 14:04 - 2013-06-09 14:05 - 26957289 ____A (Igor Pavlov) C:\Users\CeeDub\Documents\tor-browser-2.3.25-8_en-US.exe
2013-06-09 13:35 - 2013-06-09 13:35 - 00602112 ____A (OldTimer Tools) C:\Users\CeeDub\Desktop\OTL.exe
2013-06-09 13:12 - 2013-05-09 10:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-09 13:12 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-06-09 12:32 - 2013-06-09 12:32 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\Malwarebytes
2013-06-09 12:31 - 2013-06-09 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-09 12:00 - 2012-07-26 06:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-06-09 12:00 - 2012-07-26 06:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-06-09 12:00 - 2012-07-26 04:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-06-09 12:00 - 2012-06-02 16:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-06-09 11:59 - 2012-07-26 05:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-06-09 11:59 - 2012-07-26 05:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-06-09 11:59 - 2012-07-26 05:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-06-09 11:59 - 2012-07-26 05:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-06-09 11:59 - 2012-07-26 05:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-06-09 11:59 - 2012-07-26 04:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-06-09 11:59 - 2012-07-26 04:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-06-09 11:59 - 2012-06-02 16:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-06-09 11:56 - 2012-12-07 15:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-06-09 11:56 - 2012-12-07 15:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-06-09 11:56 - 2012-12-07 14:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-06-09 11:56 - 2012-12-07 14:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-06-09 11:56 - 2012-12-07 13:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-06-09 11:56 - 2012-12-07 13:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-06-09 11:56 - 2012-12-07 13:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-06-09 11:56 - 2012-12-07 13:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-06-09 11:56 - 2012-12-07 13:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-06-09 11:56 - 2012-12-07 13:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-06-09 11:56 - 2012-12-07 13:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-06-09 11:56 - 2012-12-07 13:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-06-09 11:56 - 2012-12-07 13:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-06-09 11:56 - 2012-12-07 13:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-06-09 11:56 - 2012-12-07 13:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-06-09 11:56 - 2012-12-07 13:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-06-09 11:56 - 2012-12-07 13:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-06-09 11:56 - 2012-12-07 13:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-06-09 11:56 - 2012-12-07 12:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-06-09 11:55 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-09 11:55 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-09 11:55 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-06-09 11:55 - 2012-11-30 07:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-06-09 11:55 - 2012-11-30 07:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-06-09 11:55 - 2012-11-30 07:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-06-09 11:55 - 2012-11-30 07:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-06-09 11:55 - 2012-11-30 07:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-09 11:55 - 2012-11-30 07:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-06-09 11:55 - 2012-11-30 06:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 05:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-06-09 11:55 - 2012-11-30 04:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 04:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 04:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 04:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-06-09 11:55 - 2012-11-30 01:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-06-09 11:55 - 2012-11-30 01:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-06-09 11:55 - 2012-11-22 07:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-06-09 11:55 - 2012-11-22 06:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-06-09 11:55 - 2012-10-09 20:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-06-09 11:55 - 2012-10-09 20:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-06-09 11:55 - 2012-10-09 19:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-06-09 11:55 - 2012-10-09 19:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-06-09 11:55 - 2012-10-03 19:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-06-09 11:55 - 2012-10-03 19:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-06-09 11:55 - 2012-10-03 19:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-06-09 11:55 - 2012-10-03 19:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-06-09 11:55 - 2012-10-03 19:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-06-09 11:55 - 2012-10-03 19:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-06-09 11:55 - 2012-10-03 18:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-06-09 11:55 - 2012-10-03 18:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-06-09 11:55 - 2012-10-03 18:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-06-09 11:55 - 2012-10-03 18:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-06-09 11:55 - 2012-01-13 09:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-06-09 10:55 - 2013-06-09 10:55 - 00074696 ____A C:\Users\root\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-09 10:55 - 2013-06-09 10:55 - 00000020 __ASH C:\Users\root\ntuser.ini
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Vorlagen
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Startmenü
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Netzwerkumgebung
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Lokale Einstellungen
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Eigene Dateien
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Druckumgebung
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Documents\Eigene Musik
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Documents\Eigene Bilder
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\AppData\Local\Verlauf
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\AppData\Local\Anwendungsdaten
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Anwendungsdaten
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\Users\root\AppData\Roaming\Greenshot
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\Users\root\AppData\Roaming\Adobe
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\Users\root\AppData\Local\VirtualStore
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\Users\root\AppData\Local\Greenshot
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\users\root
2013-05-25 23:18 - 2013-05-25 23:19 - 51797504 ____A C:\Users\CeeDub\Documents\calibre-0.9.32.msi
2013-05-24 21:06 - 2013-05-24 21:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 01:08 - 2013-05-21 01:08 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-21 01:08 - 2013-05-21 01:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-21 01:08 - 2013-05-21 01:08 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-21 01:08 - 2013-05-21 01:08 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-21 01:08 - 2013-05-21 01:08 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-21 01:08 - 2013-05-21 01:08 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-21 01:08 - 2013-05-21 01:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-21 01:08 - 2013-05-21 01:08 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-21 01:08 - 2013-05-21 01:08 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-21 01:08 - 2013-05-21 01:08 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-21 01:08 - 2013-05-21 01:08 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-21 01:06 - 2013-05-21 01:06 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-21 01:00 - 2013-05-21 01:12 - 00010950 ____A C:\Windows\IE10_main.log
2013-05-20 08:42 - 2013-05-20 08:42 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\PWD
2013-05-15 19:26 - 2013-05-16 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-15 18:42 - 2013-05-15 18:53 - 26957289 ____A (Igor Pavlov) C:\Users\CeeDub\Downloads\tor-browser-2.3.25-8_en-US.exe
2013-05-15 18:05 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 18:05 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 18:05 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 18:05 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 18:05 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 18:05 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 18:05 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 18:05 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 18:05 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 18:05 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 18:05 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 18:04 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== One Month Modified Files and Folders =======

