Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner Ahoi :( (https://www.trojaner-board.de/138455-trojaner-ahoi.html)

mxl 19.07.2013 14:05
Trojaner Ahoi :(
 
Hallo liebes Trojaner Board,
ich bin relativ neu hier und denke dass das hier die richtige sektion ist um mein problem zu posten und um hilfe zu finden.

Ich habe seit kurzem das problem das ich die seite Qvo6.com als startseite in jedem browser habe und sie nicht wegbekomme. Ich habe mich informiert und gelesen das es wohlmöglich ein virus sein könnte. Ich habe also ein check mit Malwarebytes gemacht da mir mein antivirus programm nix angezeigt hat. Malwarebytes hat einen hijack.userinet gefunden (k.a. was das ist um erlich zu sein) nun weiß ich nicht wie ich diesen virus von meinem Pc entfernen kann. Ich habe ihn erstmal in Quarantäne gesetzt aber ich bezweifel dass das genug sein wird.

Hier ist der Log von Malwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-HP [Administrator]

19.07.2013 12:13:26
mbam-log-2013-07-19 (12-13-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 619829
Laufzeit: 2 Stunde(n), 1 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (userinit.exeC:\Users\Thomas\AppData\Roaming\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Wäre cool wenn mir wer helfen könnte.

Mfg Thomas :)

schrauber 19.07.2013 14:25
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

mxl 19.07.2013 15:07
Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2013
Ran by Thomas at 2013-07-19 16:02:06
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)
Adobe After Effects CS4 (x32 Version: 9)
Adobe After Effects CS4 Presets (x32 Version: 9)
Adobe After Effects CS4 Third Party Content (x32 Version: 9)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.135)
Adobe Fonts All (x32 Version: 2.0)
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0)
Adobe Media Encoder CS4 Importer (x32 Version: 1.0)
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe Setup (x32 Version: 2.0)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0405.2205.37728)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
AMD VISION Engine Control Center (x32 Version: 2012.0405.2205.37728)
Amnesia - The Dark Descent  (x32 Version: 1.2)
Apple Application Support (x32 Version: 2.1.7)
Apple Software Update (x32 Version: 2.1.3.127)
aTube Catcher (x32 Version: 2.9.1328)
aTube Toolbar (x32 Version: 1.0.0.12)
Audiosurf (x32)
Battlefield: Bad Company 2 (x32)
be Flash Player 11 Plugin 64-bit (Version: 11.2.202.233)
Beat Hazard (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
BioShock (x32 Version: 2.5.0000)
BioShock 2 (x32 Version: 1.00.0000)
BitTorrent (x32 Version: 7.6.1)
Call of Duty 4: Modern Warfare (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728)
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728)
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728)
CCC Help Czech (x32 Version: 2012.0405.2204.37728)
CCC Help Danish (x32 Version: 2012.0405.2204.37728)
CCC Help Dutch (x32 Version: 2012.0405.2204.37728)
CCC Help English (x32 Version: 2012.0405.2204.37728)
CCC Help Finnish (x32 Version: 2012.0405.2204.37728)
CCC Help French (x32 Version: 2012.0405.2204.37728)
CCC Help German (x32 Version: 2012.0405.2204.37728)
CCC Help Greek (x32 Version: 2012.0405.2204.37728)
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728)
CCC Help Italian (x32 Version: 2012.0405.2204.37728)
CCC Help Japanese (x32 Version: 2012.0405.2204.37728)
CCC Help Korean (x32 Version: 2012.0405.2204.37728)
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728)
CCC Help Polish (x32 Version: 2012.0405.2204.37728)
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728)
CCC Help Russian (x32 Version: 2012.0405.2204.37728)
CCC Help Spanish (x32 Version: 2012.0405.2204.37728)
CCC Help Swedish (x32 Version: 2012.0405.2204.37728)
CCC Help Thai (x32 Version: 2012.0405.2204.37728)
CCC Help Turkish (x32 Version: 2012.0405.2204.37728)
ccc-utility64 (Version: 2012.0405.2205.37728)
CCleaner (Version: 3.27)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Counter-Strike Global Offensive Beta - Dedicated Server (x32)
Counter-Strike: Global Offensive Beta (x32)
Counter-Strike: Source (x32)
Darksiders (x32)
Dead Space™ 3 (x32 Version: 1.0.0.0)
Diablo III (x32 Version: 1.0.3.10057)
Die Sims™ 3 (x32 Version: 1.0.632)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dota 2 (x32)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030)
eReg (x32 Version: 1.20.138.34)
ESL Wire 1.14.1
Fallout: New Vegas (x32)
FATE (x32 Version: 2.2.0.95)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0)
FIFA 12 (c) EA version 1 (x32 Version: 1)
Fraps (remove only) (x32)
From Dust (x32 Version: 1.0.0)
Google Chrome (HKCU Version: 28.0.1500.72)
Guild Wars 2 (x32)
Gyazo 1.0 (x32)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.3)
HP MediaSmart DVD (x32 Version: 4.1.4229)
HP MediaSmart Music (x32 Version: 4.1.4301)
HP MediaSmart Photo (x32 Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (x32 Version: 4.1.4214)
HP Odometer (x32 Version: 2.10.0000)
HP Setup (x32 Version: 8.1.4186.3400)
HP Support Assistant (x32 Version: 5.0.11.16)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3)
HydraVision (x32 Version: 4.2.166.0)
ICQ7M (x32 Version: 7.8)
Insaniquarium Deluxe (x32 Version: 2.2.0.95)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40)
Java(TM) 7 Update 4 (x32 Version: 7.0.40)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Jewel Quest II (x32 Version: 2.2.0.95)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 14.0.8089.726)
LabelPrint (x32 Version: 2.5.2823)
Lagarith Lossless Codec (1.3.27) (x32)
League of Legends (x32 Version: 1.02.0000)
LightScribe System Software (x32 Version: 1.18.15.1)
Logitech Gaming Software (Version: 8.20.74)
Logitech Gaming Software 8.20 (Version: 8.20.74)
LOLReplay (x32 Version: 0.8.1.4)
Lucius 1.01.3173 (x32 Version: 1.01.3173)
Magic Bullet Suite 64-bit (Version: 11.4.1)
Magic Bullet Suite 64-bit (x32 Version: 11.4.1)
Magic Desktop (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect™ 3 (x32 Version: 1.01.0.0)
MATLAB Component Runtime 7.7 (x32 Version: 7.7)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
mIRC (x32 Version: 7.22)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSVCRT (x32 Version: 14.0.1468.721)
MSVCRT Redists (Version: 1.0)
MSVCRT Redists (x32 Version: 1.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MusicStation (x32 Version: 1.0.1.5)
My Game Long Name
Norton 360 (x32 Version: 20.4.0.40)
NVIDIA Drivers (Version: 1.10.61.39)
NVIDIA PhysX (x32 Version: 9.11.1107)
Open Broadcaster Software (x32)
OpenAL (x32)
osu! (x32 Version: 0.0.0.0)
Pando Media Booster (x32 Version: 2.6.0.7)
PC Wizard 2012.2.0 (x32)
PDF Complete Special Edition (x32 Version: 3.5.111)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.6904)
Photoshop Camera Raw (x32 Version: 5.0)
PictureMover (x32 Version: 3.5.0.28)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4022)
PowerDirector (x32 Version: 8.0.2906)
Prototype(TM) (x32 Version: 1.0)
QuickTime (x32 Version: 7.72.80.56)
RAGE (x32)
Rainmeter (x32 Version: 2.2 r1116)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6132)
Recovery Manager (x32 Version: 5.5.2926)
S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01] (x32 Version: 1.6.01)
Skype™ 5.10 (x32 Version: 5.10.116)
Slingo Deluxe (x32 Version: 2.2.0.95)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
StarCraft II (x32 Version: 2.0.9.26147)
Steam (x32 Version: 1.0.0.0)
Suite Shared Configuration CS4 (x32 Version: 1.0)
TeamSpeak 3 Client (x32 Version: 3.0.10.1)
TeamViewer 8 (x32 Version: 8.0.16642)
TERA (x32 Version: 19.04.02.03.hf3)
The Walking Dead (c) 3 version 1 (x32 Version: 1)
The Walking Dead (x32)
TZAC ANTICHEAT 2 (x32 Version: 2)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
Vegas Pro 10.0 (64-bit) (Version: 10.0.738)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Wedding Dash (x32 Version: 2.2.0.95)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinRAR 4.11 (32-Bit) (x32 Version: 4.11.0)
World of Warcraft (x32 Version: 5.3.0.17128)
Xfire (remove only) (x32)
XSplit (x32 Version: 1.1.1209.0601)
ZoomEx (Version: 1.0)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

