| |
| |||||||
Log-Analyse und Auswertung: Verseuchter Laptop Windows 8 64 bit versionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.05.2013, 19:58
| #1 |
 |  Verseuchter Laptop Windows 8 64 bit version Hallo kompetentes Trojaner-Board Team, ich habe seit einer E-Mail einer bekannten massive PC-Probleme: -Leistungsverlust, -hoher konstanter Netzwerktraffic, -mein Laptop hatte danach 5 anonyme Benutzer zusätzlich, habe diese sofort gelöscht da nur ich den Laptop benutze -komische Prozesse seither gestartet im TaskManager u.a UIwebbrowseragent Bin eigentlich mit Windows und Virenentfernung gut vertraut habe auch schon zig Systeme gerettet, nur habe ich sowies aussieht endlich mal ein böses Ding erwischt. Spybot z.b. hatt 6 aktive rootkits , gefunden die ich nichtmal mit Spybot entfernen kann. Will nicht wissen wieviele Viren damit getarnt werden  Habe Kaspersky, Norton und Mbar, Hijackthis laufen lassen aber bekomme die Biester nicht weg. Anbei erstmal die defogger log : defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:44 on 24/05/2013 (dennis) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Bin mit meinem Latein am Ende hoffe Ihr könnt mir noch helfen. Mit freundlichen Grüßen Dennis |
|
24.05.2013, 20:26
| #2 |
| /// TB-Ausbilder  | Verseuchter Laptop Windows 8 64 bit version Wie wärs wenn du uns mal alle Logfiles zeigst?
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.05.2013, 20:41
| #3 |
| | Verseuchter Laptop Windows 8 64 bit version So nun nach den Scans kann ich die Logs nun posten:
__________________OTL : OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.05.2013 21:35:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dennis\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,82 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 75,49% Memory free 9,01 Gb Paging File | 7,13 Gb Available in Paging File | 79,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 678,33 Gb Total Space | 537,83 Gb Free Space | 79,29% Space Free | Partition Type: NTFS Computer Name: DENNIS | User Name: dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.24 20:20:38 | 000,050,477 | ---- | M] () -- C:\Users\dennis\Downloads\Defogger.exe PRC - [2013.05.24 20:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dennis\Downloads\OTL.exe PRC - [2013.04.05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe PRC - [2012.11.13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.11.09 02:46:30 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe PRC - [2012.09.10 16:22:32 | 000,872,048 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe PRC - [2012.08.21 12:36:54 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2012.08.21 12:36:52 | 001,176,176 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2012.08.21 12:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2012.07.31 01:04:06 | 000,533,056 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2012.07.27 17:16:32 | 002,415,760 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe PRC - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012.07.13 01:01:12 | 000,025,232 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe PRC - [2012.07.13 01:01:10 | 000,044,176 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.05.24 20:20:38 | 000,050,477 | ---- | M] () -- C:\Users\dennis\Downloads\Defogger.exe MOD - [2013.05.17 14:29:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll MOD - [2013.03.15 07:53:06 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll MOD - [2013.01.09 16:23:12 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.01.09 16:22:50 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.01.09 16:22:47 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.07.31 01:04:34 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll MOD - [2012.07.13 01:01:12 | 000,025,232 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe MOD - [2012.07.13 01:01:10 | 000,044,176 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.29 16:22:36 | 000,208,384 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Windows\SysNative\AdminService.exe -- (AtherosSvc) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.05.14 21:40:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.01 21:04:34 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2012.12.08 02:11:06 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.09 02:46:30 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.09.04 21:56:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.09.04 21:37:14 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService) SRV - [2012.08.21 12:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2012.07.31 21:20:26 | 000,659,600 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2012.07.31 03:16:42 | 000,466,064 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService) SRV - [2012.07.31 01:04:16 | 000,259,136 | ---- | M] (NTI Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2012.07.27 17:16:32 | 002,415,760 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.07.13 11:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.07.12 05:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2012.07.04 10:17:08 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe -- (CLKMSVC10_96E434EB) SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.24 18:23:39 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.30 21:18:18 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.30 21:18:06 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.28 19:45:20 | 000,796,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.28 19:45:20 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.21 20:15:34 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\SymDS64.sys -- (SymDS) DRV:64bit: - [2013.01.17 22:15:24 | 000,044,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LGSUsbFilt.sys -- (LGSUsbFilt) DRV:64bit: - [2013.01.17 22:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2013.01.11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.08 02:11:01 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.15 20:45:14 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\SymELAM.sys -- (SymELAM) DRV:64bit: - [2012.11.15 20:22:02 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.15 20:18:04 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.11.13 03:38:33 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.01 15:07:32 | 001,982,768 | ---- | M] (TamoSoft) [CommView] Atheros AR9271 Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ts_arnusbx.sys -- (ts_arnusb) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.04 21:37:14 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.02 13:36:34 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2012.08.02 13:36:34 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2012.08.02 13:36:34 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.09 13:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.04 23:44:48 | 000,446,840 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2012.07.04 04:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.06.21 23:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C) DRV:64bit: - [2012.06.19 01:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.13 15:14:36 | 001,206,504 | ---- | M] (TamoSoft) [CommView] Atheros Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ts_arusbx.sys -- (ts_arusb) DRV:64bit: - [2010.07.09 05:51:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.06.18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\86AF.tmp -- (MEMSWEEP2) DRV - [2013.05.24 12:06:22 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130524.003\ex64.sys -- (NAVEX15) DRV - [2013.05.24 12:06:22 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.05.24 12:06:22 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220) DRV - [2013.05.24 12:06:22 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130524.003\eng64.sys -- (NAVENG) DRV - [2013.05.23 17:02:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130523.001\IDSviA64.sys -- (IDSVia64) DRV - [2013.05.15 01:00:30 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130515.001\BHDrvx64.sys -- (BHDrvx64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE:64bit: - HKLM\..\SearchScopes\{595B4868-2D76-4051-944A-279993CBA921}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=4081941635884217&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {CBD4ACCD-AF02-4FA4-B623-F591CAB8C432} IE - HKLM\..\SearchScopes\{595B4868-2D76-4051-944A-279993CBA921}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=4081941635884217&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {CBD4ACCD-AF02-4FA4-B623-F591CAB8C432} IE - HKCU\..\SearchScopes\{0C2A0134-3BED-4F21-B880-0CFCC104F8E5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=184EA20D-A846-4B22-A7E2-E5BBB5949D45&apn_sauid=D924D033-B524-4C81-A9C6-C828DCC624B8 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=4081941635884217&q={searchTerms} IE - HKCU\..\SearchScopes\{CBD4ACCD-AF02-4FA4-B623-F591CAB8C432}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN74676148248485455&UM=2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Norton Safe Search" FF - prefs.js..browser.search.defaultthis.engineName: "Google" FF - prefs.js..browser.search.defaulturl: "Google.de" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Norton Safe Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ [2013.05.24 18:24:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013.05.24 18:32:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.17 15:40:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 00:40:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.17 18:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dennis\AppData\Roaming\mozilla\Extensions [2013.05.17 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dennis\AppData\Roaming\mozilla\Firefox\Profiles\51lkmtki.default\extensions [2013.05.24 17:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dennis\AppData\Roaming\mozilla\Firefox\Profiles\s1f2m1ki.default\extensions [2013.05.17 19:12:24 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\dennis\AppData\Roaming\mozilla\firefox\profiles\51lkmtki.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.05.24 18:39:48 | 000,002,482 | ---- | M] () -- C:\Users\dennis\AppData\Roaming\mozilla\firefox\profiles\s1f2m1ki.default\searchplugins\safesearch.xml [2013.05.17 18:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.05.17 18:39:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.24 18:32:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\COFFPLGN [2013.05.24 18:24:13 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPLGN ========== Chrome ========== CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Docs = C:\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SiteAdvisor = C:\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ CHR - Extension: Google Mail = C:\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.19 00:42:29 | 000,445,760 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15307 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\ipsbho.dll (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [BtPreLoad] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe" File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [ROCCAT Savu Gaming Mouse] C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe (ROCCAT GmbH) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingE3387] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [SpybotDeletingE5259] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingF7015] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.) O4 - HKCU..