2013-06-09 18:20 - 2013-06-09 18:20 - 00000000 ____D C:\FRST
2013-06-09 18:16 - 2012-10-09 22:30 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\Skype
2013-06-09 17:58 - 2009-07-14 06:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-09 17:58 - 2009-07-14 06:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-09 17:55 - 2012-10-09 20:20 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\vlc
2013-06-09 17:54 - 2013-06-09 17:56 - 01919988 ____A (Farbar) C:\Users\CeeDub\Desktop\FRST64.exe
2013-06-09 16:57 - 2013-06-09 16:57 - 00022698 ____A C:\Users\CeeDub\Documents\Logs.7z
2013-06-09 16:01 - 2012-11-26 18:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-09 16:01 - 2012-11-13 22:42 - 00000000 ____D C:\ProgramData\VMware
2013-06-09 16:01 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-09 16:01 - 2009-07-14 06:51 - 00051540 ____A C:\Windows\setupact.log
2013-06-09 15:55 - 2012-10-07 22:05 - 01383455 ____A C:\Windows\WindowsUpdate.log
2013-06-09 15:05 - 2013-02-12 02:12 - 00000000 ___RD C:\Users\CeeDub\SkyDrive
2013-06-09 15:04 - 2012-10-08 00:40 - 00001990 ___AH C:\Users\CeeDub\Documents\Default.rdp
2013-06-09 15:03 - 2013-06-09 15:03 - 00000474 ____A C:\Users\CeeDub\Desktop\defogger_disable.log
2013-06-09 15:03 - 2013-06-09 15:03 - 00000000 ____A C:\Users\CeeDub\defogger_reenable
2013-06-09 15:03 - 2012-10-07 22:14 - 00000000 ____D C:\users\CeeDub
2013-06-09 14:54 - 2013-06-09 14:54 - 00377856 ____A C:\Users\CeeDub\Desktop\gmer_2.1.19163.exe
2013-06-09 14:52 - 2013-06-09 14:52 - 00050477 ____A C:\Users\CeeDub\Desktop\Defogger.exe
2013-06-09 14:05 - 2013-06-09 14:04 - 26957289 ____A (Igor Pavlov) C:\Users\CeeDub\Documents\tor-browser-2.3.25-8_en-US.exe
2013-06-09 13:35 - 2013-06-09 13:35 - 00602112 ____A (OldTimer Tools) C:\Users\CeeDub\Desktop\OTL.exe
2013-06-09 13:12 - 2012-10-09 21:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-09 12:32 - 2013-06-09 12:32 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\Malwarebytes
2013-06-09 12:31 - 2013-06-09 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-09 12:27 - 2012-10-09 20:01 - 00075152 ____A C:\Users\CeeDub\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-09 12:25 - 2009-07-14 06:45 - 00369152 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-09 10:58 - 2012-10-07 22:14 - 00000000 ____D C:\Users\CeeDub\AppData\Local\VirtualStore
2013-06-09 10:55 - 2013-06-09 10:55 - 00074696 ____A C:\Users\root\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-09 10:55 - 2013-06-09 10:55 - 00000020 __ASH C:\Users\root\ntuser.ini
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Vorlagen
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Startmenü
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Netzwerkumgebung
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Lokale Einstellungen
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Eigene Dateien
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Druckumgebung
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Documents\Eigene Musik
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Documents\Eigene Bilder
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\AppData\Local\Verlauf
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\AppData\Local\Anwendungsdaten
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 __SHD C:\Users\root\Anwendungsdaten
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\Users\root\AppData\Roaming\Greenshot
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\Users\root\AppData\Roaming\Adobe
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\Users\root\AppData\Local\VirtualStore
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\Users\root\AppData\Local\Greenshot
2013-06-09 10:55 - 2013-06-09 10:55 - 00000000 ____D C:\users\root
2013-06-09 00:12 - 2012-10-09 20:45 - 00000000 ____D C:\Users\CeeDub\dwhelper
2013-06-08 18:02 - 2012-10-09 18:25 - 00000000 ____D C:\Users\CeeDub\Documents\PhotoShop
2013-06-06 20:39 - 2012-10-10 00:19 - 00000000 ____D C:\Users\CeeDub\Documents\SQL Server Management Studio
2013-06-06 19:54 - 2012-10-09 19:21 - 00000000 ____D C:\Users\CeeDub\AppData\Local\MediaMonkey
2013-06-05 23:36 - 2013-06-05 23:33 - 99126252 ____A C:\Users\CeeDub\Documents\CreatingCompileFormatSmall.mov
2013-06-02 02:23 - 2012-11-14 01:18 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\VMware
2013-06-02 02:23 - 2012-11-14 01:18 - 00000000 ____D C:\Users\CeeDub\AppData\Local\VMware
2013-05-31 20:30 - 2013-03-23 01:27 - 00000000 ____D C:\Users\CeeDub\Documents\Scrivener
2013-05-26 23:09 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-25 23:19 - 2013-05-25 23:18 - 51797504 ____A C:\Users\CeeDub\Documents\calibre-0.9.32.msi
2013-05-25 20:37 - 2012-10-07 22:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 21:06 - 2013-05-24 21:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 20:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-21 19:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-21 19:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-21 19:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-21 19:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-21 19:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-21 01:12 - 2013-05-21 01:00 - 00010950 ____A C:\Windows\IE10_main.log
2013-05-21 01:08 - 2013-05-21 01:08 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-21 01:08 - 2013-05-21 01:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-21 01:08 - 2013-05-21 01:08 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-21 01:08 - 2013-05-21 01:08 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-21 01:08 - 2013-05-21 01:08 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-21 01:08 - 2013-05-21 01:08 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-21 01:08 - 2013-05-21 01:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-21 01:08 - 2013-05-21 01:08 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-21 01:08 - 2013-05-21 01:08 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-21 01:08 - 2013-05-21 01:08 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-21 01:08 - 2013-05-21 01:08 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-21 01:08 - 2013-05-21 01:08 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-21 01:08 - 2013-05-21 01:08 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-21 01:06 - 2013-05-21 01:06 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-21 01:06 - 2013-05-21 01:06 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-20 08:42 - 2013-05-20 08:42 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\PWD
2013-05-20 08:42 - 2012-10-10 01:13 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\EVA
2013-05-20 07:58 - 2012-10-10 00:51 - 00000000 ____D C:\Users\CeeDub\Documents\Visual Studio 2010
2013-05-16 17:45 - 2013-05-15 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-16 00:31 - 2012-10-07 22:48 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 18:53 - 2013-05-15 18:42 - 26957289 ____A (Igor Pavlov) C:\Users\CeeDub\Downloads\tor-browser-2.3.25-8_en-US.exe
2013-05-11 14:06 - 2012-10-09 21:00 - 00000000 ____D C:\Users\CeeDub\AppData\Roaming\dvdcss

