| Deichvogt | 15.01.2014 22:14 |
Win32/openCandy + Win32.Trojan.Agent.C5K071 auf PC Win7/64bit
Schönen guten Abend!
Heute schlug auf meinem 2.PC der Virenscanner an,
in "RECYCLE.BIN" ist der "Win32.Trojan.Agent.C5K071" unterwegs.
Ein Onlinescan mit Eset ergab den Win32/openCandy.
Bitte um Hilfe :rolleyes: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:28 on 15/01/2014 (Christine-2011)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01
Ran by Christine-2011 (administrator) on CHRISTINE-2011P on 15-01-2014 21:29:22
Running from D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854416 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-11-16] (AMD)
HKU\Gast\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Gast\...\Run: [EADM] - "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x826DB45A0FE7CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Christine-2011\AppData\Roaming\Mozilla\Firefox\Profiles\47yycnry.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - D:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Christine-2011\AppData\Roaming\Mozilla\Firefox\Profiles\47yycnry.default\Extensions\ich@maltegoetz.de [2013-12-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Christine-2011\AppData\Roaming\Mozilla\Firefox\Profiles\47yycnry.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-08-01]
FF Extension: NoScript - C:\Users\Christine-2011\AppData\Roaming\Mozilla\Firefox\Profiles\47yycnry.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-12]
FF Extension: Adblock Plus - C:\Users\Christine-2011\AppData\Roaming\Mozilla\Firefox\Profiles\47yycnry.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-12]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
==================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1956304 2013-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2249944 2013-02-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2656800 2013-02-25] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-03] ()
==================== Drivers (Whitelisted) ====================
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-05-13] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-05-13] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-13] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-05-13] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-05-13] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-05-13] (G Data Software AG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 21:29 - 2014-01-15 21:29 - 00000000 ____D C:\FRST
2014-01-15 21:28 - 2014-01-15 21:28 - 00000000 _____ C:\Users\Christine-2011\defogger_reenable
2014-01-15 21:25 - 2014-01-15 18:44 - 02347384 _____ (ESET) C:\Users\Christine-2011\Desktop\esetsmartinstaller_enu.exe
2014-01-15 21:25 - 2014-01-15 17:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Christine-2011\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-15 19:46 - 2014-01-15 19:46 - 00000138 _____ C:\Users\Christine-2011\Desktop\eset.txt
2014-01-15 18:46 - 2014-01-15 18:46 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-15 17:26 - 2014-01-15 17:26 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 17:26 - 2014-01-15 17:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-19 03:00 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-19 03:00 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-19 03:00 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-19 03:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-19 03:00 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-19 03:00 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-19 03:00 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-19 03:00 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-19 03:00 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-19 03:00 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-19 03:00 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-19 03:00 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-19 03:00 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-19 03:00 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-19 03:00 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-19 03:00 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-19 03:00 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-19 03:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-19 03:00 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-19 03:00 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-19 03:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-19 03:00 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-19 03:00 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-19 03:00 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-19 03:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-19 03:00 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-19 03:00 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-19 03:00 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-19 03:00 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-19 03:00 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-19 03:00 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-18 03:11 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-18 03:11 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-18 03:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-18 03:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-18 03:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-18 03:05 - 2013-12-18 03:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-18 03:05 - 2013-12-18 03:05 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-18 03:05 - 2013-12-18 03:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-18 03:05 - 2013-12-18 03:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-18 03:05 - 2013-12-18 03:05 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-18 03:05 - 2013-12-18 03:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-18 03:03 - 2013-12-18 03:11 - 00010074 _____ C:\Windows\IE11_main.log
2013-12-17 18:12 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-17 18:12 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-17 18:12 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-17 18:12 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-17 18:12 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-17 18:12 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-17 18:12 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-17 18:12 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-17 18:12 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-17 18:12 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-17 18:12 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-17 18:12 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-17 18:12 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-17 18:12 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-17 18:12 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-17 18:12 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-17 18:12 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-17 18:12 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-17 18:12 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-15 21:29 - 2014-01-15 21:29 - 00000000 ____D C:\FRST