\RunOnce: [SpybotDeletingF7950] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1552E2AF-04A6-45B6-A59E-BAABBA10CA14}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41F4020E-51BF-4FB0-912B-19FDE9120017}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{1fafc16d-9a38-11e2-bf02-4c72b993a0f0}\Shell - "" = AutoRun O33 - MountPoints2\{1fafc16d-9a38-11e2-bf02-4c72b993a0f0}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.24 19:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.24 18:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Registry Recycler [2013.05.24 18:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Recycler [2013.05.24 18:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Recycler [2013.05.24 18:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer [2013.05.24 18:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NT Registry Optimizer [2013.05.24 18:23:39 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.05.24 18:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.05.24 18:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.05.24 18:22:57 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys [2013.05.24 18:22:57 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymELAM.sys [2013.05.24 18:22:56 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymEFA64.sys [2013.05.24 18:22:56 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys [2013.05.24 18:22:56 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymDS64.sys [2013.05.24 18:22:56 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Ironx64.sys [2013.05.24 18:22:56 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys [2013.05.24 18:22:55 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccSetx64.sys [2013.05.24 18:21:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2013.05.24 18:21:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1403010.016 [2013.05.24 18:21:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2013.05.24 18:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2013.05.24 18:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.05.24 17:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2013.05.24 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013.05.23 20:50:45 | 000,000,000 | ---D | C] -- C:\Users\dennis\RETrOSHARE DOWNLOADS [2013.05.23 18:46:15 | 000,000,000 | ---D | C] -- C:\Users\dennis\Desktop\RetroshARE [2013.05.23 18:41:18 | 000,000,000 | ---D | C] -- C:\Users\dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RetroShare [2013.05.23 18:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RetroShare [2013.05.23 18:41:15 | 000,000,000 | ---D | C] -- C:\Users\dennis\AppData\Roaming\RetroShare [2013.05.23 18:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RetroShare [2013.05.23 18:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tcpfile [2013.05.22 15:19:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.20 23:44:08 | 000,000,000 | ---D | C] -- C:\Users\dennis\Desktop\Musik [2013.05.20 18:17:10 | 000,000,000 | ---D | C] -- C:\Users\dennis\Desktop\Best of Summer [2013.05.17 03:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.17 00:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.05.17 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.05.16 21:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2013.05.16 21:39:43 | 000,000,000 | ---D | C] -- C:\Users\dennis\AppData\Local\Conduit [2013.05.16 21:33:56 | 000,081,536 | ---- | C] (Conduit) -- C:\ministub.exe [2013.05.16 21:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit [2013.05.16 10:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule [2013.05.16 10:42:59 | 000,000,000 | ---D | C] -- C:\Users\dennis\AppData\Local\eMule [2013.05.16 10:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule [2013.05.16 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule [2013.05.16 02:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2013.05.16 01:34:00 | 000,000,000 | ---D | C] -- C:\Users\dennis\AppData\Roaming\FFP [2013.05.16 00:46:30 | 000,000,000 | ---D | C] -- C:\Users\dennis\AppData\Roaming\TFP [2013.05.16 00:44:57 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe [2013.05.16 00:44:49 | 000,000,000 | ---D | C] -- C:\Users\dennis\AppData\Roaming\FreeFLVConverter [2013.05.16 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\dennis\dwhelper [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.24 20:44:14 | 000,000,000 | ---- | M] () -- C:\Users\dennis\defogger_reenable [2013.05.24 20:40:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.24 19:25:03 | 000,003,344 | ---- | M] () -- C:\{7BCD4120-C69E-4398-888E-C6C2B5425867} [2013.05.24 19:17:22 | 000,000,504 | ---- | M] () -- C:\Windows\wininit.ini [2013.05.24 18:45:56 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Registry Recycler Scheduled Scan - dennis.job [2013.05.24 18:45:54 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Registry Recycler.lnk [2013.05.24 18:42:50 | 000,000,972 | ---- | M] () -- C:\Users\dennis\Desktop\NTREGOPT.lnk [2013.05.24 18:28:46 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.24 18:28:46 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.24 18:28:46 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.24 18:28:46 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.24 18:28:46 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.24 18:25:42 | 002,380,629 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.05.24 18:23:39 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.05.24 18:23:39 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.05.24 18:23:39 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.05.24 18:23:28 | 000,002,537 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2013.05.24 18:22:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.24 18:20:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.24 18:20:05 | 2424,528,895 | -HS- | M] () -- C:\hiberfil.sys [2013.05.24 18:19:23 | 003,932,160 | -HS- | M] () -- C:\Users\dennis\ntuser.bak [2013.05.23 18:10:36 | 000,172,592 | ---- | M] () -- C:\Users\dennis\Desktop\Screenshot (2).png [2013.05.17 14:15:03 | 000,322,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.17 03:33:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.17 00:36:44 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.16 21:42:37 | 000,000,009 | ---- | M] () -- C:\END [2013.05.16 21:34:04 | 000,081,536 | ---- | M] (Conduit) -- C:\ministub.exe [2013.05.16 10:43:04 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.24 20:44:14 | 000,000,000 | ---- | C] () -- C:\Users\dennis\defogger_reenable [2013.05.24 19:25:02 | 000,003,344 | ---- | C] () -- C:\{7BCD4120-C69E-4398-888E-C6C2B5425867} [2013.05.24 18:45:56 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Registry Recycler Scheduled Scan - dennis.job [2013.05.24 18:45:54 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Registry Recycler.lnk [2013.05.24 18:42:50 | 000,000,972 | ---- | C] () -- C:\Users\dennis\Desktop\NTREGOPT.lnk [2013.05.24 18:30:05 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\VT20130115.021 [2013.05.24 18:23:59 | 002,380,629 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.05.24 18:23:39 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.05.24 18:23:39 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.05.24 18:23:28 | 000,002,537 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2013.05.24 18:21:54 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymEFA.inf [2013.05.24 18:21:54 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymDS.inf [2013.05.24 18:21:54 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymNet.inf [2013.05.24 18:21:54 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.inf [2013.05.24 18:21:54 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.inf [2013.05.24 18:21:54 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symELAM.inf [2013.05.24 18:21:54 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccSetx64.inf [2013.05.24 18:21:54 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Iron.inf [2013.05.24 18:21:14 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymVTcer.dat [2013.05.24 18:21:13 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymELAM64.cat [2013.05.24 18:21:13 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccsetx64.cat [2013.05.24 18:21:13 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnet64.cat [2013.05.24 18:21:13 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\iron.cat [2013.05.24 18:21:13 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.cat [2013.05.24 18:21:13 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymEFA64.cat [2013.05.24 18:21:13 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.cat [2013.05.24 18:21:13 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymDS64.cat [2013.05.24 18:21:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\isolate.ini [2013.05.23 18:10:36 | 000,172,592 | ---- | C] () -- C:\Users\dennis\Desktop\Screenshot (2).png [2013.05.17 14:14:52 | 000,322,152 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.17 03:33:57 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.17 03:33:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.17 00:36:44 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.16 21:25:51 | 000,000,009 | ---- | C] () -- C:\END [2013.05.16 10:43:04 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk [2013.05.16 00:44:56 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx [2013.05.16 00:44:56 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb [2013.05.16 00:44:49 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx [2013.05.15 22:49:06 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.01.15 06:48:42 | 000,000,504 | ---- | C] () -- C:\Windows\wininit.ini [2012.12.08 02:11:06 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.08 02:10:59 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.08 02:10:58 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.01 01:08:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.11.30 22:42:39 | 003,932,160 | -HS- | C] () -- C:\Users\dennis\ntuser.bak [2012.09.04 21:28:20 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.01.07 19:38:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.24 01:38:22 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\FFP [2013.05.24 01:38:22 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\FreeFLVConverter [2012.12.19 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\Leadertech [2012.11.30 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\lm [2013.03.26 01:29:17 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\QuickScan [2013.05.23 18:42:27 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\RetroShare [2013.01.24 02:31:51 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\SleepTimer [2013.05.24 01:38:26 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\TFP [2013.04.25 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\WildTangent [2012.12.16 02:46:19 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\Wireshark [2012.12.03 00:12:04 | 000,000,000 | ---D | M] -- C:\Users\dennis\AppData\Roaming\ZUB-Software ========== Purity Check ========== < End of report > So nun die 2. LogfileOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.05.2013 21:35:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dennis\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,82 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 75,49% Memory free
9,01 Gb Paging File | 7,13 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,33 Gb Total Space | 537,83 Gb Free Space | 79,29% Space Free | Partition Type: NTFS