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-04 18:01

==================== End Of Log ============================
Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2013
Ran by CeeDub at 2013-06-09 18:23:01 Run:
Running from C:\Users\CeeDub\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
avast! Free Antivirus (Version: 8.0.1489.0)
calibre (Version: 0.9.12)
CDBurnerXP (Version: 4.3.8.2523)
Curse Client (Version: 4.0.1.286)
GIMP 2.8.2 (Version: 2.8.2)
Greenshot 1.0.6.2228 (Version: 1.0.6.2228)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1)
IrfanView (remove only) (Version: 4.32)
K-Lite Codec Pack 9.3.0 (Standard) (Version: 9.3.0)
Kurso de Esperanto 4 (Version: 4.1.1)
LibreOffice 3.6 (Version: 3.6.2.2)
MagicDisc 2.7.106
MediaMonkey 3.2 (Version: 3.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft SkyDrive (Version: 17.0.2010.0530)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Management Studio (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008-Richtlinien (Version: 10.0.1600.22)
Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch) (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C# 2010 Express - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729)
Miranda IM 0.10.4 (Version: 0.10.4)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0)
Notepad++ (Version: 5.6.7)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Realtek High Definition Audio Driver (Version: 6.0.1.6083)
Scrivener Update (Version: 1570)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
Sigil 0.6.2
Skype™ 6.0 (Version: 6.0.126)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SumatraPDF
TextPad 5 (Version: 5.3.1)
Thumbnail me 3.0
tools-freebsd (Version: 8.4.2.12623)
tools-linux (Version: 8.4.2.12623)
tools-netware (Version: 8.4.2.12623)
tools-solaris (Version: 8.4.2.12623)
tools-windows (Version: 8.4.2.12623)
tools-winPre2k (Version: 8.4.2.12623)
TrueCrypt (Version: 7.1a)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (Version: 10.1.2531.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
USB Safely Remove 4.3
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (Version: 4.0.8080.0)
VLC media player 2.0.3 (Version: 2.0.3)
VMware Workstation (Version: 7.1.0.12623)
World of Tanks
World of Warcraft (Version: 5.2.0.16769)
Xvid Video Codec (Version: 1.3.2)
yWriter5