2014-01-15 21:29 - 2011-03-20 17:09 - 00000000 ____D C:\Users\Christine-2011\AppData\Roaming\NetSpeedMonitor
2014-01-15 21:28 - 2014-01-15 21:28 - 00000000 _____ C:\Users\Christine-2011\defogger_reenable
2014-01-15 21:28 - 2011-03-20 00:51 - 00000000 ____D C:\Users\Christine-2011
2014-01-15 21:04 - 2011-09-12 18:31 - 01583779 _____ C:\Windows\WindowsUpdate.log
2014-01-15 19:56 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 19:56 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 19:53 - 2009-07-14 18:58 - 00657416 _____ C:\Windows\system32\perfh007.dat
2014-01-15 19:53 - 2009-07-14 18:58 - 00131940 _____ C:\Windows\system32\perfc007.dat
2014-01-15 19:53 - 2009-07-14 06:13 - 01509216 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 19:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 19:48 - 2013-11-26 09:51 - 00000896 _____ C:\Windows\setupact.log
2014-01-15 19:46 - 2014-01-15 19:46 - 00000138 _____ C:\Users\Christine-2011\Desktop\eset.txt
2014-01-15 18:46 - 2014-01-15 18:46 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-15 18:44 - 2014-01-15 21:25 - 02347384 _____ (ESET) C:\Users\Christine-2011\Desktop\esetsmartinstaller_enu.exe
2014-01-15 17:26 - 2014-01-15 17:26 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 17:26 - 2014-01-15 17:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 17:23 - 2014-01-15 21:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Christine-2011\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-27 11:04 - 2012-05-15 16:17 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-12-25 16:57 - 2012-03-30 17:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 16:57 - 2011-06-06 18:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 16:55 - 2013-11-25 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-23 12:03 - 2013-11-25 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 05:41 - 2011-03-20 00:52 - 00001421 _____ C:\Users\Christine-2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-18 04:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 03:30 - 2009-07-14 05:45 - 00294344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-18 03:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-18 03:16 - 2011-09-09 09:15 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-12-18 03:11 - 2013-12-18 03:03 - 00010074 _____ C:\Windows\IE11_main.log
2013-12-18 03:05 - 2013-12-18 03:05 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-18 03:05 - 2013-12-18 03:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-18 03:05 - 2013-12-18 03:05 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-18 03:05 - 2013-12-18 03:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-18 03:05 - 2013-12-18 03:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-18 03:05 - 2013-12-18 03:05 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-18 03:05 - 2013-12-18 03:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-18 03:05 - 2013-12-18 03:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-18 03:05 - 2013-12-18 03:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-18 03:01 - 2013-11-06 20:14 - 00000000 ____D C:\Windows\system32\MRT
2013-12-18 03:00 - 2011-03-20 01:47 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-15 20:23
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014 01
Ran by Christine-2011 at 2014-01-15 21:30:00
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity 2014 (Enabled - Up to date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {018C0191-29AD-04E8-101F-264FDF37B3ED}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (x32 Version: 2.0.4331.36041 - Ihr Firmenname) Hidden
Ashampoo Burning Studio Elements 10.0.9 (x32 Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon Easy-WebPrint EX (x32 Version: 1.3.5.0 - Canon Inc.)
Canon iP4300 (Version: - )
Canon MG5300 series MP Drivers (Version: - )
Canon My Printer (x32 Version: 3.1.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1116.1515.27190 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 3.04 - Piriform)
CD-LabelPrint (x32 Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (x32 Version: - Blizzard Entertainment)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (x32 Version: - )
Free YouTube to MP3 Converter version 3.11.32.918 (x32 Version: 3.11.32.918 - DVDVideoSoft Ltd.)
FW LiveUpdate (x32 Version: 2.0.6.2 - SAMSUNG)
G Data InternetSecurity 2014 (x32 Version: 24.0.1.5 - G Data Software AG)
Google Update Helper (x32 Version: 1.3.21.111 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.12 (Version: 8.12.030 - Logitech Inc.)
Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (x32 Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 2.0.673.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NetSpeedMonitor 2.5.4.0 x64 (Version: 2.5.4.0 - Florian Gilles)
No23 Recorder (x32 Version: 2.1.0.3 - No23)
NVIDIA PhysX (x32 Version: 9.11.1107 - NVIDIA Corporation)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Remote Control USB Driver (x32 Version: 2.3.2.317 - )
Star Wars Empire at War (x32 Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (x32 Version: 1.0 - LucasArts)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.0.5 (x32 Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-Bit) (Version: 4.01.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1C2B4131-2BEC-4894-A483-9258C6765FC7} - System32\Tasks\{C585E365-C2FE-468A-87B3-DFFE6FA4594D} => D:\Program Files (x86)\Steam\steam.exe
Task: {3EF7D02F-EC34-465B-A642-1DB689F14873} - System32\Tasks\{6E70E8E5-AE39-4868-AAD3-09601CE857D5} => D:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe
==================== Loaded Modules (whitelisted) =============
2011-12-25 22:25 - 2011-05-28 22:05 - 00164864 _____ () D:\Program Files\WinRAR\rarext.dll
2012-11-16 15:09 - 2012-11-16 15:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-25 10:21 - 2013-12-23 12:03 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/15/2014 09:26:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 08:24:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 06:46:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 06:46:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 06:46:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 06:45:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/13/2013 11:04:15 AM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16720 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8a0