Computer Name: DENNIS | User Name: dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048D0622-3D72-467C-B9D8-92C8128B01A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F2A8BED-2A95-4667-BD89-42776C38E80F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{23E7104A-4489-4C30-B2AE-F39D62E358F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{333C26BC-D010-409D-82D5-BC978654E1A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F4508BD-0297-4789-B3BF-FADBEFDA3B9D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F9D5C5D-9D11-4A08-A589-D6ACC99F685F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4C5E68E0-758B-4391-A74D-6DF90290BA83}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50AFC921-A022-4C42-A1CC-8F525FF948BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63AF941B-6CBB-4EEE-95EC-08C337425910}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{763FE5F6-53C3-4F6F-842C-5C480773F3A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{849909DE-362F-441B-9B8A-A016A9720E6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A20C5857-C91E-411A-9666-BEB86BE57F3D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA7D3071-7853-41B3-9821-CE8E5634DB8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B416BFC5-ED9C-4C8A-AFA8-249E1256A135}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B844071E-7329-4343-B540-4D4E8F1282E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DACF135D-D0DF-438C-BA31-E6733C07F149}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EB6600F9-2BF3-4856-BBFB-42BC1CEAC860}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{F1AC5008-5B55-48F8-B1A1-D913870A6564}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F42EAFC2-8016-473E-A571-A235DACCBCB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F0421C-0C40-47F7-AF83-A5CCACEC2259}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{015D70C6-FABB-4709-B1CC-1D6E4ABBF035}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{035A022B-96E8-4EC3-8A26-3145EFFDC484}" = dir=out | name=fresh paint |
"{0A514500-5345-44B6-AA84-7C500F4E9917}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A863D49-AC5D-4414-8E7A-3D9598AE3090}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{102FE53D-59CC-47EF-9981-82F7119C7664}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe |
"{13136AE1-A530-40D2-A402-4FF429202799}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{15E05A86-A2EC-4AFE-B26E-A98B72922CD6}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{16CA4FA1-769E-42D7-BDD7-3AC76A1DFF47}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{18FF345F-C462-4338-A7D8-1C770C6D0E69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B72CEDA-053E-4F24-B919-C9C7AFA5D436}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{247B9CC9-A4B3-4B27-9A21-45B55BDECCBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BB24641-3EB2-477D-836F-FEF1C03B6B62}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{2C5674B8-4780-498D-AE30-4EC585C1D932}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{2DA9EA94-6BA2-46EA-9EF0-03FF4D7AF06A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{30DD5D2A-C77F-460A-B410-838472765711}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{3410A309-6675-4E08-9DCF-A8ACF24960E9}" = dir=out | name=microsoft solitaire collection |
"{37256BA6-B057-4643-B586-647A892982D5}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{3D3B34AE-8DF1-47A8-B1B7-DAF57D99183A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3FF11988-CF2A-42CF-9D56-D1B0824CA656}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45A9B814-F007-4B07-80CD-86C47E80CB5D}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{4C0FAC39-C141-4FD5-9E66-1666DC09AB12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50DF407A-FA60-48DA-8C31-D5AD9B4106C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52BA1D04-6550-45DD-B616-3BCB1237BFA7}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{52F5D426-10BA-47FE-8B22-2D3926548AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{53A04DFA-41F0-4C81-92F4-2F5D7E93A787}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{55ED5CB1-CE1B-4379-9557-441C39F8F2DB}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{59008103-5DF0-4F44-B22E-7EC04634C7D0}" = dir=out | name=skitch |
"{5991D6A4-D1C9-433C-B67D-6140B67F5D55}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C2463C8-1AF2-4529-A232-8FA7B8162C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C87D7E7-8F40-477D-8499-035F1FAB09D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{62638D69-ED8C-4D12-806D-6AFA41AE0579}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{637D8753-A1D2-4743-9FF5-950C003DA70F}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{6480891B-B391-4333-991F-8E30911CE394}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{6599BFBB-F1DB-4830-AD44-63B87F210A8E}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{66783591-81B8-4E8B-BB8F-2B85FDFC232E}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{6CB4B5F6-1AD6-4AED-8CEE-47A20B525654}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{6D52B4BE-C823-4CF2-8DCF-218B247B038A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6DCABC1B-3BA6-4F01-B0BC-038C61E4154B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F72C29B-1FF6-4A04-942E-82DE55C7D5E5}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{71722C20-B313-42FB-B591-A03090142A17}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{7549263E-77B7-49A4-B0AE-3EED7FE64AAF}" = dir=out | name=microsoft minesweeper |
"{75664F81-512A-4C05-9DD5-829B30001371}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{77971AC8-881D-4451-AB5D-C9DE831AA052}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{7F5D0BF1-89DE-4DAC-ABB7-3BE2BDF4229A}" = dir=out | name=@{microsoft.bingnews_1.7.0.27_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{86F3228E-0DF0-4C0A-8B4A-35A70603933E}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{8A448097-7B1E-4B8D-A4CD-2B310374AE7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (iv) the last revelation\tomb4.exe |
"{8C2ECCFC-2DD4-4DFB-9F16-FDF23EBF5F90}" = dir=out | name=taptiles |
"{8D48380B-F4DD-4493-8C03-42C36333E38F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{94C30376-9F8D-4B79-A040-FA0C88421395}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{95D027C7-7E6A-458C-A6D0-F96A70DE5F4D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96BD2139-440D-4CF0-89D7-8878450BE6C6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{98DC1D2B-B0D0-4713-9F13-A9492117BC93}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{9C8229A3-92A6-415E-BC97-3BB11A086BFA}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{9DACA4E0-AE52-4230-ADE9-F535E2E50A8C}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A11F52EC-3935-4B4C-BAE4-896CC2AC1AC4}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A12BEF12-404A-4F8C-B799-20AFE00AFF92}" = dir=in | name=evernote |
"{A7D54AB5-4F83-4E41-B208-95A678A110B0}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{A8A811EF-198F-487F-8498-5CF91C29DD0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\geeds3\counter-strike source\hl2.exe |
"{AD307879-DAC1-463F-AE32-83687A79174A}" = dir=out | name=evernote |
"{AD61E865-C1A6-4386-A5BA-793E7B8C9725}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD9FCFCC-DFD3-4149-B80F-38767E7930D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{B559FFA6-9ABB-46E3-8115-29DE23CA14C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B5634AC7-B504-4926-A4A5-73C1C6486835}" = dir=in | name=acer explorer |
"{B5A5C5C3-13D1-4478-BF0B-23BE299C8872}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{B6589643-1C1B-4F3F-8657-40BDB70E7641}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\geeds3\counter-strike source\hl2.exe |
"{B85F700A-4AC1-433B-AA1F-A8AA1EDC945F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{BC14C4B7-CB0D-415D-A478-AD57624DD3C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCC8AF1C-AD60-47A3-8D5F-52EB6EAF703F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{BD3FE655-D8A5-4526-9D41-90F3B024948C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD8FAF3B-1638-47DD-A396-BA754B103FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{BE08BFCC-37E8-483A-9B2A-D150F1BE260D}" = dir=out | name=ebay |
"{BEAD8063-F620-4619-8858-B0A88199E2E8}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{BF127584-56CE-4F86-9130-7F2FFA7A9BD4}" = dir=out | name=newsxpresso |
"{C078AC87-B0EF-48BB-9F69-58DAE460DF5E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{C122F207-6A76-4BCC-AF52-AFAEDD482C6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (iv) the last revelation\tomb4.exe |
"{C4ABE90D-9902-4B26-9127-2A0FD012C845}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{CD2439D8-9BE8-48B9-AE52-456B9845A9FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{D1097875-4F7D-4CAE-9B81-4402E3DD941C}" = dir=in | name=ebay |
"{D23EC6F5-360D-41D3-B08E-EE466744EED8}" = dir=out | name=acer crystal eye |
"{DB24A0BB-FF71-4E05-B60F-A4EFB2E59747}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E2D1B7AB-4AC0-4FD6-8D19-7BBA094CB137}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E382FFD0-186C-486E-BA0C-674EAFA8C7A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E396B59A-1E75-4EFA-A71B-E79B0FF5592E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E420B3AC-8024-45F4-B615-78CFA02D175E}" = dir=out | name=txtr reader |
"{E4C28CAC-80AA-4FBE-8A49-D024B6E8C11C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E66A8B33-F61D-48B5-959B-FC2539C2A248}" = dir=out | name=windows_ie_ac_001 |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EBE524CE-4B00-4AA3-8FCD-4347421D25E5}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{F0DF5A3C-1E27-43B7-AA14-DF88596265FE}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{F5897E7D-2128-48B3-9BAE-B2A8DB4AFC4F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{F642E066-D6F1-4780-8789-8A04A3412DD9}" = dir=out | name=7digital music store |
"{F7748343-FE7D-4781-9108-A7C2CCC334ED}" = protocol=6 | dir=out | app=system |
"{F7ABE644-22D1-42DD-8035-236DFD139613}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{FA54C35B-C8FA-417A-B58B-757A27948B36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{FBF43D7B-6239-4A30-A4BA-0B22D2191657}" = dir=out | name=acer explorer |