==================== Restore Points  =========================

06-06-2013 21:36:08 Geplanter Prüfpunkt
07-06-2013 22:28:29 Windows Update
09-06-2013 09:56:47 Windows Update

==================== Faulty Device Manager Devices =============

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2013 04:01:56 PM) (Source: vmauthd) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 03:49:20 PM) (Source: vmauthd) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 02:02:03 PM) (Source: vmauthd) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 00:26:53 PM) (Source: vmauthd) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 10:47:50 AM) (Source: vmauthd) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 10:03:37 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_RpcEptMapper, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000007764000a
ID des fehlerhaften Prozesses: 0x3e4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_RpcEptMapper0
Pfad der fehlerhaften Anwendung: svchost.exe_RpcEptMapper1
Pfad des fehlerhaften Moduls: svchost.exe_RpcEptMapper2
Berichtskennung: svchost.exe_RpcEptMapper3

Error: (06/09/2013 09:29:17 AM) (Source: vmauthd) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 00:38:53 AM) (Source: Application Hang) (User: )
Description: Programm TOTALCMD.EXE, Version 7.5.5.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8b4

Startzeit: 01ce646a03099c77

Endzeit: 315

Anwendungspfad: C:\totalcmd\TOTALCMD.EXE

Berichts-ID: 2f0afdf0-d08c-11e2-a358-005056c00008

Error: (06/09/2013 00:17:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.3.0, Zeitstempel: 0x5007ce85
Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.3.0, Zeitstempel: 0x5007ce85
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000016d5
ID des fehlerhaften Prozesses: 0x15dc
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (06/08/2013 10:48:15 PM) (Source: Application Hang) (User: )
Description: Programm TOTALCMD.EXE, Version 7.5.5.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: eb4

Startzeit: 01ce64022c9fac11

Endzeit: 340

Anwendungspfad: c:\totalcmd\TOTALCMD.EXE

Berichts-ID: bb5db43d-d07c-11e2-a358-005056c00008


System errors:
=============
Error: (06/09/2013 03:48:28 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?09.?06.?2013 um 15:47:00 unerwartet heruntergefahren.

Error: (06/09/2013 10:52:53 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/09/2013 10:49:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (06/09/2013 10:49:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/09/2013 10:03:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Remoteprozeduraufruf (RPC)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Computers.

Error: (06/09/2013 10:03:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RPC-Endpunktzuordnung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/09/2013 09:31:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (06/09/2013 09:31:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/09/2013 01:08:22 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom2 gefunden.

Error: (06/08/2013 06:41:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================
Error: (06/09/2013 04:01:56 PM) (Source: vmauthd)(User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 03:49:20 PM) (Source: vmauthd)(User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 02:02:03 PM) (Source: vmauthd)(User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 00:26:53 PM) (Source: vmauthd)(User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 10:47:50 AM) (Source: vmauthd)(User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 10:03:37 AM) (Source: Application Error)(User: )
Description: svchost.exe_RpcEptMapper6.1.7600.163854a5bc3c1unknown0.0.0.000000000c0000005000000007764000a3e401ce64e2de3f4e39C:\Windows\system32\svchost.exeunknown162d3fef-d0db-11e2-8685-005056c00008

Error: (06/09/2013 09:29:17 AM) (Source: vmauthd)(User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (06/09/2013 00:38:53 AM) (Source: Application Hang)(User: )
Description: TOTALCMD.EXE7.5.5.18b401ce646a03099c77315C:\totalcmd\TOTALCMD.EXE2f0afdf0-d08c-11e2-a358-005056c00008

Error: (06/09/2013 00:17:21 AM) (Source: Application Error)(User: )
Description: vlc.exe2.0.3.05007ce85vlc.exe2.0.3.05007ce85c0000005000016d515dc01ce6495f04decfaC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exe2fe4d281-d089-11e2-a358-005056c00008

Error: (06/08/2013 10:48:15 PM) (Source: Application Hang)(User: )
Description: TOTALCMD.EXE7.5.5.1eb401ce64022c9fac11340c:\totalcmd\TOTALCMD.EXEbb5db43d-d07c-11e2-a358-005056c00008