18-07-2013 19:23:40 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0506CAFF-B409-4CB7-9C39-55CE64F1FD60} - System32\Tasks\{4B058D46-4E13-42AA-A958-47C57A55EB2D} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {0E8042EE-45B0-4866-9016-71175193D4B4} - System32\Tasks\{AC27E048-A0D5-44A2-BCB5-2C6E240B1D39} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {10D6D9B7-E6B8-4A8B-B180-319FB42FAB7A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {19A7BC0E-E671-4C94-B92A-3AD32219D38B} - System32\Tasks\{BB21EA02-8F78-42FB-BDAB-D8F52AE12437} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {1E0AF271-83CB-4C42-95BD-A14E8F59FEBF} - System32\Tasks\{C2FB6E04-D7A2-4AB5-8F34-69601B1C3ECB} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {353749CA-12D1-4691-82F6-204DD655FA56} - System32\Tasks\{6195DA7A-9123-4002-B8D4-BE995932FC98} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe [2003-12-12] (Valve)
Task: {4877E900-016A-4FD2-9415-D6FDA891C975} - System32\Tasks\{DBBECB5E-92C1-4F69-A453-294BBE75BE4A} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {53266036-4171-40EF-A73A-170046BE3C2F} - System32\Tasks\{D98A728C-9280-4150-8140-246856147BF1} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {5A2CD3B8-203E-4FF2-90A9-5CBAB5E33EC3} - System32\Tasks\{332D1F18-3C9B-43ED-8CDB-1BB11E9CC084} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe [2003-12-12] (Valve)
Task: {5B7A5AFC-95E9-4AEC-89EF-3F65D526A255} - System32\Tasks\{7C0C073B-EF12-4E9E-AFDC-0230BBDAF335} => C:\Counter-Strike 1.6 Mini\hlupdate.exe No File
Task: {5C50A6BB-7F85-4751-825E-09CAE0AE2500} - System32\Tasks\{B6B47F50-62CD-4F5F-AD2A-B9AFD1D25F96} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe [2003-12-12] (Valve)
Task: {664A0DA9-AA9C-48A4-9EA0-CA629FEC1225} - System32\Tasks\{1AE1C097-21B6-4F7D-AACD-52E7D3F37C48} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlds.exe [2003-11-14] (Valve)
Task: {7023A11B-3C1C-42B8-8380-444B92AE111E} - System32\Tasks\{DE3201B3-5506-4309-8B7D-8C5D5C43AACC} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {757320D7-049D-4AC3-8058-D437B55AC852} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {7CC9AAFA-494A-44A0-985E-212607EDD13A} - System32\Tasks\{3541458F-6A3A-47DE-9A59-5B4D5FBED56B} => C:\program files (x86)\mozilla firefox\firefox.exe No File
Task: {7E47136D-06E5-4CBB-A4D0-B616EFFD5BC8} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {7E76DBD0-DF74-4629-B4ED-7648F85365A0} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {7FFEF84E-68C7-4B23-85CB-BF373785296C} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {85928B67-E76B-4393-84BA-89A6083B3516} - System32\Tasks\{31E78281-B712-40C6-9CA9-34B259C9653C} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe [2003-12-12] (Valve)
Task: {8A54ED3B-2604-4108-B7BB-CD1D12518FE7} - System32\Tasks\{1B624F83-E6F3-4843-A760-F6380B4B214F} => C:\Program Files (x86)\Metro Last Light\MetroLL.exe No File
Task: {8CD92F97-2F1C-401F-B104-AD875D60C44D} - System32\Tasks\{31CF1282-D6DB-4D97-9037-4A00E1E676AF} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {94371FF7-BB38-4A2C-9B5C-AEEE893A1927} - System32\Tasks\{7A265765-3807-4542-A510-89E7F613B51B} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {9B5B95D8-C095-4929-A269-1324C7705EE2} - System32\Tasks\{3007051E-A6AD-4856-B51E-E5047D05BE25} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {A34EEE9B-660B-409A-9F2C-106405F0FFAE} - System32\Tasks\{9EFDB496-3F35-4201-94FC-0C21DBA3B8AD} => C:\Counter-Strike 1.6 Mini\hlupdate.exe No File
Task: {A3CF71F9-CBD3-4DCC-A66F-9F1D5AA6C48B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {ADCB2EC0-A8D6-4DFF-8334-00F4BAF88946} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {B4342D9F-89B1-4174-900B-8458659A22A7} - System32\Tasks\{7A2D8C2C-3DBB-4BE5-B7DD-AAE8D5E03124} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {B443C4D4-2F2C-4620-B5D1-C6C8884764DE} - System32\Tasks\{D44CEBB5-5D6D-4A31-ABCB-D858F1068CF1} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe [2003-12-12] (Valve)
Task: {B4D3C018-C956-4833-9753-5831BF9F6897} - System32\Tasks\RunAsStdUser Task => C:\Users\Thomas\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe No File
Task: {B935756A-19FD-40D2-B861-7992CCD0EBFE} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {B95D05AC-7D77-4191-8556-310794DF53A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2010-06-11] (Hewlett-Packard Company)
Task: {B9ACD865-1CB7-475B-B4ED-393EE2BDD1CD} - System32\Tasks\{00D7E840-C0EF-4BCB-AF65-9F0E0D638EFA} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {BCD4A7D1-1E8F-459D-B4DA-EBB425D04AC1} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe No File
Task: {C1025E50-1FA6-479E-B0EC-A0827B107BCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {C31769DC-7D4C-4EE3-9E42-173936669B88} - System32\Tasks\{E764AAB2-291F-48CD-B5BD-C0F074FABA37} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe [2003-12-12] (Valve)
Task: {C3ED11FF-B035-4C06-AA12-E761E82C3CC8} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
Task: {C45BEC25-938B-470E-A263-71EFA89A6586} - System32\Tasks\{919192AE-2B82-4672-84ED-4F0B300EC2A9} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe [2003-12-12] (Valve)
Task: {C8FC9037-E815-4AD1-8E30-EE510BE21661} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {CDB18136-A53E-4E33-80C7-019561BCB908} - System32\Tasks\{D3A55335-6357-4820-8290-BEDFDCD19779} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {CEE6DC7A-B929-4C11-8F50-37E40C8124A8} - System32\Tasks\{6E78D882-B5AF-4FFD-8A61-470E12A4DB6C} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hl.exe [2003-12-12] (Valve)
Task: {D2493867-4F21-4A8F-81DD-04EF0AA0463D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {D432A645-12DD-4F5D-8E6E-5C13950A4C09} - System32\Tasks\{D59F5E6C-E026-45CF-A6A5-EE285B4651E3} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {D587C4C9-2802-4461-98C5-F7E342324E3D} - System32\Tasks\{CD6A54F4-1D52-4014-AC68-9D317A05E377} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlds.exe [2003-11-14] (Valve)
Task: {DD02B20C-DCAF-4A08-90A0-2C5250E4CD35} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-31] (Adobe Systems Incorporated)
Task: {DEF3182D-F2E7-4D6F-A9F3-754FB140F5AB} - System32\Tasks\{8D938569-FD2F-47BE-963B-2C9E800CC5A8} => C:\Counter-Strike 1.6 Mini\hl.exe No File
Task: {E17173A3-FF46-46DC-BF6A-DFE3DF7805DF} - System32\Tasks\{8F52A8C5-B29D-42A9-B9EB-A0D204FA21D7} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {E5516DA9-59FB-4EE3-9528-3AB55B56E25B} - System32\Tasks\{6D8E6FC0-2DEA-4C3E-AA72-953C10BC3BBD} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {E66B2770-2F36-4C33-B732-DCC188B000E1} - System32\Tasks\{9D2E3F92-3C44-4C34-BCB7-B53FF4011EAC} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {E9DA47F3-A900-4C32-A976-0052ED2EDE14} - System32\Tasks\{63522A55-1FF7-407D-9424-93010766DB64} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {EEA01C15-293D-40B8-8A80-2DD1D785011D} - System32\Tasks\{655A8288-41C6-4CC3-A365-1FCF3A6243BE} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {F1F695C3-8F31-4F85-9A04-F7CCDCB66B66} - System32\Tasks\{16A6CAEA-2E76-406C-900F-064FCEE11455} => C:\Program Files (x86)\Metro Last Light\MetroLL.exe No File
Task: {F5B14410-26A3-4B68-9D45-0863540AB0FD} - System32\Tasks\{5B91C125-B450-4E29-9851-F70F76C130BD} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlds.exe [2003-11-14] (Valve)
Task: {FA490460-1196-4031-A312-F85D5F59834B} - System32\Tasks\{E9C8BB16-3278-45AF-B83B-10BDCFC219EE} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: {FC8B9057-7BA1-48A2-8EF7-B356680AB92A} - System32\Tasks\{4B7ADB9A-9409-4BC4-94DF-6364C4B3389D} => C:\Users\Thomas\Desktop\Desktop\Counter-Strike 1.6 Mini\hlupdate.exe [2003-09-26] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2013 01:09:43 PM) (Source: Application Hang) (User: )
Description: Programm yct.exe, Version 2.9.0.1328 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2a54

Startzeit: 01ce84703a702a20

Endzeit: 24

Anwendungspfad: C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

Berichts-ID: b2c9d341-f063-11e2-8145-7071bcb8416c

Error: (07/19/2013 10:00:22 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/18/2013 09:17:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2013 02:17:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel: 0x4859a219
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x702f7364
ID des fehlerhaften Prozesses: 0x1f8
Startzeit der fehlerhaften Anwendung: 0xiw3mp.exe0
Pfad der fehlerhaften Anwendung: iw3mp.exe1
Pfad des fehlerhaften Moduls: iw3mp.exe2
Berichtskennung: iw3mp.exe3

Error: (07/18/2013 09:26:13 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/17/2013 10:42:02 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/16/2013 03:40:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/16/2013 10:39:00 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/15/2013 09:22:20 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {36de849a-1069-403c-a207-f8aa283b1295}

Error: (07/15/2013 07:19:19 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============
Error: (07/19/2013 09:53:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (07/19/2013 09:53:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (07/19/2013 09:50:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (07/19/2013 09:50:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (07/19/2013 09:50:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (07/19/2013 09:50:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (07/18/2013 09:16:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (07/18/2013 09:16:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (07/18/2013 09:16:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (07/18/2013 09:15:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (07/19/2013 01:09:43 PM) (Source: Application Hang)(User: )
Description: yct.exe2.9.0.13282a5401ce84703a702a2024C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exeb2c9d341-f063-11e2-8145-7071bcb8416c

Error: (07/19/2013 10:00:22 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/18/2013 09:17:37 PM) (Source: SideBySide)(User: )
Description: Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe

Error: (07/18/2013 02:17:34 PM) (Source: Application Error)(User: )
Description: iw3mp.exe0.0.0.04859a219unknown0.0.0.000000000c0000005702f73641f801ce83ae5ff65b60C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4\iw3mp.exeunknown06619e40-efa4-11e2-9585-7071bcb8416c

Error: (07/18/2013 09:26:13 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/17/2013 10:42:02 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/16/2013 03:40:05 PM) (Source: SideBySide)(User: )
Description: Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe

Error: (07/16/2013 10:39:00 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/15/2013 09:22:20 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {36de849a-1069-403c-a207-f8aa283b1295}

Error: (07/15/2013 07:19:19 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


CodeIntegrity Errors:
===================================
  Date: 2012-05-12 17:27:41.060
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Thomas\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 17:27:41.007
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Thomas\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 17:27:40.709
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 17:27:40.657
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 13:36:06.344
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 13:36:06.289
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 13:21:39.308
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 13:21:39.215
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 10:49:44.263
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-05-12 10:49:44.200
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 6143.3 MB
Available physical RAM: 2410 MB
Total Pagefile: 12284.8 MB
Available Pagefile: 8520.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.82 GB) (Free:419.52 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:13.6 GB) (Free:1.67 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 6D6010DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================
FRST.txt