"{FC9214DC-AF6D-4796-ADAC-26F3EA62AE46}" = dir=out | name=@{microsoft.bingfinance_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FDD19D8D-CF2D-489A-9022-3F1F8B11C3A6}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{FE1DD242-BAB7-42F0-B5C9-19AD98CD3E54}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{FEF50E4A-4045-413C-AAA8-4215C47D011D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FFFEA71B-452B-4F05-B3AA-5E8C7BA0DEA0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{7845D72E-F76E-4049-9E78-B27DB778CB9F}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{A1B37724-2D78-4373-B6B7-1E73A6595584}C:\program files (x86)\steam\steamapps\geeds3\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\geeds3\counter-strike source\hl2.exe |
"UDP Query User{71339399-C7C1-4556-B11A-C51F0F1FBBC4}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{E12D4069-AB8D-4C14-B190-167C728E140A}C:\program files (x86)\steam\steamapps\geeds3\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\geeds3\counter-strike source\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D32367AC-8FCA-4DE8-A2C6-037AE14B4001}" = Acer Instant Update Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0170930E-68D6-4E85-88B2-82761CDE1F94}" = DayZ Commander
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}" = Savu Mouse
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1975E3-F7AA-4424-BD43-D1DA28F78A58}" = Adobe Update Manager CS4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{DDF94F8B-1239-4612-A8B3-AA425F013726}" = Adobe Setup
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_bdaf081c056f11a250e72a7a345a96c" = Adobe Update Manager CS4
"BattlEye for OA" = BattlEye for OA Uninstall
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NTREGOPT_is1" = NTREGOPT 1.1j
"Registry Recycler_is1" = Registry Recycler
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Spotify" = Spotify
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 224980" = Tomb Raider: The Last Revelation
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 550" = Left 4 Dead 2
"Steam App 730" = Counter-Strike: Global Offensive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinPcapInst" = WinPcap 4.1.2
"ZUB HELENA®_Plus_2012_is1" = ZUB HELENA® 2012 Plus
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2013 16:53:10 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.05.2013 16:53:10 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4344
Error - 17.05.2013 16:53:10 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4344
Error - 17.05.2013 16:53:11 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.05.2013 16:53:11 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5844
Error - 17.05.2013 16:53:11 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5844
Error - 17.05.2013 16:53:13 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.05.2013 16:53:13 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7360
Error - 17.05.2013 16:53:13 | Computer Name = Dennis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7360
Error - 17.05.2013 19:24:26 | Computer Name = Dennis | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ OSession Events ]
Error - 26.01.2013 11:38:44 | Computer Name = Dennis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
[ Spybot - Search and Destroy Events ]
Error - 16.05.2013 17:55:38 | Computer Name = Dennis | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 17.05.2013 10:17:17 | Computer Name = Dennis | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 17.05.2013 10:19:44 | Computer Name = Dennis | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "Acer" wurde eine Beschädigung
erkannt. Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
Die Dateireferenznummer ist 0x2000000033d67. Der Name der Datei ist "<Dateiname
kann nicht bestimmt werden>".
Error - 17.05.2013 10:20:52 | Computer Name = Dennis | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 17.05.2013 10:20:52 | Computer Name = Dennis | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 17.05.2013 12:13:01 | Computer Name = Dennis | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "Acer" wurde eine Beschädigung
erkannt. Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
Die Dateireferenznummer ist 0x2000000033d67. Der Name der Datei ist "<Dateiname
kann nicht bestimmt werden>".
Error - 17.05.2013 12:20:09 | Computer Name = Dennis | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "Acer" wurde eine Beschädigung
erkannt. Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
Die Dateireferenznummer ist 0x2000000033d67. Der Name der Datei ist "<Dateiname
kann nicht bestimmt werden>".
Error - 18.05.2013 14:38:36 | Computer Name = Dennis | Source = DCOM | ID = 10010
Description =
Error - 20.05.2013 12:08:20 | Computer Name = Dennis | Source = DCOM | ID = 10010
Description =
Error - 22.05.2013 09:11:32 | Computer Name = Dennis | Source = DCOM | ID = 10010
Description =
Error - 22.05.2013 09:11:32 | Computer Name = Dennis | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter // info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\81602.bpc"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat"
File:"Unknown ADS","C:\Users\All Users\Kaspersky Lab\AVP13\Report:kisextended:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\AVP13\Report:kisextended:$DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\MediaPlayer\PREFERENCES\HME\","S-1-5-21-1682322521-158705993-1847856961-1002"
Geändert von Dennis29 (24.05.2013 um 21:18 Uhr) |
|
24.05.2013, 20:46
| #4 |
| /// TB-Ausbilder | Verseuchter Laptop Windows 8 64 bit version Nicht nur die aktuellen Scans sondern auch das was du bisher z.b. mit Malwarebytes gemacht hast.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.05.2013, 21:01
| #5 |
| | Verseuchter Laptop Windows 8 64 bit version Das wären alle findbaren logs, hatte von mbar keine gespeichert lasse es aber nochmal laufen . Norton finde ich bisher keine logs, hmmm merkwürdig waren auch 7 tracking cookies gemeldet aber in Norton Zentrale steht nur 1 entfernt. Mbar log kommt die nächsten paar minuten nach  Ahhh GMER meckert bei start das : C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird! Kann somit nicht Schritt 3 weitermachen Code:
ATTFilter MBAR:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16580
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8399372288, free: 6151176192
------------ Kernel report ------------
05/24/2013 21:57:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\aPs2Kb2Hid.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\System32\drivers\mouclass.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Windows\system32\Drivers\rikvm_96E434EB.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\NISx64\1403010.016\SYMDS64.SYS
\SystemRoot\system32\drivers\NISx64\1403010.016\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS
\SystemRoot\system32\drivers\NISx64\1403010.016\SYMNETS.SYS
\SystemRoot\system32\drivers\NISx64\1403010.016\Ironx64.SYS
\SystemRoot\system32\drivers\NISx64\1403010.016\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130524.003\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130524.003\ENG64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130523.001\IDSvia64.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130515.001\BHDrvx64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
\??\C:\Users\dennis\AppData\Local\Temp\axloapog.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800997a060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003a\
Lower Device Object: 0xfffffa8007fdd510
Lower Device Driver Name: \Driver\iaStorA\
Device already Exists: 0xfffffa800f25cc50
Downloaded database version: v2013.05.24.07
Downloaded database version: v2013.05.22.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800997a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800997ab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800997a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8007fdd510, DeviceName: \Device\0000003a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00ae290f0, 0xfffffa800997a060, 0xfffffa8010ac6090
Lower DeviceData: 0xfffff8a021baa010, 0xfffffa8007fdd510, 0xfffffa800f25cc50
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: BA709D12
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 4102256068
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid fe9b067e-7db0-4b8f-86e0-887826ba8f7
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 4102256068
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid fe9b067e-7db0-4b8f-86e0-887826ba8f7
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID c75aef7c-e65d-4018-ac8e-34385a411e45
FirstLBA 2048 Last LBA 821247
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 876c6c1a-8fa6-4cd3-b9ce-a951f3ae18e
FirstLBA 821248 Last LBA 1435647
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID c976041c-d2b6-4c88-9d64-72c99cfa33b5
FirstLBA 1435648 Last LBA 1697791
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID fa2f97aa-905e-4c30-9dcc-c7a497df35fa
FirstLBA 1697792 Last LBA 1424250879
Attributes 0
Partition Name Basic data partition
Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID dbee38b8-bfe7-430c-9cf9-223a2dda451
FirstLBA 1424250880 Last LBA 1465147391
Attributes 1
Partition Name Basic data partition
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:29, on 24.05.2013 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Users\dennis\Downloads\Defogger.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll O4 - HKLM\..\Run: [BakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ROCCAT Savu Gaming Mouse] "C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe" /Automation O4 - HKLM\..\RunOnce: [Z1] cmd /c "C:\Users\dennis\Desktop\mbar\mbar.exe" /cleanup /s O4 - HKLM\..\RunOnce: [SpybotDeletingE5259] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp" O4 - HKLM\..\RunOnce: [SpybotDeletingE3387] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp" O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\RunOnce: [SpybotDeletingF7015] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp" O4 - HKCU\..\RunOnce: [SpybotDeletingF7950] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp" O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Lokaler Dienst') O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Netzwerkdienst') O4 - HKUS\S-1-5-21-1682322521-158705993-1847856961-1007\..\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Unknown owner - C:\Windows\system32\AdminService.exe (file missing) O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: CyberLink Product - 2012/09/04 22:00:59 (CLKMSVC10_96E434EB) - CyberLink - C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- End of file - 12913 bytes Geändert von Dennis29 (24.05.2013 um 21:27 Uhr) |
|
24.05.2013, 21:33
| #6 |
| /// TB-Ausbilder | Verseuchter Laptop Windows 8 64 bit version Ich seh auf deinen Logfiles gar nichts und ich habe nicht sonderlich Lust rätsel zu raten. Hat Spybot irgendwas an Logfiles erstelllt? Außerdem schreibt MBAR automatisch ein Logfile in sein Verzeichnis. Bitte nochmal suchen. Edit: Die ganzen Registrycleaner darfst du auch schon mal entfernen. Die sorgen nur für mehr Ärger.