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 4093.51 MB
Available physical RAM: 2796.06 MB
Total Pagefile: 8185.21 MB
Available Pagefile: 6683.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1397.17 GB) (Free:490.42 GB) NTFS (Disk=0 Partition=2)
Drive d: (Neu) (CDROM) (Total:4.36 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:14.81 GB) (Free:5.78 GB) FAT32 (Disk=1 Partition=1)
Drive h: (Disc) (CDROM) (Total:7.18 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 00AA00AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-698828718080) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

schrauber 09.06.2013 18:21
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Covenanter 09.06.2013 20:25
Code:
ComboFix 13-06-08.02 - CeeDub 2013-06-09  21:07:28.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4094.2297 [GMT 2:00]
ausgeführt von:: c:\users\CeeDub\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-09 bis 2013-06-09  ))))))))))))))))))))))))))))))
.
.
2013-06-09 19:13 . 2013-06-09 19:13        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-09 19:13 . 2013-06-09 19:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-09 16:20 . 2013-06-09 16:20        --------        d-----w-        C:\FRST
2013-06-09 11:12 . 2013-05-09 08:59        189936        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-06-09 11:12 . 2013-05-09 08:59        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-06-09 10:32 . 2013-06-09 10:32        --------        d-----w-        c:\users\CeeDub\AppData\Roaming\Malwarebytes
2013-06-09 10:31 . 2013-06-09 10:31        --------        d-----w-        c:\programdata\Malwarebytes
2013-06-09 10:00 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-06-09 10:00 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2013-06-09 10:00 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2013-06-09 10:00 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2013-06-09 09:59 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys
2013-06-09 09:59 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys
2013-06-09 09:59 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll
2013-06-09 09:59 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll
2013-06-09 09:59 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe
2013-06-09 09:59 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll
2013-06-09 09:59 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll
2013-06-09 09:55 . 2012-11-30 05:41        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2013-06-09 08:55 . 2013-06-09 08:55        --------        d-----w-        c:\users\root
2013-06-07 22:29 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FAF627E-C05C-46C1-8AB3-88277A05B613}\mpengine.dll
2013-05-20 23:06 . 2013-05-20 23:06        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-20 06:42 . 2013-05-20 06:42        --------        d-----w-        c:\users\CeeDub\AppData\Roaming\PWD
2013-05-15 17:26 . 2013-05-16 15:45        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-05-15 16:05 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 16:05 . 2013-04-10 06:01        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 16:05 . 2011-02-03 11:25        144384        ----a-w-        c:\windows\system32\cdd.dll
2013-05-15 16:05 . 2013-02-27 05:52        14172672        ----a-w-        c:\windows\system32\shell32.dll
2013-05-15 16:05 . 2013-02-27 05:52        197120        ----a-w-        c:\windows\system32\shdocvw.dll
2013-05-15 16:05 . 2013-02-27 05:48        1930752        ----a-w-        c:\windows\system32\authui.dll
2013-05-15 16:05 . 2013-02-27 06:02        111448        ----a-w-        c:\windows\system32\consent.exe
2013-05-15 16:05 . 2013-02-27 04:49        1796096        ----a-w-        c:\windows\SysWow64\authui.dll
2013-05-15 16:05 . 2013-02-27 05:47        70144        ----a-w-        c:\windows\system32\appinfo.dll
2013-05-15 16:04 . 2013-04-10 03:30        3153920        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-06 07:37 . 2012-10-09 16:48        221184        ----a-w-        c:\program files (x86)\Jubilation.exe
2013-06-06 07:23 . 2012-10-10 23:17        208384        ----a-w-        c:\program files (x86)\ShutdownTimer.exe
2013-05-15 22:31 . 2012-10-07 20:48        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-09 08:59 . 2012-10-09 19:54        378432        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-10-09 19:53        72016        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-10-09 19:53        64288        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-10-09 19:53        1025808        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-10-09 19:54        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-10-09 19:53        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-10-09 19:50        41664        ----a-w-        c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-10-09 19:53        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2012-10-07 20:41        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-14 18:42 . 2012-10-10 21:45        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-14 18:42 . 2012-10-10 21:45        691592        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49 . 2013-06-09 09:55        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-09 09:55        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-09 09:55        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-09 09:55        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-09 09:55        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-09 09:55        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 15:40        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 00:33        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 00:33        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 00:33        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 00:33        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 00:33        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 00:33        112640        ----a-w-        c:\windows\system32\smss.exe
2012-11-22 16:21 . 2012-10-09 16:48        658        ----a-w-        c:\program files (x86)\TheUsualSuspects.bat
2011-01-05 10:01 . 2012-10-09 16:48        64        ----a-w-        c:\program files (x86)\WhatsMyIP.bat
2006-05-19 12:13 . 2012-10-12 18:25        167936        ----a-w-        c:\program files (x86)\Tail.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-03 18:40        222832        ----a-w-        c:\users\CeeDub\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-03 18:40        222832        ----a-w-        c:\users\CeeDub\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-03 18:40        222832        ----a-w-        c:\users\CeeDub\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2012-10-07 1516496]
"USB Safely Remove"="c:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2010-05-06 1498448]
"SkyDrive"="c:\users\CeeDub\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-06-03 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-05-20 129584]
.
c:\users\CeeDub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-10-9 576000]
TheUsualSuspects.lnk - c:\program files (x86)\TheUsualSuspects.bat [2012-10-9 658]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\USB Safely Remove\USBSRService.exe;c:\program files (x86)\USB Safely Remove\USBSRService.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-03 18:40        261744        ----a-w-        c:\users\CeeDub\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-03 18:40        261744        ----a-w-        c:\users\CeeDub\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-03 18:40        261744        ----a-w-        c:\users\CeeDub\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2012-10-30 462848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: Interfaces\{00F520D9-ABB9-4720-8A4E-5DE03CDE787D}: NameServer = 172.16.19.1
FF - ProfilePath - c:\users\CeeDub\AppData\Roaming\Mozilla\Firefox\Profiles\73d2a0ts.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-09  21:16:02
ComboFix-quarantined-files.txt  2013-06-09 19:16
.
Vor Suchlauf: 11 Verzeichnis(se), 526.376.595.456 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 528.932.687.872 Bytes frei
.
- - End Of File - - DEFCA659339316A05797EFB4CB3C760D
422AF79487A55C27CE4BFD48D84CE830
ComboFix-quarantined-files.txt:
Code:
2013-06-09 19:14:55 . 2013-06-09 19:14:55              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-06-09 19:12:01 . 2013-06-09 19:12:01            5,607 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-09 19:05:44 . 2013-06-09 19:05:44              51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
Hinweis 1: Nach Ausführung war Firefox nicht mehr mein Standardbrowser. Nach Ausführung war Firefox nicht mehr mein Standardbrowser. Habe das durch FF korrigieren lassen.
Hinweis 2: Es wurde kein Neustart durchgeführt oder verlangt.