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-07-2013
Ran by Thomas (administrator) on 19-07-2013 16:01:28
Running from C:\Users\Thomas\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7M\ICQ.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Xfire Inc.) C:\Program Files (x86)\Xfire\xfire.exe
() C:\Program Files (x86)\Xfire\xfire64.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.175\deploy\LoLLauncher.exe
() C:\Program Files (x86)\Xfire\xfire64.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.33\deploy\LolClient.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5889816 2011-12-07] (Logitech Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7M\ICQ.exe [127040 2012-05-21] (ICQ, LLC.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
HKCU\...\Run: [Google Update] - C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-09] (Google Inc.)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {96bf5622-dad0-11e1-944c-7071bcb8416c} - G:\Install.exe
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=4456516
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {1797871B-E061-4F91-8041-7DE27A1F01E0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=4456516
SearchScopes: HKLM - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {AB6CF7E4-1670-4E1F-8F9F-5EAB1A6C08B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=4456516
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {1797871B-E061-4F91-8041-7DE27A1F01E0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=4456516
SearchScopes: HKLM-x32 - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {AB6CF7E4-1670-4E1F-8F9F-5EAB1A6C08B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://searchab.com/?aff=7&uid=b9651e40-5daf-11e2-bc63-7071bcb8416c&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119779&tt=gc_&babsrc=SP_ss&mntrId=C4117071BCB8416C
SearchScopes: HKCU - {1797871B-E061-4F91-8041-7DE27A1F01E0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=4456516
SearchScopes: HKCU - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://searchab.com/?aff=7&uid=b9651e40-5daf-11e2-bc63-7071bcb8416c&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={52F3D8F5-E8BA-4376-9C00-CECA2D89F894}&mid=4a5c4610928b47d09ab4a138fa5ca89f-bfe6a4fdef67948ef53788d6361048fce49b0ffe&lang=en&ds=yu011&pr=sa&d=2012-05-12 23:26:50&v=11.0.0.9&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AB6CF7E4-1670-4E1F-8F9F-5EAB1A6C08B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://eu.ask.com/web?l=dis&o=APN10147&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A6E&apn_uid=2975613227834282&p2=^A6E^YYYYYY^YY^DE&q={searchTerms}
SearchScopes: HKCU - {DB6A597B-B576-4AAD-A5F8-8ED658837C60} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zoomex - {12EE5012-C58D-703B-D69A-5A5E7467BBB3} - C:\ProgramData\Zoomex\50fed4919db46.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-12-02] (EasyBits Software Corp.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml
FF Extension: hdvc - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi
FF Extension: trtv3 - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3.8_0
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [678416 2012-09-04] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4135800 2011-05-15] (INCA Internet Co., Ltd.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-16] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-06-20] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-06-20] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-06-30] (Symantec Corporation)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [147472 2012-09-04] (<Turtle Entertainment>)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130718.001\IDSvia64.sys [513184 2013-06-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130718.001\IDSvia64.sys [513184 2013-06-28] (Symantec Corporation)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-10-24] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130718.033\ENG64.SYS [126040 2013-06-30] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130718.033\ENG64.SYS [126040 2013-06-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130718.033\EX64.SYS [2098776 2013-06-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130718.033\EX64.SYS [2098776 2013-06-30] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 tizekdrv; C:\Users\Thomas\AppData\Roaming\TZAC\tizek64.sys [241848 2012-05-01] ()
S3 tizekdrv; C:\Users\Thomas\AppData\Roaming\TZAC\tizek64.sys [241848 2012-05-01] ()
S3 tizeqdrv; C:\Users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-06-19] ()
S3 tizeqdrv; C:\Users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-06-19] ()
S3 dump_wmimmc; \??\C:\Program Files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-19 16:01 - 2013-07-19 16:01 - 00000000 ____D C:\FRST
2013-07-19 16:00 - 2013-07-19 16:00 - 01778207 _____ (Farbar) C:\Users\Thomas\Downloads\frst64.exe
2013-07-19 15:57 - 2013-07-19 15:57 - 01218862 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
2013-07-19 15:05 - 2013-07-19 15:05 - 00001297 _____ C:\Users\Thomas\Desktop\asda.txt
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 12:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-19 12:11 - 2013-07-19 12:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-18 19:04 - 2013-07-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-18 16:27 - 2013-07-18 16:27 - 00127843 _____ C:\Users\Thomas\Downloads\1311201730_special_gamefonts_pc.rar
2013-07-16 21:49 - 2013-07-13 00:03 - 00000000 ____D C:\Users\Thomas\Desktop\Demos
2013-07-16 21:40 - 2013-07-16 21:44 - 154954737 _____ C:\Users\Thomas\Downloads\Demos(4).rar
2013-07-16 19:12 - 2013-07-16 19:13 - 05487912 _____ (TeamViewer GmbH) C:\Users\Thomas\Downloads\TeamViewer_Setup_de_8.0.19617.exe
2013-07-16 19:07 - 2013-07-16 19:07 - 04179944 _____ (TeamViewer) C:\Users\Thomas\Downloads\TeamViewerQS_de.exe
2013-07-10 23:10 - 2013-07-10 23:49 - 119972102 _____ C:\Users\Thomas\Downloads\gntdn.rar
2013-07-10 12:45 - 2013-07-18 13:30 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-10 12:43 - 2013-07-10 12:45 - 83293072 _____ (Blizzard Entertainment) C:\Users\Thomas\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-10 12:26 - 2013-07-10 12:26 - 22125133 _____ C:\Users\Thomas\Downloads\Cataclysm_434.rar
2013-07-07 22:57 - 2013-07-07 23:25 - 84751212 _____ C:\Users\Thomas\Downloads\Prinz Pi - Hallo Musik.rar
2013-07-07 22:53 - 2013-07-07 22:54 - 00000000 ____D C:\ProgramData\eSafe
2013-07-07 22:51 - 2013-07-07 22:51 - 00021610 _____ C:\Users\Thomas\Downloads\-Prinz&nbsp;Pi&nbsp;-&nbsp;Hallo&nbsp;Musik&nbsp;Akustik&nbsp;Live-MAG-DVD-DE-2012-YSP.found.on.www.byte.to (1).torrent
2013-07-07 22:51 - 2013-07-07 22:51 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\eIntaller
2013-07-07 22:50 - 2013-07-07 22:50 - 00021610 _____ C:\Users\Thomas\Downloads\-Prinz&nbsp;Pi&nbsp;-&nbsp;Hallo&nbsp;Musik&nbsp;Akustik&nbsp;Live-MAG-DVD-DE-2012-YSP.found.on.www.byte.to.torrent
2013-07-07 22:49 - 2013-07-07 22:49 - 00297968 _____ (StarApp) C:\Users\Thomas\Downloads\TorrentDownload.exe
2013-07-07 22:49 - 2013-07-07 22:49 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP (2).torrent
2013-07-07 22:49 - 2013-07-07 22:49 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP (1).torrent
2013-07-07 22:48 - 2013-07-07 22:48 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP.torrent
2013-07-07 22:47 - 2013-07-07 22:49 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-07-07 22:47 - 2013-07-07 22:47 - 00014650 _____ C:\Users\Thomas\Downloads\CFCF1B99B5C95F9C359A3739FE908A3F1A70FB08.torrent
2013-07-07 22:47 - 2013-07-07 22:47 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-07-07 22:46 - 2013-07-07 22:46 - 00644152 _____ C:\Users\Thomas\Downloads\BitLordInstaller - Prinz Pi Hallo Musik 2011.exe
2013-07-07 22:46 - 2013-07-07 22:46 - 00261456 _____ C:\Users\Thomas\Downloads\Prinz_Pi_Hallo_Musik_2011.exe
2013-07-07 22:46 - 2013-07-07 22:46 - 00261456 _____ C:\Users\Thomas\Downloads\Prinz_Pi_Hallo_Musik_2011 (1).exe
2013-07-07 22:40 - 2013-07-07 22:40 - 00014620 _____ C:\Users\Thomas\Downloads\[isoHunt] Prinz Pi Hallo Musik 2011.torrent
2013-07-07 20:02 - 2013-07-18 14:17 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2013-07-03 22:08 - 2013-07-03 22:08 - 00436249 _____ C:\Users\Thomas\Downloads\UPRandomizer-120a.zip
2013-07-03 22:07 - 2013-07-03 22:07 - 01000193 _____ C:\Users\Thomas\Downloads\VisualBoyAdvanceM1097.7z
2013-07-01 19:34 - 2013-07-01 19:34 - 00010704 _____ C:\Users\Thomas\Downloads\01_01.wma
2013-07-01 12:30 - 2013-07-01 12:30 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-06-30 08:41 - 2013-06-30 08:41 - 00000000 ____D C:\N360_BACKUP
2013-06-30 08:37 - 2013-07-01 12:25 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-30 08:37 - 2013-06-30 19:03 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-06-30 08:37 - 2013-06-30 19:03 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-06-30 08:37 - 2013-06-30 08:37 - 00000000 ____D C:\Program Files\Symantec
2013-06-30 08:37 - 2013-06-30 08:37 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-30 08:36 - 2013-07-01 12:25 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-06-30 08:36 - 2013-06-30 08:36 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-06-29 19:02 - 2013-06-29 19:02 - 00000000 ____D C:\Users\Thomas\Documents\4A Games
2013-06-29 18:57 - 2013-06-29 18:57 - 00000000 ____D C:\Users\Thomas\AppData\Local\4A Games
2013-06-29 18:48 - 2013-06-29 18:48 - 00002972 _____ C:\Windows\System32\Tasks\{1B624F83-E6F3-4843-A760-F6380B4B214F}
2013-06-29 18:48 - 2013-06-29 18:48 - 00002972 _____ C:\Windows\System32\Tasks\{16A6CAEA-2E76-406C-900F-064FCEE11455}
2013-06-29 18:17 - 2013-06-30 08:38 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-06-29 18:17 - 2013-06-29 18:17 - 00915960 _____ (Symantec Corporation) C:\Users\Thomas\Downloads\Norton_Download_Manager.exe
2013-06-29 18:17 - 2013-06-29 18:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-29 02:34 - 2013-06-29 02:34 - 00156719 _____ C:\Users\Thomas\Downloads\[kickass.to]metro.last.light.reloaded.torrent
2013-06-28 01:17 - 2013-06-28 01:17 - 00002994 _____ C:\Windows\System32\Tasks\{919192AE-2B82-4672-84ED-4F0B300EC2A9}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{CD6A54F4-1D52-4014-AC68-9D317A05E377}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{5B91C125-B450-4E29-9851-F70F76C130BD}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{1AE1C097-21B6-4F7D-AACD-52E7D3F37C48}
2013-06-28 01:11 - 2013-06-28 01:11 - 00003006 _____ C:\Windows\System32\Tasks\{E9C8BB16-3278-45AF-B83B-10BDCFC219EE}
2013-06-28 01:09 - 2013-06-28 01:09 - 00002936 _____ C:\Windows\System32\Tasks\{8D938569-FD2F-47BE-963B-2C9E800CC5A8}
2013-06-28 01:08 - 2013-06-28 01:08 - 00003006 _____ C:\Windows\System32\Tasks\{7A265765-3807-4542-A510-89E7F613B51B}
2013-06-28 01:08 - 2013-06-28 01:08 - 00003006 _____ C:\Windows\System32\Tasks\{4B058D46-4E13-42AA-A958-47C57A55EB2D}
2013-06-28 01:08 - 2013-06-28 01:08 - 00002948 _____ C:\Windows\System32\Tasks\{9EFDB496-3F35-4201-94FC-0C21DBA3B8AD}
2013-06-28 01:08 - 2013-06-28 01:08 - 00002948 _____ C:\Windows\System32\Tasks\{7C0C073B-EF12-4E9E-AFDC-0230BBDAF335}
2013-06-28 01:05 - 2013-06-28 01:05 - 00002994 _____ C:\Windows\System32\Tasks\{D44CEBB5-5D6D-4A31-ABCB-D858F1068CF1}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{DBBECB5E-92C1-4F69-A453-294BBE75BE4A}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{9D2E3F92-3C44-4C34-BCB7-B53FF4011EAC}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{8F52A8C5-B29D-42A9-B9EB-A0D204FA21D7}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{3007051E-A6AD-4856-B51E-E5047D05BE25}
2013-06-28 01:01 - 2013-06-28 01:01 - 00003006 _____ C:\Windows\System32\Tasks\{7A2D8C2C-3DBB-4BE5-B7DD-AAE8D5E03124}
2013-06-28 01:00 - 2013-06-28 01:00 - 00003006 _____ C:\Windows\System32\Tasks\{C2FB6E04-D7A2-4AB5-8F34-69601B1C3ECB}
2013-06-28 00:59 - 2013-06-28 00:59 - 00002994 _____ C:\Windows\System32\Tasks\{6E78D882-B5AF-4FFD-8A61-470E12A4DB6C}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{D98A728C-9280-4150-8140-246856147BF1}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{63522A55-1FF7-407D-9424-93010766DB64}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{31CF1282-D6DB-4D97-9037-4A00E1E676AF}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{00D7E840-C0EF-4BCB-AF65-9F0E0D638EFA}
2013-06-28 00:56 - 2013-06-28 00:56 - 00003006 _____ C:\Windows\System32\Tasks\{4B7ADB9A-9409-4BC4-94DF-6364C4B3389D}
2013-06-28 00:55 - 2013-06-28 00:55 - 00002994 _____ C:\Windows\System32\Tasks\{B6B47F50-62CD-4F5F-AD2A-B9AFD1D25F96}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{DE3201B3-5506-4309-8B7D-8C5D5C43AACC}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{D59F5E6C-E026-45CF-A6A5-EE285B4651E3}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{D3A55335-6357-4820-8290-BEDFDCD19779}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{BB21EA02-8F78-42FB-BDAB-D8F52AE12437}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{AC27E048-A0D5-44A2-BCB5-2C6E240B1D39}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{6D8E6FC0-2DEA-4C3E-AA72-953C10BC3BBD}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{655A8288-41C6-4CC3-A365-1FCF3A6243BE}
2013-06-28 00:54 - 2013-06-28 00:54 - 00002994 _____ C:\Windows\System32\Tasks\{6195DA7A-9123-4002-B8D4-BE995932FC98}
2013-06-28 00:53 - 2013-06-28 00:53 - 00002994 _____ C:\Windows\System32\Tasks\{332D1F18-3C9B-43ED-8CDB-1BB11E9CC084}
2013-06-28 00:51 - 2013-06-28 00:51 - 00002994 _____ C:\Windows\System32\Tasks\{31E78281-B712-40C6-9CA9-34B259C9653C}
2013-06-28 00:43 - 2013-06-28 00:43 - 00002994 _____ C:\Windows\System32\Tasks\{E764AAB2-291F-48CD-B5BD-C0F074FABA37}
2013-06-27 10:00 - 2013-06-27 10:00 - 12228373 _____ C:\Users\Thomas\Downloads\d3d9.zip
2013-06-27 09:57 - 2013-06-27 09:58 - 04241280 _____ (Dll-Files.com                                              ) C:\Users\Thomas\Downloads\dffsetup-d3d9.exe
2013-06-24 16:05 - 2013-06-24 16:11 - 00000000 ____D C:\Users\Thomas\AppData\Local\Darksiders
2013-06-23 21:10 - 2013-06-23 21:10 - 00158243 _____ C:\Users\Thomas\Downloads\no$gba-w.2.6a.zip
2013-06-23 21:07 - 2013-06-23 21:07 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Sun
2013-06-23 21:01 - 2013-06-23 21:02 - 00178833 _____ C:\Users\Thomas\Downloads\PkmnEmeraldRandomizer_v1.0.zip
2013-06-23 21:00 - 2013-06-23 21:01 - 06868618 _____ C:\Users\Thomas\Downloads\Pokemon Emerald.zip
2013-06-23 21:00 - 2013-06-23 21:00 - 00659797 _____ C:\Users\Thomas\Downloads\VisualBoyAdvance-1.8.0-beta3.zip