__________________ --> Verseuchter Laptop Windows 8 64 bit version |
|
24.05.2013, 21:35
| #7 |
| | Verseuchter Laptop Windows 8 64 bit version Habe doch schon Spybot und Mbar logs schon eingefügt. |
|
24.05.2013, 21:39
| #8 |
| /// TB-Ausbilder | Verseuchter Laptop Windows 8 64 bit version Ich meine das Logfile in dem du deine Funde hattest, die du genannt hast.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.05.2013, 21:41
| #9 |
| | Verseuchter Laptop Windows 8 64 bit version Oben, das 3. Fenster, der Rootalyzer das waren alle funde der postet nur in die Log wenn was gefunden wurde, bzw nur die Funde. So nach suchen hab ich noch genauere Daten gefunden, evtl helfen ja diese weiter Code:
ATTFilter [i] 2013-05-17 00:12:26 System Repair: Start repair broken system entries...
[+] 2013-05-17 00:13:18 System Repair: Deleted BackupManager.exe.
[+] 2013-05-17 00:13:18 System Repair: Deleted cmmgr32.exe.
[+] 2013-05-17 00:13:18 System Repair: Deleted dfshim.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted fsquirt.exe.
[+] 2013-05-17 00:13:18 System Repair: Deleted install.exe.
[+] 2013-05-17 00:13:18 System Repair: Deleted migwiz.exe.
[+] 2013-05-17 00:13:18 System Repair: Deleted MsoHtmEd.exe.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Program Files (x86)\Acer\clear.fi SDK21\Video\.
[+] 2013-05-17 00:13:18 System Repair: Deleted setup.exe.
[+] 2013-05-17 00:13:18 System Repair: Deleted table30.exe.
[+] 2013-05-17 00:13:18 System Repair: Deleted IMTCEN14.CHM.
[+] 2013-05-17 00:13:18 System Repair: Deleted SearchProtect.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\iehost.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\wminet_utils.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.enterpriseservices.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.vsa.vb.codedomprocessor.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.configuration.install.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\ProgramData\EgisTec IPS\{1EBCCDAA-BFB5-46ad-88CF-0BF282D97F13}.1\LicenseCenter.xml.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\ProgramData\ZUB-Software\Database\DB_main_new.mdb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\ProgramData\ZUB-Software\Database\DB_epass_new.mdb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\ProgramData\ZUB-Software\Database\DB_kf_new.mdb.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\s1f2m1ki.default\extensions\toolbar@ask.com\plugins\npAviraCallingID.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Program Files (x86)\Ask.com\config.xml.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Program Files (x86)\Common Files\PX Storage Engine\pxwma.dll.
[+] 2013-05-17 00:13:18 System Repair: Deleted MsiExec /X{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {A23BFC95-4A73-410F-9248-4C2B48E38C49}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {A6353E8F-5B8D-47CC-8737-DFF032ED3973}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {A6353E8F-5B8D-47CC-8737-DFF032ED3973}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {43171CAD-DC60-4E7B-9703-B2EC18001B9F}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {488F0918-97F9-4CD0-8AD5-8986A46AC962}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {620E77C0-CDFE-4C14-AAEB-830ABB65864C}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {718E87EC-6590-485A-B12D-C01D290EDB12}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8153EC80-C988-4336-8DAF-6D99C0D26E0C}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}.
[+] 2013-05-17 00:13:18 System Repair: Deleted msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}.
[+] 2013-05-17 00:13:18 System Repair: Deleted C:\Program Files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe.
[i] 2013-05-17 00:13:18 System Repair: 85 broken system entries processed.
Code:
ATTFilter [i] 2013-05-17 00:11:08 Quarantäne: Starte Vernichtung der Einträge, die älter als 16.02.2013 sind...
[i] 2013-05-17 00:11:08 Quarantäne: Purged Zedo: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged WinRAR: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged WinRAR: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows: All detected items of product - 2013-01-26 18:05:28
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows.OpenWith: All detected items of product - 2013-01-26 18:05:28
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows.OpenWith: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows.OpenWith: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows Media SDK: All detected items of product - 2013-01-26 18:05:28
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows Media SDK: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows Media SDK: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows Explorer: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged Windows Explorer: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged WebTrends live: All detected items of product - 2012-12-19 22:52:42
[i] 2013-05-17 00:11:08 Quarantäne: Purged Verlauf: All detected items of product - 2013-01-26 18:05:28
[i] 2013-05-17 00:11:08 Quarantäne: Purged Verlauf: All detected items of product - 2013-01-15 13:17:04
[i] 2013-05-17 00:11:08 Quarantäne: Purged Verlauf: All detected items of product - 2012-12-19 22:52:45
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Wordpad: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Wordpad: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Paint: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Paint: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Office 12.0 (Word): All detected items of product - 2013-01-26 18:05:27
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Office 12.0 (Word): All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Office 12.0 (Word): All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Management Console: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Management Console: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS DirectInput: All detected items of product - 2013-01-26 18:05:27
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS DirectInput: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS DirectInput: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS DirectDraw: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS DirectDraw: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Direct3D: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged MS Direct3D: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2013-01-26 18:05:27
[i] 2013-05-17 00:11:08 Quarantäne: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2013-01-15 13:17:01
[i] 2013-05-17 00:11:08 Quarantäne: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2012-12-19 22:52:42
[i] 2013-05-17 00:11:08 Quarantäne: Purged Log: All detected items of product - 2013-01-26 18:05:27
[i] 2013-05-17 00:11:08 Quarantäne: Purged Log: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged Log: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged Internet Explorer: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged Internet Explorer: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged DoubleClick: All detected items of product - 2012-12-19 22:52:42
[i] 2013-05-17 00:11:08 Quarantäne: Purged Cookie: All detected items of product - 2013-01-26 18:05:28
[i] 2013-05-17 00:11:08 Quarantäne: Purged Cookie: All detected items of product - 2013-01-15 13:17:02
[i] 2013-05-17 00:11:08 Quarantäne: Purged Cookie: All detected items of product - 2012-12-19 22:52:43
[i] 2013-05-17 00:11:08 Quarantäne: Purged Cache: All detected items of product - 2013-01-26 18:05:28
[i] 2013-05-17 00:11:08 Quarantäne: Purged Cache: All detected items of product - 2013-01-15 13:17:03
[i] 2013-05-17 00:11:08 Quarantäne: Purged Cache: All detected items of product - 2012-12-19 22:52:44
[i] 2013-05-17 00:11:08 Quarantäne: Purged Adobe FlashPlayer Cookies: All detected items of product - 2013-01-26 18:05:27
[i] 2013-05-17 00:11:08 Quarantäne: Vernichtung der Einträge, die älter als 16.02.2013 sind abgeschlossen.