schrauber 10.06.2013 06:49
Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

Covenanter 10.06.2013 17:05
Code:
Farbar Service Scanner Version: 31-05-2013 01
Ran by CeeDub (administrator) on 10-06-2013 at 18:03:59
Running from "C:\Users\CeeDub\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

schrauber 10.06.2013 18:32
Öhm, immer noch Stress mit dem Sicherheitscenter?

Covenanter 10.06.2013 18:50
Nein, immer noch alles wie gewohnt. Haben die Logs denn irgendwelche Probleme aufgezeigt? Kann ich die Emulator-Treiber mit defogger wieder aktivieren?

schrauber 10.06.2013 19:29
Zitat:
Nein, immer noch alles wie gewohnt.
Das widerspricht sich irgendwie :D

Gibt es noch Probleme, ja oder nein?

Covenanter 10.06.2013 19:35
Nein, ich habe aktuell keine Probleme.

Haben die Tools denn überhaupt irgendwas zum Vorschein gebracht? Muss ich noch irgendwas tun? Etwas deinstallieren, säubern, etc.? Darf ich die Treiber wieder aktivieren?

schrauber 10.06.2013 19:37
Combofix hat bissl was gerichtet an Diensten. Wir löschen alles wenn wir fertig sind, ich hätt noch gerne einen Onlinescan.

Erst dann wieder Defogger.

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches OTL log, dann sind wir fertig :)

Covenanter 10.06.2013 21:09
Code:
Results of screen317's Security Check version 0.99.64 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 11.7.700.169 
 Mozilla Firefox (21.0)
 Mozilla Thunderbird (17.0.6)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Code:
OTL logfile created on: 2013-06-10 21:10:55 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\CeeDub\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd
 