==================== One Month Modified Files and Folders =======

2013-07-19 16:01 - 2013-07-19 16:01 - 00000000 ____D C:\FRST
2013-07-19 16:01 - 2012-10-01 19:26 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Skype
2013-07-19 16:01 - 2012-05-19 19:24 - 00000000 ____D C:\Users\Thomas\AppData\Local\PMB Files
2013-07-19 16:00 - 2013-07-19 16:00 - 01778207 _____ (Farbar) C:\Users\Thomas\Downloads\frst64.exe
2013-07-19 15:57 - 2013-07-19 15:57 - 01218862 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
2013-07-19 15:35 - 2012-05-01 00:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 15:30 - 2012-11-09 17:55 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job
2013-07-19 15:25 - 2012-04-30 23:57 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Xfire
2013-07-19 15:05 - 2013-07-19 15:05 - 00001297 _____ C:\Users\Thomas\Desktop\asda.txt
2013-07-19 13:53 - 2012-05-01 00:04 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\TS3Client
2013-07-19 13:48 - 2012-05-19 19:24 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-19 13:13 - 2012-08-13 17:03 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Spotify
2013-07-19 13:12 - 2010-12-02 02:12 - 01675062 _____ C:\Windows\WindowsUpdate.log
2013-07-19 12:30 - 2012-11-09 17:55 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job
2013-07-19 12:20 - 2012-05-01 04:02 - 00282472 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-19 12:20 - 2012-05-01 04:02 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-19 12:20 - 2012-05-01 04:01 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 12:12 - 2013-07-19 12:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-19 09:57 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 09:57 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 09:53 - 2012-05-01 01:32 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\ICQ
2013-07-19 09:50 - 2013-02-10 02:00 - 00020038 _____ C:\Windows\setupact.log
2013-07-19 09:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 00:05 - 2012-05-01 00:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-18 19:05 - 2013-07-18 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-18 16:27 - 2013-07-18 16:27 - 00127843 _____ C:\Users\Thomas\Downloads\1311201730_special_gamefonts_pc.rar
2013-07-18 14:17 - 2013-07-07 20:02 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2013-07-18 13:30 - 2013-07-10 12:45 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-18 00:59 - 2012-04-30 23:57 - 00000000 ____D C:\ProgramData\Xfire
2013-07-18 00:03 - 2012-05-07 18:41 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\mIRC
2013-07-17 23:53 - 2012-05-07 18:41 - 00000000 ____D C:\Program Files (x86)\mIRC
2013-07-16 21:44 - 2013-07-16 21:40 - 154954737 _____ C:\Users\Thomas\Downloads\Demos(4).rar
2013-07-16 19:13 - 2013-07-16 19:12 - 05487912 _____ (TeamViewer GmbH) C:\Users\Thomas\Downloads\TeamViewer_Setup_de_8.0.19617.exe
2013-07-16 19:07 - 2013-07-16 19:07 - 04179944 _____ (TeamViewer) C:\Users\Thomas\Downloads\TeamViewerQS_de.exe
2013-07-16 10:28 - 2013-02-11 17:44 - 00470584 _____ C:\Windows\PFRO.log
2013-07-15 12:25 - 2012-11-09 17:55 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA
2013-07-15 12:25 - 2012-11-09 17:55 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core
2013-07-13 00:03 - 2013-07-16 21:49 - 00000000 ____D C:\Users\Thomas\Desktop\Demos
2013-07-10 23:49 - 2013-07-10 23:10 - 119972102 _____ C:\Users\Thomas\Downloads\gntdn.rar
2013-07-10 13:10 - 2010-12-02 02:37 - 00654372 _____ C:\Windows\system32\perfh007.dat
2013-07-10 13:10 - 2010-12-02 02:37 - 00129986 _____ C:\Windows\system32\perfc007.dat
2013-07-10 13:10 - 2009-07-14 07:13 - 01499844 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 12:45 - 2013-07-10 12:43 - 83293072 _____ (Blizzard Entertainment) C:\Users\Thomas\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-10 12:26 - 2013-07-10 12:26 - 22125133 _____ C:\Users\Thomas\Downloads\Cataclysm_434.rar
2013-07-09 22:22 - 2012-08-13 17:03 - 00000000 ____D C:\Users\Thomas\AppData\Local\Spotify
2013-07-07 23:25 - 2013-07-07 22:57 - 84751212 _____ C:\Users\Thomas\Downloads\Prinz Pi - Hallo Musik.rar
2013-07-07 22:54 - 2013-07-07 22:53 - 00000000 ____D C:\ProgramData\eSafe
2013-07-07 22:53 - 2012-04-30 23:14 - 00001651 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-07 22:53 - 2012-04-30 23:14 - 00001629 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-07 22:53 - 2011-02-20 00:03 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-07-07 22:53 - 2011-02-19 01:40 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-07-07 22:52 - 2012-05-15 16:24 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\BitTorrent
2013-07-07 22:51 - 2013-07-07 22:51 - 00021610 _____ C:\Users\Thomas\Downloads\-Prinz&nbsp;Pi&nbsp;-&nbsp;Hallo&nbsp;Musik&nbsp;Akustik&nbsp;Live-MAG-DVD-DE-2012-YSP.found.on.www.byte.to (1).torrent
2013-07-07 22:51 - 2013-07-07 22:51 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\eIntaller
2013-07-07 22:50 - 2013-07-07 22:50 - 00021610 _____ C:\Users\Thomas\Downloads\-Prinz&nbsp;Pi&nbsp;-&nbsp;Hallo&nbsp;Musik&nbsp;Akustik&nbsp;Live-MAG-DVD-DE-2012-YSP.found.on.www.byte.to.torrent
2013-07-07 22:49 - 2013-07-07 22:49 - 00297968 _____ (StarApp) C:\Users\Thomas\Downloads\TorrentDownload.exe
2013-07-07 22:49 - 2013-07-07 22:49 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP (2).torrent
2013-07-07 22:49 - 2013-07-07 22:49 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP (1).torrent
2013-07-07 22:49 - 2013-07-07 22:47 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-07-07 22:48 - 2013-07-07 22:48 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP.torrent
2013-07-07 22:47 - 2013-07-07 22:47 - 00014650 _____ C:\Users\Thomas\Downloads\CFCF1B99B5C95F9C359A3739FE908A3F1A70FB08.torrent
2013-07-07 22:47 - 2013-07-07 22:47 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-07-07 22:46 - 2013-07-07 22:46 - 00644152 _____ C:\Users\Thomas\Downloads\BitLordInstaller - Prinz Pi Hallo Musik 2011.exe
2013-07-07 22:46 - 2013-07-07 22:46 - 00261456 _____ C:\Users\Thomas\Downloads\Prinz_Pi_Hallo_Musik_2011.exe
2013-07-07 22:46 - 2013-07-07 22:46 - 00261456 _____ C:\Users\Thomas\Downloads\Prinz_Pi_Hallo_Musik_2011 (1).exe
2013-07-07 22:40 - 2013-07-07 22:40 - 00014620 _____ C:\Users\Thomas\Downloads\[isoHunt] Prinz Pi Hallo Musik 2011.torrent
2013-07-03 22:08 - 2013-07-03 22:08 - 00436249 _____ C:\Users\Thomas\Downloads\UPRandomizer-120a.zip
2013-07-03 22:07 - 2013-07-03 22:07 - 01000193 _____ C:\Users\Thomas\Downloads\VisualBoyAdvanceM1097.7z
2013-07-01 19:34 - 2013-07-01 19:34 - 00010704 _____ C:\Users\Thomas\Downloads\01_01.wma
2013-07-01 12:30 - 2013-07-01 12:30 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-07-01 12:25 - 2013-06-30 08:37 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-07-01 12:25 - 2013-06-30 08:36 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-06-30 19:03 - 2013-06-30 08:37 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-06-30 19:03 - 2013-06-30 08:37 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-06-30 17:01 - 2013-04-02 14:36 - 00001161 _____ C:\Windows\LkmdfCoInst.log
2013-06-30 17:01 - 2012-05-19 16:19 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-06-30 08:51 - 2012-05-12 10:39 - 00001912 _____ C:\Windows\epplauncher.mif
2013-06-30 08:41 - 2013-06-30 08:41 - 00000000 ____D C:\N360_BACKUP
2013-06-30 08:38 - 2013-06-29 18:17 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-06-30 08:38 - 2010-12-02 02:47 - 00000000 ____D C:\ProgramData\Norton
2013-06-30 08:37 - 2013-06-30 08:37 - 00000000 ____D C:\Program Files\Symantec
2013-06-30 08:37 - 2013-06-30 08:37 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-30 08:36 - 2013-06-30 08:36 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-06-29 19:02 - 2013-06-29 19:02 - 00000000 ____D C:\Users\Thomas\Documents\4A Games
2013-06-29 18:57 - 2013-06-29 18:57 - 00000000 ____D C:\Users\Thomas\AppData\Local\4A Games
2013-06-29 18:48 - 2013-06-29 18:48 - 00002972 _____ C:\Windows\System32\Tasks\{1B624F83-E6F3-4843-A760-F6380B4B214F}
2013-06-29 18:48 - 2013-06-29 18:48 - 00002972 _____ C:\Windows\System32\Tasks\{16A6CAEA-2E76-406C-900F-064FCEE11455}
2013-06-29 18:17 - 2013-06-29 18:17 - 00915960 _____ (Symantec Corporation) C:\Users\Thomas\Downloads\Norton_Download_Manager.exe
2013-06-29 18:17 - 2013-06-29 18:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-29 02:34 - 2013-06-29 02:34 - 00156719 _____ C:\Users\Thomas\Downloads\[kickass.to]metro.last.light.reloaded.torrent
2013-06-28 01:17 - 2013-06-28 01:17 - 00002994 _____ C:\Windows\System32\Tasks\{919192AE-2B82-4672-84ED-4F0B300EC2A9}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{CD6A54F4-1D52-4014-AC68-9D317A05E377}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{5B91C125-B450-4E29-9851-F70F76C130BD}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{1AE1C097-21B6-4F7D-AACD-52E7D3F37C48}
2013-06-28 01:11 - 2013-06-28 01:11 - 00003006 _____ C:\Windows\System32\Tasks\{E9C8BB16-3278-45AF-B83B-10BDCFC219EE}
2013-06-28 01:09 - 2013-06-28 01:09 - 00002936 _____ C:\Windows\System32\Tasks\{8D938569-FD2F-47BE-963B-2C9E800CC5A8}
2013-06-28 01:08 - 2013-06-28 01:08 - 00003006 _____ C:\Windows\System32\Tasks\{7A265765-3807-4542-A510-89E7F613B51B}
2013-06-28 01:08 - 2013-06-28 01:08 - 00003006 _____ C:\Windows\System32\Tasks\{4B058D46-4E13-42AA-A958-47C57A55EB2D}
2013-06-28 01:08 - 2013-06-28 01:08 - 00002948 _____ C:\Windows\System32\Tasks\{9EFDB496-3F35-4201-94FC-0C21DBA3B8AD}
2013-06-28 01:08 - 2013-06-28 01:08 - 00002948 _____ C:\Windows\System32\Tasks\{7C0C073B-EF12-4E9E-AFDC-0230BBDAF335}
2013-06-28 01:05 - 2013-06-28 01:05 - 00002994 _____ C:\Windows\System32\Tasks\{D44CEBB5-5D6D-4A31-ABCB-D858F1068CF1}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{DBBECB5E-92C1-4F69-A453-294BBE75BE4A}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{9D2E3F92-3C44-4C34-BCB7-B53FF4011EAC}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{8F52A8C5-B29D-42A9-B9EB-A0D204FA21D7}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{3007051E-A6AD-4856-B51E-E5047D05BE25}
2013-06-28 01:01 - 2013-06-28 01:01 - 00003006 _____ C:\Windows\System32\Tasks\{7A2D8C2C-3DBB-4BE5-B7DD-AAE8D5E03124}
2013-06-28 01:00 - 2013-06-28 01:00 - 00003006 _____ C:\Windows\System32\Tasks\{C2FB6E04-D7A2-4AB5-8F34-69601B1C3ECB}
2013-06-28 00:59 - 2013-06-28 00:59 - 00002994 _____ C:\Windows\System32\Tasks\{6E78D882-B5AF-4FFD-8A61-470E12A4DB6C}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{D98A728C-9280-4150-8140-246856147BF1}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{63522A55-1FF7-407D-9424-93010766DB64}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{31CF1282-D6DB-4D97-9037-4A00E1E676AF}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{00D7E840-C0EF-4BCB-AF65-9F0E0D638EFA}
2013-06-28 00:56 - 2013-06-28 00:56 - 00003006 _____ C:\Windows\System32\Tasks\{4B7ADB9A-9409-4BC4-94DF-6364C4B3389D}
2013-06-28 00:55 - 2013-06-28 00:55 - 00002994 _____ C:\Windows\System32\Tasks\{B6B47F50-62CD-4F5F-AD2A-B9AFD1D25F96}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{DE3201B3-5506-4309-8B7D-8C5D5C43AACC}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{D59F5E6C-E026-45CF-A6A5-EE285B4651E3}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{D3A55335-6357-4820-8290-BEDFDCD19779}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{BB21EA02-8F78-42FB-BDAB-D8F52AE12437}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{AC27E048-A0D5-44A2-BCB5-2C6E240B1D39}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{6D8E6FC0-2DEA-4C3E-AA72-953C10BC3BBD}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{655A8288-41C6-4CC3-A365-1FCF3A6243BE}
2013-06-28 00:54 - 2013-06-28 00:54 - 00002994 _____ C:\Windows\System32\Tasks\{6195DA7A-9123-4002-B8D4-BE995932FC98}
2013-06-28 00:53 - 2013-06-28 00:53 - 00002994 _____ C:\Windows\System32\Tasks\{332D1F18-3C9B-43ED-8CDB-1BB11E9CC084}
2013-06-28 00:51 - 2013-06-28 00:51 - 00002994 _____ C:\Windows\System32\Tasks\{31E78281-B712-40C6-9CA9-34B259C9653C}
2013-06-28 00:43 - 2013-06-28 00:43 - 00002994 _____ C:\Windows\System32\Tasks\{E764AAB2-291F-48CD-B5BD-C0F074FABA37}
2013-06-27 10:00 - 2013-06-27 10:00 - 12228373 _____ C:\Users\Thomas\Downloads\d3d9.zip
2013-06-27 09:58 - 2013-06-27 09:57 - 04241280 _____ (Dll-Files.com                                              ) C:\Users\Thomas\Downloads\dffsetup-d3d9.exe
2013-06-24 16:11 - 2013-06-24 16:05 - 00000000 ____D C:\Users\Thomas\AppData\Local\Darksiders
2013-06-23 21:10 - 2013-06-23 21:10 - 00158243 _____ C:\Users\Thomas\Downloads\no$gba-w.2.6a.zip
2013-06-23 21:07 - 2013-06-23 21:07 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Sun
2013-06-23 21:02 - 2013-06-23 21:01 - 00178833 _____ C:\Users\Thomas\Downloads\PkmnEmeraldRandomizer_v1.0.zip
2013-06-23 21:01 - 2013-06-23 21:00 - 06868618 _____ C:\Users\Thomas\Downloads\Pokemon Emerald.zip
2013-06-23 21:00 - 2013-06-23 21:00 - 00659797 _____ C:\Users\Thomas\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-06-23 10:28 - 2013-05-26 12:36 - 00000000 ____D C:\Program Files (x86)\StarCraft II