[i] 2013-05-17 00:11:14 Quarantäne: Starte Vernichtung der Einträge, die älter als 16.02.2013 sind...
[i] 2013-05-17 00:11:14 Quarantäne: Vernichtung der Einträge, die älter als 16.02.2013 sind abgeschlossen.
[i] 2013-05-17 00:11:19 Quarantäne: Starte Vernichtung der Einträge, die älter als 16.05.2013 sind...
[i] 2013-05-17 00:11:19 Quarantäne: Purged WinRAR: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged Windows: All detected items of product - 2013-03-20 09:13:54
[i] 2013-05-17 00:11:19 Quarantäne: Purged Windows: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged Windows.OpenWith: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged Windows Media SDK: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged Windows Explorer: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged Verlauf: All detected items of product - 2013-03-20 09:13:54
[i] 2013-05-17 00:11:19 Quarantäne: Purged Verlauf: All detected items of product - 2013-03-19 00:00:30
[i] 2013-05-17 00:11:19 Quarantäne: Purged MS Paint: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged MS Management Console: All detected items of product - 2013-03-20 09:13:54
[i] 2013-05-17 00:11:19 Quarantäne: Purged MS Management Console: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged MS DirectInput: All detected items of product - 2013-03-20 09:13:54
[i] 2013-05-17 00:11:19 Quarantäne: Purged MS DirectInput: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged MS DirectDraw: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2013-03-20 09:13:54
[i] 2013-05-17 00:11:19 Quarantäne: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2013-03-19 00:00:22
[i] 2013-05-17 00:11:19 Quarantäne: Purged Log: All detected items of product - 2013-03-19 00:00:22
[i] 2013-05-17 00:11:19 Quarantäne: Purged Internet Explorer: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged Cookie: All detected items of product - 2013-03-20 09:13:54
[i] 2013-05-17 00:11:19 Quarantäne: Purged Cookie: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Purged Cache: All detected items of product - 2013-03-20 09:13:54
[i] 2013-05-17 00:11:19 Quarantäne: Purged Cache: All detected items of product - 2013-03-19 00:00:23
[i] 2013-05-17 00:11:19 Quarantäne: Vernichtung der Einträge, die älter als 16.05.2013 sind abgeschlossen.
[i] 2013-05-17 00:11:26 Quarantäne: Starte Vernichtung der Einträge, die älter als 17.02.2013 sind...
[i] 2013-05-17 00:11:26 Quarantäne: Vernichtung der Einträge, die älter als 17.02.2013 sind abgeschlossen.
[i] 2013-05-17 00:11:39 Quarantäne: Starte Vernichtung der Einträge, die älter als 17.05.2013 sind...
[i] 2013-05-17 00:11:39 Quarantäne: Purged WinRAR: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged Windows: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged Windows.OpenWith: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged Windows Media SDK: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged Windows Explorer: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged Win32.Downloader.gen: All detected items of product - 2013-05-16 23:55:37
[i] 2013-05-17 00:11:39 Quarantäne: Purged Win32.Downloader.gen: All detected items of product - 2013-05-16 23:55:33
[i] 2013-05-17 00:11:39 Quarantäne: Purged Verlauf: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged MS Paint: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged MS Office 12.0 (Word): All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged MS Management Console: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged MS DirectInput: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged MS DirectDraw: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged Log: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged jZip.Toolbar: All detected items of product - 2013-05-16 23:55:33
[i] 2013-05-17 00:11:39 Quarantäne: Purged Internet Explorer: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged ilivid.Toolbar: All detected items of product - 2013-05-16 23:55:33
[i] 2013-05-17 00:11:39 Quarantäne: Purged Cookie: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Purged Cache: All detected items of product - 2013-05-16 23:55:34
[i] 2013-05-17 00:11:39 Quarantäne: Vernichtung der Einträge, die älter als 17.05.2013 sind abgeschlossen.
Code:
ATTFilter Search results from Spybot - Search & Destroy
22.05.2013 17:36:31
Scan took 00:22:21.
13 items found.
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1682322521-158705993-1847856961-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1682322521-158705993-1847856961-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1682322521-158705993-1847856961-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1682322521-158705993-1847856961-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1682322521-158705993-1847856961-1002\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1682322521-158705993-1847856961-1002\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1682322521-158705993-1847856961-1002\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cache: [SBI $49804B54] Browser: Cache (42) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
Code:
ATTFilter RootAlyzer Quick Scan Results
Dateien im Windows-Verzeichnis
----------------------------------------
102 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================
Dateien im Systemverzeichnis
----------------------------------------
2872 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================
Systemweite Starteinträge
----------------------------------------
Keine versteckten Einträge gefunden.
========================================
Winlogon-Einträge
----------------------------------------
Keine versteckten Einträge gefunden.
========================================
Versteckte Prozesse (mittels Handles)
----------------------------------------
0 Handle-Prozess-IDs für 93 Prozesse.
Keine versteckten Prozesse entdeckt.
========================================
Versteckte Prozesse (mittels Threads)
----------------------------------------
93 Prozesse überprüft.
Keine versteckten Prozesse entdeckt.
========================================
Master Boot Records
----------------------------------------
1 MBRs überprüft.
Unbekannte MBRs: PhysicalDrive0
PhysicalDrive0
========================================
Gmer lädt nicht hmmmm, egal ob ausgeführt als Admin oder nicht. Achso hatte ich vergessen zuerwähnen heute Mittag musste ich 2 Std kämpfen um wieder ins Internet zukommen, egal ob Wlan oder per Lan ging innerhalb 2 sec spontan nichtmehr, bei mir wurde kein einziges Netzwerkgerät in der Netzwerkumgebung, trotz mehrfachen Neustart und Flügmodus an/aus wechseln, danach per lan nix ging einfach nix und im Gerätemanager mit dem gelben problem/konflikt -zeichen doch aufeinmal, zudem wurden auch zusätzliche Netzwerkgeräte angezeigt, die ich nie installiert habe. hatte ca 12 Netzwerkgeräte da ..... Würde auch evtl ein Screenshot von meinem Taskmanager helfen? Geändert von Dennis29 (24.05.2013 um 22:04 Uhr) |
|
25.05.2013, 11:46
| #10 |
| /// TB-Ausbilder | Verseuchter Laptop Windows 8 64 bit version Spybot ist einfach nicht mehr das Mittel der Wahl wenn es um solche Probleme geht also lieber Finger weg davon. So - versprechen kann ich dir nix, aber wir fangen mal an: !! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst: Bitte lesen:Regeln für die Bereinigung
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
25.05.2013, 13:13
| #11 |
| | Verseuchter Laptop Windows 8 64 bit version Bin bis Sonntag evtl. auch schon bis morgen Abend geschäftlich unterwegs, habe ja zum Glück einen Firmenlaptop, bis dorthin zur Verfügung. Werde die Schritte sobald ich wieder zuhause bin abarbeiten. Vielen Dank für die kompetente Hilfe. |
|
25.05.2013, 15:30
| #12 |
| /// TB-Ausbilder | Verseuchter Laptop Windows 8 64 bit version Notiz an mich: Logfile bis spätestens Sonntagabend.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
26.05.2013, 19:04
| #13 |
| | Verseuchter Laptop Windows 8 64 bit version Soo sorry für die späte Meldung aber musste mir meinen Internetzugang wiedermal erkämpfen :/ Hier die beiden logs von Farbars: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-05-2013 03
Ran by dennis (administrator) on 26-05-2013 19:59:48
Running from C:\Users\dennis\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\$SysReset\Framework\Stack\SystemResetOSUpdates.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Qualcomm Atheros) c:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\dennis\Downloads\FRST64.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [650648 2012-07-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [64640 2012-07-31] ()
HKLM-x32\...\Run: [BakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] [x]
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [x]
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe" [25608 2012-12-20] (Kaspersky Lab ZAO)
HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-07-20] (Acer Incorporated)
HKU\UpdatusUser.000\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-07-20] (Acer Incorporated)
HKU\UpdatusUser.001\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-07-20] (Acer Incorporated)
HKU\UpdatusUser.002\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-07-20] (Acer Incorporated)
HKU\UpdatusUser.003\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-07-20] (Acer Incorporated)
HKU\UpdatusUser.004\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [1845392 2012-07-20] (Acer Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-07-31] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU SearchScopes: DefaultScope {595B4868-2D76-4051-944A-279993CBA921} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\21i214iw.default
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
==================== Services (Whitelisted) =================
S2 0230311369586906mcinstcleanup; C:\Windows\TEMP\023031~1.EXE [833616 2013-01-30] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [243728 2012-07-04] (CyberLink)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-04] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
==================== Drivers (Whitelisted) ====================
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [612696 2012-11-02] (Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [48472 2012-10-23] (Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
R3 L1C; C:\Windows\system32\DRIVERS\L1C63x64.sys [110744 2012-06-21] (Qualcomm Atheros Co., Ltd.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-04] (Dritek System Inc.)