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,03% Memory free
7,99 Gb Paging File | 6,54 Gb Available in Paging File | 81,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 489,09 Gb Free Space | 35,01% Space Free | Partition Type: NTFS
Drive D: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 7,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ISIS | User Name: CeeDub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-06-09 13:35:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CeeDub\Desktop\OTL.exe
PRC - [2013-05-09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-07-07 08:55:10 | 003,687,736 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2010-05-21 01:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010-05-21 01:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010-05-21 01:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010-05-21 01:56:12 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2010-05-21 00:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010-02-21 19:40:02 | 001,318,912 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2009-11-20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010-07-07 08:55:10 | 000,165,376 | ---- | M] () -- C:\totalcmd\UNRAR.DLL
MOD - [2010-07-07 08:55:10 | 000,123,536 | ---- | M] () -- C:\totalcmd\WCMZIP32.DLL
MOD - [2007-08-05 03:10:52 | 000,250,368 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013-05-24 21:06:53 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-02-26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-11-09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-05-21 01:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010-05-21 01:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010-05-21 01:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010-05-21 00:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010-05-07 01:47:36 | 000,523,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2010-04-27 17:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-31 07:03:12 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009-03-30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009-03-30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2008-07-10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-05-09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-05-09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-05-09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-05-09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-05-09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-05-09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-05-09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-05-09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-10-07 22:31:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-05-21 01:57:12 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010-05-21 01:57:08 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010-05-21 01:57:04 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010-05-21 01:55:04 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010-05-21 01:54:52 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010-05-21 00:40:12 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010-05-20 22:19:20 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010-05-20 22:19:18 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010-05-20 22:19:18 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009-11-20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009-11-20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2010-04-27 17:41:34 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 B6 C0 75 9A 00 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B5e594888-3e8e-47da-b2c6-b0b545112f84%7D:1.3.13
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.3
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-24 21:06:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-05-15 19:26:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-24 21:06:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-05-15 19:26:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012-10-10 20:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Extensions
[2012-10-10 20:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013-05-29 07:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default\extensions
[2012-10-10 20:40:52 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013-05-29 07:27:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-12-28 23:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default.sic\extensions
[2012-12-28 23:09:34 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default.sic\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012-12-28 23:09:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default.sic\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-12-28 23:09:31 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\CeeDub\AppData\Roaming\mozilla\Firefox\Profiles\73d2a0ts.default.sic\extensions\twitternotifier@naan.net
[2013-02-06 08:18:57 | 000,080,640 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi
[2013-05-26 08:34:44 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013-05-08 18:15:39 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-11-07 08:31:41 | 000,080,384 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default.sic\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi
[2012-12-18 07:46:44 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default.sic\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012-11-23 23:26:26 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default.sic\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2008-06-19 19:06:05 | 000,000,908 | ---- | M] () -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\searchplugins\imdb.xml
[2008-06-25 18:26:21 | 000,001,108 | ---- | M] () -- C:\Users\CeeDub\AppData\Roaming\mozilla\firefox\profiles\73d2a0ts.default\searchplugins\wikipedia-en.xml
[2013-05-24 21:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-05-24 21:06:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-05-24 21:06:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013-05-24 21:06:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013-05-24 21:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013-05-24 21:06:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe (Greenshot)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\CeeDub\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe ()
O4 - Startup: C:\Users\CeeDub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\CeeDub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheUsualSuspects.lnk = C:\Program Files (x86)\TheUsualSuspects.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F520D9-ABB9-4720-8A4E-5DE03CDE787D}: NameServer = 172.16.19.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-06-10 17:57:02 | 000,355,651 | ---- | C] (Farbar) -- C:\Users\CeeDub\Desktop\FSS.exe
[2013-06-09 21:40:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-06-09 21:05:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-06-09 21:05:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-06-09 21:05:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-06-09 21:05:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-06-09 21:05:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-06-09 20:52:53 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\CeeDub\Desktop\ComboFix.exe