ZeroAccess:
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\U
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L\00000004.@
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L\201d3dde

ZeroAccess:
C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}
C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L
C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 16:33

==================== End Of Log ============================
--- --- ---

schrauber 19.07.2013 15:37
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}\n. ATTENTION! ====> ZeroAccess?
ZeroAccess:
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\U
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L\00000004.@
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L\201d3dde

ZeroAccess:
C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}
C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L
C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}\U

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


mxl 19.07.2013 20:56
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-07-2013
Ran by Thomas at 2013-07-19 21:55:44 Run:1
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==============================================

HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c} => Moved successfully.
"C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L" => File/Directory not found.
"C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\U" => File/Directory not found.
"C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L\201d3dde" => File/Directory not found.
C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c} => Moved successfully.
"C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}\L" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\{43052835-0e74-b0ab-3a54-c943fa54b21c}\U" => File/Directory not found.

==== End of Fixlog ====

schrauber 20.07.2013 10:09
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

mxl 20.07.2013 12:37
Code:
ComboFix 13-07-20.01 - Thomas 20.07.2013  11:32:27.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6143.3817 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\Uninstall.exe
c:\program files (x86)\update.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-20 bis 2013-07-20  ))))))))))))))))))))))))))))))
.
.
2013-07-20 09:43 . 2013-07-20 09:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-19 14:01 . 2013-07-19 14:01        --------        d-----w-        C:\FRST
2013-07-19 10:12 . 2013-07-19 10:12        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Malwarebytes
2013-07-19 10:12 . 2013-07-19 10:12        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-19 10:12 . 2013-07-19 10:12        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-19 10:12 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-18 17:04 . 2013-07-18 17:05        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-07-10 10:45 . 2013-07-18 11:30        --------        d-----w-        c:\program files (x86)\World of Warcraft
2013-07-07 20:53 . 2013-07-07 20:54        --------        d-----w-        c:\programdata\eSafe
2013-07-07 20:51 . 2013-07-07 20:51        --------        d-----w-        c:\users\Thomas\AppData\Roaming\eIntaller
2013-07-07 20:47 . 2013-07-07 20:49        --------        d-----w-        c:\program files (x86)\TornTV.com
2013-07-07 18:02 . 2013-07-18 12:17        --------        d-----w-        c:\users\Thomas\AppData\Local\CrashDumps
2013-06-30 06:41 . 2013-06-30 06:41        --------        d-----w-        C:\N360_BACKUP
2013-06-30 06:37 . 2013-06-30 17:03        177312        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-06-30 06:37 . 2013-06-30 06:37        --------        d-----w-        c:\program files\Common Files\Symantec Shared
2013-06-30 06:37 . 2013-06-30 06:37        --------        d-----w-        c:\program files\Symantec
2013-06-30 06:36 . 2013-07-01 10:25        --------        d-----w-        c:\windows\system32\drivers\N360x64
2013-06-30 06:36 . 2013-06-30 06:36        --------        d-----w-        c:\program files (x86)\Norton 360
2013-06-30 06:36 . 2013-06-30 06:36        --------        d-----w-        c:\program files (x86)\NortonInstaller
2013-06-29 16:57 . 2013-06-29 16:57        --------        d-----w-        c:\users\Thomas\AppData\Local\4A Games
2013-06-29 16:48 . 2013-06-30 06:45        --------        d-----w-        c:\program files (x86)\Common Files\Symantec Shared
2013-06-24 14:05 . 2013-06-24 14:11        --------        d-----w-        c:\users\Thomas\AppData\Local\Darksiders
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-20 08:37 . 2012-05-01 02:02        281768        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-07-20 08:37 . 2012-05-01 02:01        281768        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-07-20 08:37 . 2012-05-01 02:02        282472        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-07-07 20:53 . 2011-02-19 22:03        420944        ----a-w-        c:\windows\SysWow64\msvcp100.dll
2013-07-07 20:53 . 2011-02-18 23:40        773712        ----a-w-        c:\windows\SysWow64\msvcr100.dll
2013-06-30 15:01 . 2012-05-19 14:19        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2013-04-27 08:23 . 2013-04-27 08:23        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
2013-04-09 18:53 . 2012-04-20 09:18        9424872        ----a-w-        c:\program files (x86)\ts3client_win32.exe
2013-04-09 18:53 . 2012-04-20 09:18        189928        ----a-w-        c:\program files (x86)\package_inst.exe
2013-03-25 18:33 . 2013-04-05 10:28        84        ----a-w-        c:\program files (x86)\update-bioshock_Inf.bat
2013-03-05 20:49 . 2012-04-20 09:18        399848        ----a-w-        c:\program files (x86)\_old_update.exe
2013-03-05 20:49 . 2012-10-23 15:09        187904        ----a-w-        c:\program files (x86)\QtSql4.dll
2013-03-05 20:49 . 2012-04-20 09:18        856576        ----a-w-        c:\program files (x86)\QtNetwork4.dll
2013-03-05 20:49 . 2012-04-20 09:18        8040960        ----a-w-        c:\program files (x86)\QtGui4.dll
2013-03-05 20:49 . 2012-04-20 09:18        2449408        ----a-w-        c:\program files (x86)\QtCore4.dll
2013-03-05 20:49 . 2012-04-20 09:18        180712        ----a-w-        c:\program files (x86)\error_report.exe
2012-11-03 12:57 . 2013-01-17 17:02        83        ----a-w-        c:\program files (x86)\update-Conviction.bat
2012-07-03 14:41 . 2012-06-21 21:05        168864        ----a-w-        c:\program files\Common Files\WireHelpSvc.exe
2012-06-21 17:39 . 2012-04-20 09:18        110106        ----a-w-        c:\program files (x86)\createfileassoc.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{12EE5012-C58D-703B-D69A-5A5E7467BBB3}]
2013-01-22 18:04        120832        ----a-w-        c:\programdata\Zoomex\50fed4919db46.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
2011-10-31 11:02        81920        ----a-w-        c:\program files (x86)\atube\atubeX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03        1310040        ----a-r-        c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bfc39e47-d643-4dc2-aa1d-61377501c844}"= "c:\program files (x86)\atube\atubeX.dll" [2011-10-31 81920]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-05-21 127040]
"Spotify Web Helper"="c:\users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-09 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys;c:\program files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 tizekdrv;tizekdrv;c:\users\Thomas\AppData\Roaming\TZAC\tizek64.sys;c:\users\Thomas\AppData\Roaming\TZAC\tizek64.sys [x]
R3 tizeqdrv;tizeqdrv;c:\users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys;c:\users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 17:36]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job
- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09 15:55]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job
- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09 15:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-SP_5dec30d7 - c:\program files (x86)\ZoomEx\uninstall.exe
AddRemove-TeamSpeak 3 Client - c:\program files (x86)\uninstall.exe
AddRemove-{319E272A-B5DB-4939-99D0-1F1F0C55699E} - c:\program files (x86)\InstallShield Installation Information\{319E272A-B5DB-4939-99D0-1F1F0C55699E}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-4240377317-2580135182-2221074664-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.INQJWIUNJ24NUEASKZWT6VLP2I"
.
[HKEY_USERS\S-1-5-21-4240377317-2580135182-2221074664-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\ts3client_win32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-20  13:36:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-20 11:36
.
Vor Suchlauf: 17 Verzeichnis(se), 478.854.938.624 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 478.444.945.408 Bytes frei
.
- - End Of File - - 96F9A4D341C48BF762128DFF59E6AA36
9C21F523E72C7EDF0A4D5F9DDDCC5E3C

schrauber 20.07.2013 19:57
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

mxl 21.07.2013 13:29
Code:
# AdwCleaner v2.306 - Datei am 21/07/2013 um 14:24:30 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Thomas - THOMAS-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomas\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\Users\Thomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\Thomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Datei Desinfiziert : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\HDvidCodec.com
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\TornTV.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\clsoft ltd
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoomex
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Zoomex
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\RavenBleuSA
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\searchresultstb
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{12EE5012-C58D-703B-D69A-5A5E7467BBB3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE5012-C58D-703B-D69A-5A5E7467BBB3}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\82dfd8e53cb912
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\82dfd8e53cb912
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{12EE5012-C58D-703B-D69A-5A5E7467BBB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12EE5012-C58D-703B-D69A-5A5E7467BBB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{53820F89-063F-10D7-7457-06C201F4CBF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=395049983_1052499_C411A0EC&ts=1373230290 --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [13498 octets] - [21/07/2013 14:24:30]