R1 ccSet_NARA; \SystemRoot\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-27 04:36 - 2013-05-27 04:36 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-05-27 04:36 - 2013-05-27 04:36 - 00000000 ____D C:\Windows.old
2013-05-27 04:12 - 2013-05-27 04:13 - 00000000 ___HD C:\$SysReset
2013-05-26 19:59 - 2013-05-26 19:59 - 00000000 ____D C:\FRST
2013-05-26 19:58 - 2013-05-26 19:59 - 01915176 ____A (Farbar) C:\Users\dennis\Desktop\FRST64.exe
2013-05-26 19:56 - 2013-05-26 19:56 - 00002220 ____A C:\Users\dennis\Desktop\Sicherer Zahlungsverkehr.lnk
2013-05-26 19:56 - 2013-05-26 19:55 - 00001082 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-05-26 19:55 - 2013-05-26 19:55 - 00000167 ____A C:\Windows\System32\netcfg-276171.txt
2013-05-26 19:55 - 2012-12-10 15:14 - 00098064 ____A (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2013-05-26 19:55 - 2012-12-10 15:14 - 00067344 ____A (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2013-05-26 19:55 - 2012-07-11 17:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll
2013-05-26 19:54 - 2013-05-26 19:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-26 19:54 - 2013-05-26 19:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-05-26 19:53 - 2012-11-02 15:48 - 00612696 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2013-05-26 19:53 - 2012-11-02 15:48 - 00089944 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2013-05-26 19:52 - 2013-05-26 19:52 - 00000117 ____A C:\Windows\System32\netcfg-80171.txt
2013-05-26 19:50 - 2013-05-26 19:50 - 00000117 ____A C:\Windows\System32\netcfg-583093.txt
2013-05-26 19:48 - 2013-05-26 19:48 - 00000117 ____A C:\Windows\System32\netcfg-476375.txt
2013-05-26 19:38 - 2013-05-26 19:38 - 00000117 ____A C:\Windows\System32\netcfg-3715921.txt
2013-05-26 19:37 - 2013-05-26 19:39 - 00000000 ___HD C:\kleaner.tmp
2013-05-26 19:31 - 2012-04-20 16:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2013-05-26 19:24 - 2013-05-26 19:24 - 00000000 ____D C:\Users\dennis\AppData\Local\CrashDumps
2013-05-26 19:21 - 2013-05-26 19:21 - 00000246 ____A C:\Users\dennis\Downloads\defogger_enable.log
2013-05-26 19:20 - 2013-05-26 19:21 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Mozilla
2013-05-26 19:20 - 2013-05-26 19:20 - 00000000 ____D C:\Users\dennis\AppData\Local\Mozilla
2013-05-26 19:18 - 2013-05-26 19:18 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 19:17 - 2013-05-26 19:17 - 21151576 ____A (Mozilla) C:\Users\dennis\Downloads\Firefox Setup 21.0 (1).exe
2013-05-26 19:17 - 2013-05-26 19:17 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Macromedia
2013-05-26 19:13 - 2013-05-26 19:54 - 00145846 ____A C:\Windows\WindowsUpdate.log
2013-05-26 19:13 - 2013-05-26 19:13 - 00000117 ____A C:\Windows\System32\netcfg-2186703.txt
2013-05-26 19:13 - 2013-05-26 19:13 - 00000117 ____A C:\Windows\System32\netcfg-2186203.txt
2013-05-26 18:53 - 2013-05-26 18:53 - 00000000 ____D C:\Users\dennis\AppData\Local\EgisTec IPS
2013-05-26 18:48 - 2013-05-26 18:48 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Atheros
2013-05-26 18:46 - 2013-05-26 18:46 - 00002609 ____A C:\Users\Public\Desktop\eBay.lnk
2013-05-26 18:46 - 2013-05-26 18:46 - 00002023 ____A C:\Users\Public\Desktop\LOVEFiLM.lnk
2013-05-26 18:46 - 2013-05-26 18:46 - 00000000 ____D C:\Program Files (x86)\OEM
2013-05-26 18:45 - 2013-05-26 18:45 - 00001732 ____A C:\Users\Public\Desktop\Online kaufen.lnk
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Users\dennis\AppData\Roaming\lm
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Adobe
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Program Files\Preload
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Program Files\Accessory Store
2013-05-26 18:43 - 2013-05-26 18:43 - 00000020 ___SH C:\Users\dennis\ntuser.ini
2013-05-26 18:43 - 2013-05-26 18:43 - 00000000 ____D C:\Users\dennis\AppData\Local\VirtualStore
2013-05-26 18:40 - 2013-05-26 18:40 - 00000020 ___SH C:\Users\UpdatusUser.001\ntuser.ini
2013-05-26 18:38 - 2013-05-26 19:34 - 00000000 ____D C:\users\dennis
2013-05-26 18:38 - 2013-05-26 18:40 - 00000000 ____D C:\users\UpdatusUser.001
2013-05-26 18:38 - 2013-05-26 18:39 - 00043818 ____A C:\Windows\diagwrn.xml
2013-05-26 18:38 - 2013-05-26 18:39 - 00043818 ____A C:\Windows\diagerr.xml
2013-05-26 18:38 - 2013-05-26 18:39 - 00000000 ____D C:\users\UpdatusUser.004
2013-05-26 18:38 - 2013-05-26 18:39 - 00000000 ____D C:\users\UpdatusUser.003
2013-05-26 18:38 - 2013-05-26 18:39 - 00000000 ____D C:\users\UpdatusUser.002
2013-05-26 18:38 - 2013-05-26 18:38 - 00000117 ____A C:\Windows\System32\netcfg-87468.txt
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.000
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Startmenü
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Startmenü
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Dokumente
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-05-25 00:15 - 2013-05-25 00:19 - 165141856 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\kav13.0.1.4190de-de.exe
2013-05-25 00:15 - 2013-05-25 00:18 - 176212264 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\kis13.0.1.4190de-de.exe
2013-05-25 00:13 - 2013-05-25 00:17 - 188740896 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\pure13.0.2.558DE_4340.exe
2013-05-24 23:34 - 2013-05-24 23:34 - 00172052 ____A C:\Users\dennis\Documents\cc_20130524_233440.reg
2013-05-24 21:56 - 2013-05-24 22:07 - 00000000 ____D C:\Users\dennis\Desktop\mbar
2013-05-24 21:39 - 2013-05-24 21:39 - 00076252 ____A C:\Users\dennis\Downloads\Extras.Txt
2013-05-24 21:38 - 2013-05-24 21:38 - 00140104 ____A C:\Users\dennis\Downloads\OTL.Txt
2013-05-24 20:44 - 2013-05-24 21:00 - 00000474 ____A C:\Users\dennis\Downloads\defogger_disable.log
2013-05-24 20:21 - 2013-05-24 20:21 - 00377856 ____A C:\Users\dennis\Desktop\gmer_2.1.19163(1).exe
2013-05-24 20:20 - 2013-05-24 20:20 - 00050477 ____A C:\Users\dennis\Downloads\Defogger.exe
2013-05-24 20:18 - 2013-05-24 20:20 - 00602112 ____A (OldTimer Tools) C:\Users\dennis\Downloads\OTL.exe
2013-05-24 19:36 - 2013-05-24 19:36 - 00377856 ____A C:\Users\dennis\Downloads\gmer_2.1.19163.exe
2013-05-24 19:25 - 2013-05-24 19:25 - 00003344 ____A C:\{7BCD4120-C69E-4398-888E-C6C2B5425867}
2013-05-24 19:12 - 2013-05-24 19:22 - 12917756 ____A C:\Users\dennis\Downloads\mbar-1.05.0.1001.zip