Startzeit: 01cee057acbeb2bf
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (05/19/2013 01:11:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.13063.609, Zeitstempel: 0x513464b6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x634
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Error: (05/17/2013 11:30:54 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: swfoc.exe, Version: 1.0.0.0, Zeitstempel: 0x46b8d527
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x742e626d
ID des fehlerhaften Prozesses: 0x1794
Startzeit der fehlerhaften Anwendung: 0xswfoc.exe0
Pfad der fehlerhaften Anwendung: swfoc.exe1
Pfad des fehlerhaften Moduls: swfoc.exe2
Berichtskennung: swfoc.exe3
Error: (05/17/2013 11:21:17 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee
Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b10e8
ID des fehlerhaften Prozesses: 0x11c8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (01/15/2014 07:50:07 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/15/2014 07:49:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/15/2014 07:49:02 PM) (Source: NETLOGON) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (01/15/2014 06:46:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/15/2014 04:32:09 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/15/2014 04:31:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/15/2014 04:31:04 PM) (Source: NETLOGON) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (01/09/2014 10:18:42 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/09/2014 10:18:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/09/2014 10:17:38 AM) (Source: NETLOGON) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Microsoft Office Sessions:
=========================
Error: (01/15/2014 09:26:05 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Christine-2011\Desktop\esetsmartinstaller_enu.exe
Error: (01/15/2014 08:24:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (01/15/2014 06:46:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu.exe
Error: (01/15/2014 06:46:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu.exe
Error: (01/15/2014 06:46:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu.exe
Error: (01/15/2014 06:45:23 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu.exe
Error: (11/13/2013 11:04:15 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.167208a001cee057acbeb2bf0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (05/19/2013 01:11:59 PM) (Source: Application Error)(User: )
Description: AVKProxy.exe1.5.13063.609513464b6ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c363401ce5489f9b61832C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exeC:\Windows\SysWOW64\ntdll.dll4df04493-c07d-11e2-81ad-0018f3fe52ee
Error: (05/17/2013 11:30:54 AM) (Source: Application Error)(User: )
Description: swfoc.exe1.0.0.046b8d527unknown0.0.0.000000000c0000005742e626d179401ce52e91d285262D:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exeunknownda3b9f4c-bedc-11e2-af36-0018f3fe52ee
Error: (05/17/2013 11:21:17 AM) (Source: Application Error)(User: )
Description: firefox.exe20.0.1.484751650aeexul.dll20.0.1.484751650a09c0000005000b10e811c801ce52dad7772581D:\Program Files (x86)\Mozilla Firefox\firefox.exeD:\Program Files (x86)\Mozilla Firefox\xul.dll81e47943-bedb-11e2-af36-0018f3fe52ee
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 4095.12 MB
Available physical RAM: 2631.89 MB
Total Pagefile: 4493.3 MB
Available Pagefile: 2428.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:97.98 GB) NTFS
Drive d: () (Fixed) (Total:151.6 GB) (Free:137.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0F3BC89C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=152 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-15 21:40:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 ST3320620AS rev.3.AAE 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\pflcyuog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb1000 45 bytes [21, 00, 04, 00, 00, 00, 08, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fb102f 23 bytes [00, 05, 15, 00, 00, 00, E1, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073a71a22 2 bytes [A7, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073a71ad0 2 bytes [A7, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073a71b08 2 bytes [A7, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073a71bba 2 bytes [A7, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073a71bda 2 bytes [A7, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077001465 2 bytes [00, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770014bb 2 bytes [00, 77]
.text ... * 2
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077001465 2 bytes [00, 77]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770014bb 2 bytes [00, 77]
.text ... * 2
.text C:\Windows\SysWOW64\DllHost.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077001465 2 bytes [00, 77]
.text C:\Windows\SysWOW64\DllHost.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770014bb 2 bytes [00, 77]
.text ... * 2
---- EOF - GMER 2.1 ----
Eset: Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=20f597ed07c9c14d9127765a90403ab4
# engine=16664
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-15 06:45:58
# local_time=2014-01-15 07:45:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 5651518 141441408 0 0
# scanned=143679
# found=1
# cleaned=1
# scan_time=3473
sh=846D95D63EDE9508EFC7CEEE1D145D7CE62988C3 ft=1 fh=ec23a4ae3310ce50 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="D:\$RECYCLE.BIN\S-1-5-21-1771646177-208901202-3097835340-1004\$RPMCD4Z.exe"
GData Code:
Virenprüfung mit G Data InternetSecurity 2014
Version 24.0.1.5 (26.04.2013)
Virensignaturen vom 15.01.2014
Startzeit: 15.01.2014 16:50:40
Engine(s): Engine A (AVA 24.18), Engine B (GD 24.6)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 15.01.2014 17:16:30
144320 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Objekt: $R6JCGH5.exe
Pfad: D:\$RECYCLE.BIN\S-1-5-21-1771646177-208901202-3097835340-1004
Status: Datei in Quarantäne verschoben
Virus: Win32.Trojan.Agent.C5K071 (Engine B)
+ Der Zugriff auf die folgenden Dateien wurde verweigert:
mbam Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.15.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Christine-2011 :: CHRISTINE-2011P [limitiert]
15.01.2014 17:26:59
mbam-log-2014-01-15 (17-26-59).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378429
Laufzeit: 1 Stunde(n), 13 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
die anderen logs sind schon von 2011:pfeiff: |