########## EOF - C:\AdwCleaner[S1].txt - [13559 octets] ##########

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-07-2013
Ran by Thomas (administrator) on 21-07-2013 14:38:34
Running from C:\Users\Thomas\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7M\ICQ.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.175\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.33\deploy\LolClient.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5889816 2011-12-07] (Logitech Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7M\ICQ.exe [127040 2012-05-21] (ICQ, LLC.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {1797871B-E061-4F91-8041-7DE27A1F01E0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {AB6CF7E4-1670-4E1F-8F9F-5EAB1A6C08B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {AB6CF7E4-1670-4E1F-8F9F-5EAB1A6C08B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {5A1E0467-75EB-4522-BD4B-A3E0F30AAA7D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {AB6CF7E4-1670-4E1F-8F9F-5EAB1A6C08B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {DB6A597B-B576-4AAD-A5F8-8ED658837C60} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-12-02] (EasyBits Software Corp.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml
FF Extension: hdvc - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi
FF Extension: trtv3 - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3.8_0
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [678416 2012-09-04] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4135800 2011-05-15] (INCA Internet Co., Ltd.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-16] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-06-20] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-06-20] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-06-30] (Symantec Corporation)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [147472 2012-09-04] (<Turtle Entertainment>)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2013-06-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2013-06-28] (Symantec Corporation)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-10-24] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-06-30] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-06-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-06-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-06-30] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 tizekdrv; C:\Users\Thomas\AppData\Roaming\TZAC\tizek64.sys [241848 2012-05-01] ()
S3 tizekdrv; C:\Users\Thomas\AppData\Roaming\TZAC\tizek64.sys [241848 2012-05-01] ()
S3 tizeqdrv; C:\Users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-06-19] ()
S3 tizeqdrv; C:\Users\Thomas\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-06-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 14:37 - 2013-07-21 14:37 - 00002088 _____ C:\Users\Thomas\Desktop\JRT.txt
2013-07-21 14:31 - 2013-07-21 14:31 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 14:29 - 2013-07-21 14:29 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\Thomas\Downloads\JRT.exe
2013-07-21 14:24 - 2013-07-21 14:25 - 00013549 _____ C:\AdwCleaner[S1].txt
2013-07-21 14:23 - 2013-07-21 14:23 - 00666633 _____ C:\Users\Thomas\Downloads\adwcleaner.exe
2013-07-21 07:44 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-21 07:44 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-07-21 07:44 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-07-21 07:44 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-21 07:20 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-21 07:20 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-21 07:20 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-21 07:20 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-21 07:19 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-07-21 07:19 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-07-21 07:19 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-07-21 07:19 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-07-21 07:19 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-07-21 07:19 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-07-21 07:19 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-07-21 07:19 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-21 07:17 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-21 07:17 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-21 07:17 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-21 07:17 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-21 07:17 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-21 07:17 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-21 07:17 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-21 07:17 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-21 07:17 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-21 07:17 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-21 07:17 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-21 07:17 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-21 07:17 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-21 07:17 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-21 07:17 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-21 07:17 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-21 07:17 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-21 07:17 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-21 07:17 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-21 07:17 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-21 07:17 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-21 07:17 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-21 07:17 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-21 07:17 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-21 07:17 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-21 07:17 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-21 07:17 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-21 07:17 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-21 07:17 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-21 07:17 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-21 07:17 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-21 07:17 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-21 07:11 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-21 07:11 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-21 07:11 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-21 07:11 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-21 07:11 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-21 07:11 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-21 07:11 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-21 07:11 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-21 07:11 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-21 07:11 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-21 07:11 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-21 07:07 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-07-21 07:07 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-21 07:07 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-21 07:07 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-07-21 07:07 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-21 07:07 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-21 07:07 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-21 07:07 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2013-07-21 07:07 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-07-21 07:06 - 2012-10-03 19:56 - 01914248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-21 07:06 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-07-21 07:06 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-07-21 07:06 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-07-21 07:06 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-07-21 07:06 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-07-21 07:06 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-21 07:06 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-07-21 07:06 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-07-21 07:06 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-07-21 07:06 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-07-21 07:06 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-07-21 07:06 - 2012-08-22 20:12 - 00288624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-21 07:06 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-21 07:05 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-21 07:05 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-21 07:05 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-21 07:05 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-21 07:05 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-21 07:05 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-21 07:05 - 2013-01-04 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-21 07:05 - 2013-01-04 04:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-21 07:05 - 2013-01-04 04:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-21 07:05 - 2013-01-04 04:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-21 07:05 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-07-21 07:05 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-07-21 07:05 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-07-21 07:05 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-21 07:05 - 2012-08-24 20:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-07-21 07:05 - 2012-08-24 18:57 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-07-21 07:05 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-07-21 07:04 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-07-21 07:04 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-07-21 07:04 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-07-21 07:04 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-21 07:04 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-07-21 07:04 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-07-21 07:04 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-07-21 07:04 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-07-21 07:04 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-07-21 07:04 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-07-21 07:04 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-07-21 07:04 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-07-21 07:04 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-07-21 07:04 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-07-21 07:04 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-07-21 07:04 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-07-21 07:04 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-07-21 07:04 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-07-21 07:04 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-07-21 07:04 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-07-21 07:04 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-21 07:03 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-21 07:03 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-21 07:02 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-07-21 07:02 - 2012-11-30 07:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-07-21 07:02 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-07-21 07:02 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-07-21 07:02 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-21 07:02 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-21 07:02 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-07-21 07:02 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-07-21 07:02 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-07-21 07:02 - 2012-11-30 01:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-07-21 07:01 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-21 07:01 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-21 07:01 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-21 07:01 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-21 07:01 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-21 07:01 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-21 07:01 