[2013-06-09 19:42:08 | 005,078,680 | ---- | C] (Swearware) -- C:\Users\CeeDub\Documents\ComboFix.exe
[2013-06-09 18:20:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013-06-09 17:56:29 | 001,919,988 | ---- | C] (Farbar) -- C:\Users\CeeDub\Desktop\FRST64.exe
[2013-06-09 14:04:52 | 026,957,289 | ---- | C] (Igor Pavlov) -- C:\Users\CeeDub\Documents\tor-browser-2.3.25-8_en-US.exe
[2013-06-09 13:35:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CeeDub\Desktop\OTL.exe
[2013-06-09 12:32:04 | 000,000,000 | ---D | C] -- C:\Users\CeeDub\AppData\Roaming\Malwarebytes
[2013-06-09 12:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-05-24 21:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-05-20 08:42:27 | 000,000,000 | ---D | C] -- C:\Users\CeeDub\AppData\Roaming\PWD
[2013-05-15 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012-10-12 20:25:18 | 000,167,936 | ---- | C] (Original author: Paul Perkins) -- C:\Program Files (x86)\Tail.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013-06-10 18:02:45 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-10 18:02:45 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-10 17:57:13 | 000,355,651 | ---- | M] (Farbar) -- C:\Users\CeeDub\Desktop\FSS.exe
[2013-06-10 17:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-10 17:53:22 | 3219,267,584 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-10 01:59:01 | 000,002,032 | -H-- | M] () -- C:\Users\CeeDub\Documents\Default.rdp
[2013-06-09 19:42:35 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\CeeDub\Desktop\ComboFix.exe
[2013-06-09 19:42:35 | 005,078,680 | ---- | M] (Swearware) -- C:\Users\CeeDub\Documents\ComboFix.exe
[2013-06-09 17:54:22 | 001,919,988 | ---- | M] (Farbar) -- C:\Users\CeeDub\Desktop\FRST64.exe
[2013-06-09 15:03:35 | 000,000,000 | ---- | M] () -- C:\Users\CeeDub\defogger_reenable
[2013-06-09 14:54:22 | 000,377,856 | ---- | M] () -- C:\Users\CeeDub\Desktop\gmer_2.1.19163.exe
[2013-06-09 14:52:46 | 000,050,477 | ---- | M] () -- C:\Users\CeeDub\Desktop\Defogger.exe
[2013-06-09 13:35:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CeeDub\Desktop\OTL.exe
[2013-06-09 13:12:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-06-09 12:25:51 | 000,369,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-06-06 09:23:46 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ShutdownTimer.exe
[2013-05-21 01:08:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-05-21 01:08:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013-06-09 21:05:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-06-09 21:05:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-06-09 21:05:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-06-09 21:05:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-06-09 21:05:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-06-09 15:03:35 | 000,000,000 | ---- | C] () -- C:\Users\CeeDub\defogger_reenable
[2013-06-09 14:54:21 | 000,377,856 | ---- | C] () -- C:\Users\CeeDub\Desktop\gmer_2.1.19163.exe
[2013-06-09 14:52:45 | 000,050,477 | ---- | C] () -- C:\Users\CeeDub\Desktop\Defogger.exe
[2013-06-09 13:12:54 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-06-09 13:12:53 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-06-09 12:00:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013-06-09 11:59:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013-05-21 01:08:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-05-21 01:08:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013-04-13 14:04:34 | 000,002,104 | ---- | C] () -- C:\Users\CeeDub\AppData\Local\recently-used.xbel
[2012-11-05 22:03:22 | 000,000,000 | ---- | C] () -- C:\Users\CeeDub\AppData\Local\debuggee.mdmp
[2012-10-20 11:53:07 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-10-20 11:53:07 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-10-11 01:17:25 | 000,208,384 | ---- | C] () -- C:\Program Files (x86)\ShutdownTimer.exe
[2012-10-10 00:48:29 | 000,006,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-10-09 19:56:03 | 000,003,584 | ---- | C] () -- C:\Users\CeeDub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-10-09 18:48:55 | 000,000,658 | ---- | C] () -- C:\Program Files (x86)\TheUsualSuspects.bat
[2012-10-09 18:48:55 | 000,000,064 | ---- | C] () -- C:\Program Files (x86)\WhatsMyIP.bat
[2012-10-08 00:27:55 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-10-07 23:15:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012-10-09 22:43:43 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\BatMail
[2013-03-03 16:19:39 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\calibre
[2012-10-13 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Canneverbe Limited
[2012-10-09 21:33:05 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Esperanto
[2013-05-20 08:42:29 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\EVA
[2012-10-09 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\GHISLER
[2013-04-16 13:17:32 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Greenshot
[2012-10-09 20:19:09 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Helios
[2013-03-26 00:02:55 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\IrfanView
[2012-10-09 20:46:12 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Jubilation
[2012-10-09 20:25:20 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\LibreOffice
[2012-10-09 20:56:30 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Miranda
[2012-11-01 15:31:35 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\mp3DirectCut
[2012-10-09 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Notepad++
[2013-06-09 21:04:37 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\PassWordSafe
[2013-05-20 08:42:29 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\PWD
[2012-10-09 20:01:20 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Spacejock Software
[2012-12-05 22:17:02 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\SumatraPDF
[2012-12-16 19:51:22 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\TeamViewer
[2012-10-21 17:54:12 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Thumbnail me
[2012-10-09 18:07:47 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Thunderbird
[2013-04-09 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Thunderbird.sic
[2012-10-11 21:32:35 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\TrueCrypt
[2012-10-24 01:12:42 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\USBSafelyRemove
[2013-01-23 21:41:09 | 000,000,000 | ---D | M] -- C:\Users\CeeDub\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 

< End of report >
Auf den Onlinescan würde ich gerne verzichten. Vor vielen Jahren (auf einem anderen PC) schlechte Erfahrungen gemacht, seitdem irrationale Abneigungen (Hass) auf diese Dienste. Ich weiß, dieser ist vertrauenswürdig und von euch empfohlen. Trotzdem. Nichts für ungut. Wenn die restlichen Logs sauber sind, würde ich es gerne dabei belassen. Vielen Dank.

schrauber 11.06.2013 07:18
Kein Thema. Dann sind wir fertig und räumen auf :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Covenanter 13.06.2013 22:32
Tools erfolgreich deinstalliert, vielen Dank für die Hilfe.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:46 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131