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-21 07:01 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-07-21 07:00 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-21 07:00 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-21 07:00 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-21 07:00 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-21 07:00 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-21 07:00 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-21 07:00 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-21 07:00 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-21 07:00 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-21 07:00 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-07-21 07:00 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-21 07:00 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-07-21 07:00 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-07-21 07:00 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-07-21 07:00 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-07-21 07:00 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-07-21 07:00 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-07-21 07:00 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-07-21 06:59 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-21 06:59 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-21 06:59 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-21 06:59 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-21 06:59 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-21 06:59 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-07-21 06:59 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-07-21 06:58 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-21 06:58 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-21 06:58 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-07-21 06:58 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-07-21 06:43 - 2013-07-21 06:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-21 06:43 - 2013-07-21 06:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-20 13:36 - 2013-07-20 13:36 - 00023874 _____ C:\ComboFix.txt
2013-07-20 11:29 - 2013-07-20 13:37 - 00000000 ____D C:\ComboFix
2013-07-20 11:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-20 11:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-20 11:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-20 11:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-20 11:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-20 11:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-20 11:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-20 11:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-20 11:26 - 2013-07-20 13:37 - 00000000 ____D C:\Qoobox
2013-07-20 11:25 - 2013-07-20 13:32 - 00000000 ____D C:\Windows\erdnt
2013-07-19 16:02 - 2013-07-19 16:02 - 00036261 _____ C:\Users\Thomas\Downloads\Addition.txt
2013-07-19 16:01 - 2013-07-19 16:01 - 00000000 ____D C:\FRST
2013-07-19 16:00 - 2013-07-19 16:36 - 01778207 _____ (Farbar) C:\Users\Thomas\Downloads\frst64.exe
2013-07-19 15:57 - 2013-07-19 15:57 - 01218862 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 12:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-19 12:11 - 2013-07-19 12:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-18 19:04 - 2013-07-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-18 16:27 - 2013-07-18 16:27 - 00127843 _____ C:\Users\Thomas\Downloads\1311201730_special_gamefonts_pc.rar
2013-07-16 21:49 - 2013-07-13 00:03 - 00000000 ____D C:\Users\Thomas\Desktop\Demos
2013-07-16 21:40 - 2013-07-16 21:44 - 154954737 _____ C:\Users\Thomas\Downloads\Demos(4).rar
2013-07-16 19:12 - 2013-07-16 19:13 - 05487912 _____ (TeamViewer GmbH) C:\Users\Thomas\Downloads\TeamViewer_Setup_de_8.0.19617.exe
2013-07-16 19:07 - 2013-07-16 19:07 - 04179944 _____ (TeamViewer) C:\Users\Thomas\Downloads\TeamViewerQS_de.exe
2013-07-10 23:10 - 2013-07-10 23:49 - 119972102 _____ C:\Users\Thomas\Downloads\gntdn.rar
2013-07-10 12:45 - 2013-07-18 13:30 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-10 12:43 - 2013-07-10 12:45 - 83293072 _____ (Blizzard Entertainment) C:\Users\Thomas\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-10 12:26 - 2013-07-10 12:26 - 22125133 _____ C:\Users\Thomas\Downloads\Cataclysm_434.rar
2013-07-07 22:57 - 2013-07-07 23:25 - 84751212 _____ C:\Users\Thomas\Downloads\Prinz Pi - Hallo Musik.rar
2013-07-07 22:51 - 2013-07-07 22:51 - 00021610 _____ C:\Users\Thomas\Downloads\-Prinz&nbsp;Pi&nbsp;-&nbsp;Hallo&nbsp;Musik&nbsp;Akustik&nbsp;Live-MAG-DVD-DE-2012-YSP.found.on.www.byte.to (1).torrent
2013-07-07 22:50 - 2013-07-07 22:50 - 00021610 _____ C:\Users\Thomas\Downloads\-Prinz&nbsp;Pi&nbsp;-&nbsp;Hallo&nbsp;Musik&nbsp;Akustik&nbsp;Live-MAG-DVD-DE-2012-YSP.found.on.www.byte.to.torrent
2013-07-07 22:49 - 2013-07-07 22:49 - 00297968 _____ (StarApp) C:\Users\Thomas\Downloads\TorrentDownload.exe
2013-07-07 22:49 - 2013-07-07 22:49 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP (2).torrent
2013-07-07 22:49 - 2013-07-07 22:49 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP (1).torrent
2013-07-07 22:48 - 2013-07-07 22:48 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP.torrent
2013-07-07 22:47 - 2013-07-07 22:47 - 00014650 _____ C:\Users\Thomas\Downloads\CFCF1B99B5C95F9C359A3739FE908A3F1A70FB08.torrent
2013-07-07 22:46 - 2013-07-07 22:46 - 00644152 _____ C:\Users\Thomas\Downloads\BitLordInstaller - Prinz Pi Hallo Musik 2011.exe
2013-07-07 22:46 - 2013-07-07 22:46 - 00261456 _____ C:\Users\Thomas\Downloads\Prinz_Pi_Hallo_Musik_2011.exe
2013-07-07 22:46 - 2013-07-07 22:46 - 00261456 _____ C:\Users\Thomas\Downloads\Prinz_Pi_Hallo_Musik_2011 (1).exe
2013-07-07 22:40 - 2013-07-07 22:40 - 00014620 _____ C:\Users\Thomas\Downloads\[isoHunt] Prinz Pi Hallo Musik 2011.torrent
2013-07-07 20:02 - 2013-07-18 14:17 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2013-07-03 22:08 - 2013-07-03 22:08 - 00436249 _____ C:\Users\Thomas\Downloads\UPRandomizer-120a.zip
2013-07-03 22:07 - 2013-07-03 22:07 - 01000193 _____ C:\Users\Thomas\Downloads\VisualBoyAdvanceM1097.7z
2013-07-01 19:34 - 2013-07-01 19:34 - 00010704 _____ C:\Users\Thomas\Downloads\01_01.wma
2013-07-01 12:30 - 2013-07-01 12:30 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-06-30 08:41 - 2013-06-30 08:41 - 00000000 ____D C:\N360_BACKUP
2013-06-30 08:37 - 2013-07-01 12:25 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-30 08:37 - 2013-06-30 19:03 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-06-30 08:37 - 2013-06-30 19:03 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-06-30 08:37 - 2013-06-30 08:37 - 00000000 ____D C:\Program Files\Symantec
2013-06-30 08:37 - 2013-06-30 08:37 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-30 08:36 - 2013-07-01 12:25 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-06-30 08:36 - 2013-06-30 08:36 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-06-29 19:02 - 2013-06-29 19:02 - 00000000 ____D C:\Users\Thomas\Documents\4A Games
2013-06-29 18:57 - 2013-06-29 18:57 - 00000000 ____D C:\Users\Thomas\AppData\Local\4A Games
2013-06-29 18:48 - 2013-06-29 18:48 - 00002972 _____ C:\Windows\System32\Tasks\{1B624F83-E6F3-4843-A760-F6380B4B214F}
2013-06-29 18:48 - 2013-06-29 18:48 - 00002972 _____ C:\Windows\System32\Tasks\{16A6CAEA-2E76-406C-900F-064FCEE11455}
2013-06-29 18:17 - 2013-06-30 08:38 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-06-29 18:17 - 2013-06-29 18:17 - 00915960 _____ (Symantec Corporation) C:\Users\Thomas\Downloads\Norton_Download_Manager.exe
2013-06-29 18:17 - 2013-06-29 18:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-29 02:34 - 2013-06-29 02:34 - 00156719 _____ C:\Users\Thomas\Downloads\[kickass.to]metro.last.light.reloaded.torrent
2013-06-28 01:17 - 2013-06-28 01:17 - 00002994 _____ C:\Windows\System32\Tasks\{919192AE-2B82-4672-84ED-4F0B300EC2A9}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{CD6A54F4-1D52-4014-AC68-9D317A05E377}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{5B91C125-B450-4E29-9851-F70F76C130BD}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{1AE1C097-21B6-4F7D-AACD-52E7D3F37C48}
2013-06-28 01:11 - 2013-06-28 01:11 - 00003006 _____ C:\Windows\System32\Tasks\{E9C8BB16-3278-45AF-B83B-10BDCFC219EE}
2013-06-28 01:09 - 2013-06-28 01:09 - 00002936 _____ C:\Windows\System32\Tasks\{8D938569-FD2F-47BE-963B-2C9E800CC5A8}
2013-06-28 01:08 - 2013-06-28 01:08 - 00003006 _____ C:\Windows\System32\Tasks\{7A265765-3807-4542-A510-89E7F613B51B}
2013-06-28 01:08 - 2013-06-28 01:08 - 00003006 _____ C:\Windows\System32\Tasks\{4B058D46-4E13-42AA-A958-47C57A55EB2D}
2013-06-28 01:08 - 2013-06-28 01:08 - 00002948 _____ C:\Windows\System32\Tasks\{9EFDB496-3F35-4201-94FC-0C21DBA3B8AD}
2013-06-28 01:08 - 2013-06-28 01:08 - 00002948 _____ C:\Windows\System32\Tasks\{7C0C073B-EF12-4E9E-AFDC-0230BBDAF335}
2013-06-28 01:05 - 2013-06-28 01:05 - 00002994 _____ C:\Windows\System32\Tasks\{D44CEBB5-5D6D-4A31-ABCB-D858F1068CF1}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{DBBECB5E-92C1-4F69-A453-294BBE75BE4A}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{9D2E3F92-3C44-4C34-BCB7-B53FF4011EAC}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{8F52A8C5-B29D-42A9-B9EB-A0D204FA21D7}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{3007051E-A6AD-4856-B51E-E5047D05BE25}
2013-06-28 01:01 - 2013-06-28 01:01 - 00003006 _____ C:\Windows\System32\Tasks\{7A2D8C2C-3DBB-4BE5-B7DD-AAE8D5E03124}
2013-06-28 01:00 - 2013-06-28 01:00 - 00003006 _____ C:\Windows\System32\Tasks\{C2FB6E04-D7A2-4AB5-8F34-69601B1C3ECB}
2013-06-28 00:59 - 2013-06-28 00:59 - 00002994 _____ C:\Windows\System32\Tasks\{6E78D882-B5AF-4FFD-8A61-470E12A4DB6C}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{D98A728C-9280-4150-8140-246856147BF1}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{63522A55-1FF7-407D-9424-93010766DB64}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{31CF1282-D6DB-4D97-9037-4A00E1E676AF}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{00D7E840-C0EF-4BCB-AF65-9F0E0D638EFA}
2013-06-28 00:56 - 2013-06-28 00:56 - 00003006 _____ C:\Windows\System32\Tasks\{4B7ADB9A-9409-4BC4-94DF-6364C4B3389D}
2013-06-28 00:55 - 2013-06-28 00:55 - 00002994 _____ C:\Windows\System32\Tasks\{B6B47F50-62CD-4F5F-AD2A-B9AFD1D25F96}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{DE3201B3-5506-4309-8B7D-8C5D5C43AACC}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{D59F5E6C-E026-45CF-A6A5-EE285B4651E3}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{D3A55335-6357-4820-8290-BEDFDCD19779}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{BB21EA02-8F78-42FB-BDAB-D8F52AE12437}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{AC27E048-A0D5-44A2-BCB5-2C6E240B1D39}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{6D8E6FC0-2DEA-4C3E-AA72-953C10BC3BBD}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{655A8288-41C6-4CC3-A365-1FCF3A6243BE}
2013-06-28 00:54 - 2013-06-28 00:54 - 00002994 _____ C:\Windows\System32\Tasks\{6195DA7A-9123-4002-B8D4-BE995932FC98}
2013-06-28 00:53 - 2013-06-28 00:53 - 00002994 _____ C:\Windows\System32\Tasks\{332D1F18-3C9B-43ED-8CDB-1BB11E9CC084}
2013-06-28 00:51 - 2013-06-28 00:51 - 00002994 _____ C:\Windows\System32\Tasks\{31E78281-B712-40C6-9CA9-34B259C9653C}
2013-06-28 00:43 - 2013-06-28 00:43 - 00002994 _____ C:\Windows\System32\Tasks\{E764AAB2-291F-48CD-B5BD-C0F074FABA37}
2013-06-27 10:00 - 2013-06-27 10:00 - 12228373 _____ C:\Users\Thomas\Downloads\d3d9.zip
2013-06-27 09:57 - 2013-06-27 09:58 - 04241280 _____ (Dll-Files.com                                              ) C:\Users\Thomas\Downloads\dffsetup-d3d9.exe
2013-06-24 16:05 - 2013-06-24 16:11 - 00000000 ____D C:\Users\Thomas\AppData\Local\Darksiders
2013-06-23 21:10 - 2013-06-23 21:10 - 00158243 _____ C:\Users\Thomas\Downloads\no$gba-w.2.6a.zip
2013-06-23 21:07 - 2013-06-23 21:07 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Sun
2013-06-23 21:01 - 2013-06-23 21:02 - 00178833 _____ C:\Users\Thomas\Downloads\PkmnEmeraldRandomizer_v1.0.zip
2013-06-23 21:00 - 2013-06-23 21:01 - 06868618 _____ C:\Users\Thomas\Downloads\Pokemon Emerald.zip
2013-06-23 21:00 - 2013-06-23 21:00 - 00659797 _____ C:\Users\Thomas\Downloads\VisualBoyAdvance-1.8.0-beta3.zip

==================== One Month Modified Files and Folders =======

2013-07-21 14:38 - 2012-05-19 19:24 - 00000000 ____D C:\Users\Thomas\AppData\Local\PMB Files
2013-07-21 14:37 - 2013-07-21 14:37 - 00002088 _____ C:\Users\Thomas\Desktop\JRT.txt
2013-07-21 14:35 - 2012-05-01 00:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 14:34 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 14:34 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 14:31 - 2013-07-21 14:31 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 14:31 - 2010-12-02 02:12 - 01862831 _____ C:\Windows\WindowsUpdate.log
2013-07-21 14:30 - 2012-11-09 17:55 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA.job
2013-07-21 14:29 - 2013-07-21 14:29 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\Thomas\Downloads\JRT.exe
2013-07-21 14:26 - 2013-02-10 02:00 - 00020430 _____ C:\Windows\setupact.log
2013-07-21 14:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 14:25 - 2013-07-21 14:24 - 00013549 _____ C:\AdwCleaner[S1].txt
2013-07-21 14:24 - 2012-11-09 17:56 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-21 14:24 - 2012-04-30 23:14 - 00001174 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 14:24 - 2012-04-30 23:14 - 00000987 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-21 14:23 - 2013-07-21 14:23 - 00666633 _____ C:\Users\Thomas\Downloads\adwcleaner.exe
2013-07-21 14:23 - 2010-12-02 02:37 - 00654372 _____ C:\Windows\system32\perfh007.dat
2013-07-21 14:23 - 2010-12-02 02:37 - 00129986 _____ C:\Windows\system32\perfc007.dat
2013-07-21 14:23 - 2009-07-14 07:13 - 01499844 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 14:20 - 2012-05-01 01:32 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\ICQ
2013-07-21 14:19 - 2013-02-10 01:19 - 00066304 _____ C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 14:19 - 2012-04-30 23:14 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-21 14:19 - 2012-04-30 23:14 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-21 14:17 - 2013-02-11 17:44 - 02898296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 14:15 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-21 14:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-21 14:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-21 07:30 - 2012-12-10 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-21 07:30 - 2012-05-12 10:39 - 01525886 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-21 06:43 - 2013-07-21 06:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-21 06:43 - 2013-07-21 06:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-20 18:49 - 2012-10-01 19:26 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Skype
2013-07-20 18:48 - 2012-05-01 00:04 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\TS3Client
2013-07-20 18:24 - 2012-05-19 19:24 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-20 13:41 - 2012-05-01 04:02 - 00282472 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-20 13:41 - 2012-05-01 04:01 - 00282472 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-20 13:37 - 2013-07-20 11:29 - 00000000 ____D C:\ComboFix
2013-07-20 13:37 - 2013-07-20 11:26 - 00000000 ____D C:\Qoobox
2013-07-20 13:37 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-20 13:36 - 2013-07-20 13:36 - 00023874 _____ C:\ComboFix.txt
2013-07-20 13:32 - 2013-07-20 11:25 - 00000000 ____D C:\Windows\erdnt
2013-07-20 13:20 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-20 12:30 - 2012-11-09 17:55 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core.job
2013-07-20 11:56 - 2012-12-11 16:51 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2013-07-20 11:45 - 2013-02-11 17:44 - 00471136 _____ C:\Windows\PFRO.log
2013-07-20 10:37 - 2012-05-01 04:02 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-20 10:01 - 2012-04-30 23:57 - 00000000 ____D C:\ProgramData\Xfire
2013-07-19 23:50 - 2012-04-30 23:57 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Xfire
2013-07-19 16:36 - 2013-07-19 16:00 - 01778207 _____ (Farbar) C:\Users\Thomas\Downloads\frst64.exe
2013-07-19 16:02 - 2013-07-19 16:02 - 00036261 _____ C:\Users\Thomas\Downloads\Addition.txt
2013-07-19 16:01 - 2013-07-19 16:01 - 00000000 ____D C:\FRST
2013-07-19 15:57 - 2013-07-19 15:57 - 01218862 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
2013-07-19 13:13 - 2012-08-13 17:03 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Spotify
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 12:12 - 2013-07-19 12:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 12:12 - 2013-07-19 12:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-19 00:05 - 2012-05-01 00:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-18 19:05 - 2013-07-18 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-18 16:27 - 2013-07-18 16:27 - 00127843 _____ C:\Users\Thomas\Downloads\1311201730_special_gamefonts_pc.rar
2013-07-18 14:17 - 2013-07-07 20:02 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2013-07-18 13:30 - 2013-07-10 12:45 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-18 00:03 - 2012-05-07 18:41 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\mIRC
2013-07-17 23:53 - 2012-05-07 18:41 - 00000000 ____D C:\Program Files (x86)\mIRC
2013-07-16 21:44 - 2013-07-16 21:40 - 154954737 _____ C:\Users\Thomas\Downloads\Demos(4).rar
2013-07-16 19:13 - 2013-07-16 19:12 - 05487912 _____ (TeamViewer GmbH) C:\Users\Thomas\Downloads\TeamViewer_Setup_de_8.0.19617.exe
2013-07-16 19:07 - 2013-07-16 19:07 - 04179944 _____ (TeamViewer) C:\Users\Thomas\Downloads\TeamViewerQS_de.exe
2013-07-15 12:25 - 2012-11-09 17:55 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001UA
2013-07-15 12:25 - 2012-11-09 17:55 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4240377317-2580135182-2221074664-1001Core
2013-07-13 00:03 - 2013-07-16 21:49 - 00000000 ____D C:\Users\Thomas\Desktop\Demos
2013-07-10 23:49 - 2013-07-10 23:10 - 119972102 _____ C:\Users\Thomas\Downloads\gntdn.rar
2013-07-10 12:45 - 2013-07-10 12:43 - 83293072 _____ (Blizzard Entertainment) C:\Users\Thomas\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-10 12:26 - 2013-07-10 12:26 - 22125133 _____ C:\Users\Thomas\Downloads\Cataclysm_434.rar
2013-07-09 22:22 - 2012-08-13 17:03 - 00000000 ____D C:\Users\Thomas\AppData\Local\Spotify
2013-07-07 23:25 - 2013-07-07 22:57 - 84751212 _____ C:\Users\Thomas\Downloads\Prinz Pi - Hallo Musik.rar
2013-07-07 22:52 - 2012-05-15 16:24 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\BitTorrent
2013-07-07 22:51 - 2013-07-07 22:51 - 00021610 _____ C:\Users\Thomas\Downloads\-Prinz&nbsp;Pi&nbsp;-&nbsp;Hallo&nbsp;Musik&nbsp;Akustik&nbsp;Live-MAG-DVD-DE-2012-YSP.found.on.www.byte.to (1).torrent
2013-07-07 22:50 - 2013-07-07 22:50 - 00021610 _____ C:\Users\Thomas\Downloads\-Prinz&nbsp;Pi&nbsp;-&nbsp;Hallo&nbsp;Musik&nbsp;Akustik&nbsp;Live-MAG-DVD-DE-2012-YSP.found.on.www.byte.to.torrent
2013-07-07 22:49 - 2013-07-07 22:49 - 00297968 _____ (StarApp) C:\Users\Thomas\Downloads\TorrentDownload.exe
2013-07-07 22:49 - 2013-07-07 22:49 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP (2).torrent
2013-07-07 22:49 - 2013-07-07 22:49 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP (1).torrent
2013-07-07 22:48 - 2013-07-07 22:48 - 00021676 _____ C:\Users\Thomas\Downloads\[torrent.cd].Prinz_Pi_-_Hallo_Musik_Akustik_Live-MAG-DVD-DE-2012-YSP.torrent
2013-07-07 22:47 - 2013-07-07 22:47 - 00014650 _____ C:\Users\Thomas\Downloads\CFCF1B99B5C95F9C359A3739FE908A3F1A70FB08.torrent
2013-07-07 22:46 - 2013-07-07 22:46 - 00644152 _____ C:\Users\Thomas\Downloads\BitLordInstaller - Prinz Pi Hallo Musik 2011.exe
2013-07-07 22:46 - 2013-07-07 22:46 - 00261456 _____ C:\Users\Thomas\Downloads\Prinz_Pi_Hallo_Musik_2011.exe
2013-07-07 22:46 - 2013-07-07 22:46 - 00261456 _____ C:\Users\Thomas\Downloads\Prinz_Pi_Hallo_Musik_2011 (1).exe
2013-07-07 22:40 - 2013-07-07 22:40 - 00014620 _____ C:\Users\Thomas\Downloads\[isoHunt] Prinz Pi Hallo Musik 2011.torrent
2013-07-03 22:08 - 2013-07-03 22:08 - 00436249 _____ C:\Users\Thomas\Downloads\UPRandomizer-120a.zip
2013-07-03 22:07 - 2013-07-03 22:07 - 01000193 _____ C:\Users\Thomas\Downloads\VisualBoyAdvanceM1097.7z
2013-07-01 19:34 - 2013-07-01 19:34 - 00010704 _____ C:\Users\Thomas\Downloads\01_01.wma
2013-07-01 12:30 - 2013-07-01 12:30 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-07-01 12:25 - 2013-06-30 08:37 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-07-01 12:25 - 2013-06-30 08:36 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-06-30 19:03 - 2013-06-30 08:37 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-06-30 19:03 - 2013-06-30 08:37 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-06-30 17:01 - 2013-04-02 14:36 - 00001161 _____ C:\Windows\LkmdfCoInst.log
2013-06-30 17:01 - 2012-05-19 16:19 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-06-30 08:51 - 2012-05-12 10:39 - 00001912 _____ C:\Windows\epplauncher.mif
2013-06-30 08:41 - 2013-06-30 08:41 - 00000000 ____D C:\N360_BACKUP
2013-06-30 08:38 - 2013-06-29 18:17 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-06-30 08:38 - 2010-12-02 02:47 - 00000000 ____D C:\ProgramData\Norton
2013-06-30 08:37 - 2013-06-30 08:37 - 00000000 ____D C:\Program Files\Symantec
2013-06-30 08:37 - 2013-06-30 08:37 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-30 08:36 - 2013-06-30 08:36 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-06-29 19:02 - 2013-06-29 19:02 - 00000000 ____D C:\Users\Thomas\Documents\4A Games
2013-06-29 18:57 - 2013-06-29 18:57 - 00000000 ____D C:\Users\Thomas\AppData\Local\4A Games
2013-06-29 18:48 - 2013-06-29 18:48 - 00002972 _____ C:\Windows\System32\Tasks\{1B624F83-E6F3-4843-A760-F6380B4B214F}
2013-06-29 18:48 - 2013-06-29 18:48 - 00002972 _____ C:\Windows\System32\Tasks\{16A6CAEA-2E76-406C-900F-064FCEE11455}
2013-06-29 18:17 - 2013-06-29 18:17 - 00915960 _____ (Symantec Corporation) C:\Users\Thomas\Downloads\Norton_Download_Manager.exe
2013-06-29 18:17 - 2013-06-29 18:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-29 02:34 - 2013-06-29 02:34 - 00156719 _____ C:\Users\Thomas\Downloads\[kickass.to]metro.last.light.reloaded.torrent
2013-06-28 01:17 - 2013-06-28 01:17 - 00002994 _____ C:\Windows\System32\Tasks\{919192AE-2B82-4672-84ED-4F0B300EC2A9}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{CD6A54F4-1D52-4014-AC68-9D317A05E377}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{5B91C125-B450-4E29-9851-F70F76C130BD}
2013-06-28 01:15 - 2013-06-28 01:15 - 00002998 _____ C:\Windows\System32\Tasks\{1AE1C097-21B6-4F7D-AACD-52E7D3F37C48}
2013-06-28 01:11 - 2013-06-28 01:11 - 00003006 _____ C:\Windows\System32\Tasks\{E9C8BB16-3278-45AF-B83B-10BDCFC219EE}
2013-06-28 01:09 - 2013-06-28 01:09 - 00002936 _____ C:\Windows\System32\Tasks\{8D938569-FD2F-47BE-963B-2C9E800CC5A8}
2013-06-28 01:08 - 2013-06-28 01:08 - 00003006 _____ C:\Windows\System32\Tasks\{7A265765-3807-4542-A510-89E7F613B51B}
2013-06-28 01:08 - 2013-06-28 01:08 - 00003006 _____ C:\Windows\System32\Tasks\{4B058D46-4E13-42AA-A958-47C57A55EB2D}
2013-06-28 01:08 - 2013-06-28 01:08 - 00002948 _____ C:\Windows\System32\Tasks\{9EFDB496-3F35-4201-94FC-0C21DBA3B8AD}
2013-06-28 01:08 - 2013-06-28 01:08 - 00002948 _____ C:\Windows\System32\Tasks\{7C0C073B-EF12-4E9E-AFDC-0230BBDAF335}
2013-06-28 01:05 - 2013-06-28 01:05 - 00002994 _____ C:\Windows\System32\Tasks\{D44CEBB5-5D6D-4A31-ABCB-D858F1068CF1}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{DBBECB5E-92C1-4F69-A453-294BBE75BE4A}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{9D2E3F92-3C44-4C34-BCB7-B53FF4011EAC}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{8F52A8C5-B29D-42A9-B9EB-A0D204FA21D7}
2013-06-28 01:02 - 2013-06-28 01:02 - 00003006 _____ C:\Windows\System32\Tasks\{3007051E-A6AD-4856-B51E-E5047D05BE25}
2013-06-28 01:01 - 2013-06-28 01:01 - 00003006 _____ C:\Windows\System32\Tasks\{7A2D8C2C-3DBB-4BE5-B7DD-AAE8D5E03124}
2013-06-28 01:00 - 2013-06-28 01:00 - 00003006 _____ C:\Windows\System32\Tasks\{C2FB6E04-D7A2-4AB5-8F34-69601B1C3ECB}
2013-06-28 00:59 - 2013-06-28 00:59 - 00002994 _____ C:\Windows\System32\Tasks\{6E78D882-B5AF-4FFD-8A61-470E12A4DB6C}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{D98A728C-9280-4150-8140-246856147BF1}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{63522A55-1FF7-407D-9424-93010766DB64}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{31CF1282-D6DB-4D97-9037-4A00E1E676AF}
2013-06-28 00:57 - 2013-06-28 00:57 - 00003006 _____ C:\Windows\System32\Tasks\{00D7E840-C0EF-4BCB-AF65-9F0E0D638EFA}
2013-06-28 00:56 - 2013-06-28 00:56 - 00003006 _____ C:\Windows\System32\Tasks\{4B7ADB9A-9409-4BC4-94DF-6364C4B3389D}
2013-06-28 00:55 - 2013-06-28 00:55 - 00002994 _____ C:\Windows\System32\Tasks\{B6B47F50-62CD-4F5F-AD2A-B9AFD1D25F96}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{DE3201B3-5506-4309-8B7D-8C5D5C43AACC}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{D59F5E6C-E026-45CF-A6A5-EE285B4651E3}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{D3A55335-6357-4820-8290-BEDFDCD19779}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{BB21EA02-8F78-42FB-BDAB-D8F52AE12437}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{AC27E048-A0D5-44A2-BCB5-2C6E240B1D39}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{6D8E6FC0-2DEA-4C3E-AA72-953C10BC3BBD}
2013-06-28 00:54 - 2013-06-28 00:54 - 00003006 _____ C:\Windows\System32\Tasks\{655A8288-41C6-4CC3-A365-1FCF3A6243BE}
2013-06-28 00:54 - 2013-06-28 00:54 - 00002994 _____ C:\Windows\System32\Tasks\{6195DA7A-9123-4002-B8D4-BE995932FC98}
2013-06-28 00:53 - 2013-06-28 00:53 - 00002994 _____ C:\Windows\System32\Tasks\{332D1F18-3C9B-43ED-8CDB-1BB11E9CC084}
2013-06-28 00:51 - 2013-06-28 00:51 - 00002994 _____ C:\Windows\System32\Tasks\{31E78281-B712-40C6-9CA9-34B259C9653C}
2013-06-28 00:43 - 2013-06-28 00:43 - 00002994 _____ C:\Windows\System32\Tasks\{E764AAB2-291F-48CD-B5BD-C0F074FABA37}
2013-06-27 10:00 - 2013-06-27 10:00 - 12228373 _____ C:\Users\Thomas\Downloads\d3d9.zip
2013-06-27 09:58 - 2013-06-27 09:57 - 04241280 _____ (Dll-Files.com                                              ) C:\Users\Thomas\Downloads\dffsetup-d3d9.exe
2013-06-24 16:11 - 2013-06-24 16:05 - 00000000 ____D C:\Users\Thomas\AppData\Local\Darksiders
2013-06-24 00:41 - 2012-05-01 00:49 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-23 21:10 - 2013-06-23 21:10 - 00158243 _____ C:\Users\Thomas\Downloads\no$gba-w.2.6a.zip
2013-06-23 21:07 - 2013-06-23 21:07 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Sun
2013-06-23 21:02 - 2013-06-23 21:01 - 00178833 _____ C:\Users\Thomas\Downloads\PkmnEmeraldRandomizer_v1.0.zip
2013-06-23 21:01 - 2013-06-23 21:00 - 06868618 _____ C:\Users\Thomas\Downloads\Pokemon Emerald.zip
2013-06-23 21:00 - 2013-06-23 21:00 - 00659797 _____ C:\Users\Thomas\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-06-23 10:28 - 2013-05-26 12:36 - 00000000 ____D C:\Program Files (x86)\StarCraft II

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 16:33

==================== End Of Log ============================
--- --- ---


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.9 (07.20.2013:3)
OS: Windows 7 Home Premium x64
Ran by Thomas on 21.07.2013 at 14:31:17,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1797871B-E061-4F91-8041-7DE27A1F01E0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1797871B-E061-4F91-8041-7DE27A1F01E0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.07.2013 at 14:37:52,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 21.07.2013 15:18
Supi, noch nen Onlinescan und wir sollten fast durch sein :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27