2013-05-24 18:45 - 2013-05-24 18:45 - 01183936 ____A (Developer Tribe (Pvt) Ltd. ) C:\Users\dennis\Downloads\setup_rr.exe
2013-05-24 18:42 - 2013-05-24 18:42 - 00483809 ____A (Lars Hederer ) C:\Users\dennis\Downloads\ntregopt-setup.exe
2013-05-24 18:14 - 2013-05-24 18:15 - 165050896 ____N (Symantec Corporation) C:\Users\dennis\Downloads\NIS_20.3.1.22_SYMTB_TMD_MRFTT_620_9001.exe
2013-05-24 18:12 - 2013-05-24 18:12 - 00065893 ____A C:\Users\dennis\Downloads\antivir11_rootkit.zip
2013-05-24 18:00 - 2013-05-24 18:00 - 02140631 ____A C:\Users\dennis\Downloads\SharePod_3.99.zip
2013-05-24 17:52 - 2013-05-24 17:53 - 01339288 ____A C:\Users\dennis\Downloads\sar_15_sfx.exe
2013-05-23 22:34 - 2013-05-23 22:34 - 00001075 ____A C:\Users\dennis\Desktop\DESK.txt
2013-05-23 18:46 - 2013-05-23 18:46 - 00000000 ____D C:\Users\dennis\Desktop\RetroshARE
2013-05-20 23:44 - 2013-05-23 21:59 - 00000000 ____D C:\Users\dennis\Desktop\Musik
2013-05-20 18:17 - 2013-05-23 21:49 - 00000000 ____D C:\Users\dennis\Desktop\Best of Summer
2013-05-17 03:33 - 2013-05-17 03:33 - 21151576 ____A (Mozilla) C:\Users\dennis\Downloads\Firefox Setup 21.0.exe
2013-05-17 00:35 - 2013-05-17 00:35 - 04346816 ____A (Piriform Ltd) C:\Users\dennis\Downloads\ccsetup401.exe
2013-05-16 21:33 - 2013-05-16 21:34 - 00081536 ____A (Conduit) C:\ministub.exe
2013-05-16 21:25 - 2013-05-16 21:42 - 00000009 ____A C:\END
2013-05-16 10:42 - 2013-05-16 10:42 - 03389035 ____A C:\Users\dennis\Downloads\eMule0.50a-Installer.exe
2013-05-16 00:44 - 2013-05-16 00:44 - 00804552 ____A (Koyote-Lab Inc.) C:\Users\dennis\Downloads\FreeFLVConverter75Setup.exe
2013-05-16 00:30 - 2013-05-16 01:27 - 00000000 ____D C:\Users\dennis\dwhelper
2013-05-15 01:14 - 2013-05-15 01:14 - 07757362 ____A C:\Users\dennis\Downloads\DIR-300_fw_revb_214b01_ALL_de_20130206.zip
2013-05-15 01:14 - 2013-05-15 01:14 - 02501599 ____A C:\Users\dennis\Downloads\DIR-300_fw_reva_106b02_ALL_de_20130411.zip
2013-05-15 01:11 - 2013-05-15 01:11 - 00001908 ____A C:\Users\dennis\Downloads\config.bin
==================== One Month Modified Files and Folders =======
2013-05-27 04:36 - 2013-05-27 04:36 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-05-27 04:36 - 2013-05-27 04:36 - 00000000 ____D C:\Windows.old
2013-05-27 04:36 - 2012-07-26 10:13 - 00262144 ____A C:\Windows\System32\config\BCD-Template
2013-05-27 04:13 - 2013-05-27 04:12 - 00000000 ___HD C:\$SysReset
2013-05-26 20:00 - 2013-05-26 19:13 - 00145846 ____A C:\Windows\WindowsUpdate.log
2013-05-26 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-05-26 19:59 - 2013-05-26 19:59 - 00000000 ____D C:\FRST
2013-05-26 19:59 - 2013-05-26 19:58 - 01915176 ____A (Farbar) C:\Users\dennis\Desktop\FRST64.exe
2013-05-26 19:58 - 2013-05-26 19:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-26 19:56 - 2013-05-26 19:56 - 00002220 ____A C:\Users\dennis\Desktop\Sicherer Zahlungsverkehr.lnk
2013-05-26 19:55 - 2013-05-26 19:56 - 00001082 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-05-26 19:55 - 2013-05-26 19:55 - 00000167 ____A C:\Windows\System32\netcfg-276171.txt
2013-05-26 19:55 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-05-26 19:54 - 2013-05-26 19:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-05-26 19:54 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-05-26 19:52 - 2013-05-26 19:52 - 00000117 ____A C:\Windows\System32\netcfg-80171.txt
2013-05-26 19:52 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 19:50 - 2013-05-26 19:50 - 00000117 ____A C:\Windows\System32\netcfg-583093.txt
2013-05-26 19:50 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-05-26 19:48 - 2013-05-26 19:48 - 00000117 ____A C:\Windows\System32\netcfg-476375.txt
2013-05-26 19:47 - 2012-09-05 07:00 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-05-26 19:47 - 2012-09-05 07:00 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-05-26 19:47 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-26 19:41 - 2012-08-02 13:33 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-05-26 19:41 - 2012-08-02 13:15 - 00100838 ____A C:\Windows\PFRO.log
2013-05-26 19:41 - 2012-07-26 09:19 - 00281248 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-26 19:39 - 2013-05-26 19:37 - 00000000 ___HD C:\kleaner.tmp
2013-05-26 19:38 - 2013-05-26 19:38 - 00000117 ____A C:\Windows\System32\netcfg-3715921.txt
2013-05-26 19:34 - 2013-05-26 18:38 - 00000000 ____D C:\users\dennis
2013-05-26 19:24 - 2013-05-26 19:24 - 00000000 ____D C:\Users\dennis\AppData\Local\CrashDumps
2013-05-26 19:22 - 2012-08-02 13:33 - 00000000 ____D C:\ProgramData\McAfee
2013-05-26 19:21 - 2013-05-26 19:21 - 00000246 ____A C:\Users\dennis\Downloads\defogger_enable.log
2013-05-26 19:21 - 2013-05-26 19:20 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Mozilla
2013-05-26 19:20 - 2013-05-26 19:20 - 00000000 ____D C:\Users\dennis\AppData\Local\Mozilla
2013-05-26 19:18 - 2013-05-26 19:18 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 19:17 - 2013-05-26 19:17 - 21151576 ____A (Mozilla) C:\Users\dennis\Downloads\Firefox Setup 21.0 (1).exe
2013-05-26 19:17 - 2013-05-26 19:17 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Macromedia
2013-05-26 19:13 - 2013-05-26 19:13 - 00000117 ____A C:\Windows\System32\netcfg-2186703.txt
2013-05-26 19:13 - 2013-05-26 19:13 - 00000117 ____A C:\Windows\System32\netcfg-2186203.txt
2013-05-26 18:53 - 2013-05-26 18:53 - 00000000 ____D C:\Users\dennis\AppData\Local\EgisTec IPS
2013-05-26 18:48 - 2013-05-26 18:48 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Atheros
2013-05-26 18:47 - 2012-08-02 14:09 - 00000000 ___HD C:\OEM
2013-05-26 18:46 - 2013-05-26 18:46 - 00002609 ____A C:\Users\Public\Desktop\eBay.lnk
2013-05-26 18:46 - 2013-05-26 18:46 - 00002023 ____A C:\Users\Public\Desktop\LOVEFiLM.lnk
2013-05-26 18:46 - 2013-05-26 18:46 - 00000000 ____D C:\Program Files (x86)\OEM
2013-05-26 18:45 - 2013-05-26 18:45 - 00001732 ____A C:\Users\Public\Desktop\Online kaufen.lnk
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Users\dennis\AppData\Roaming\lm
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Adobe
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Program Files\Preload
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Program Files\Accessory Store
2013-05-26 18:45 - 2012-11-30 22:43 - 00000000 ____D C:\Users\dennis\AppData\Local\Packages
2013-05-26 18:45 - 2012-09-04 21:53 - 00000000 ____D C:\ProgramData\OEM
2013-05-26 18:43 - 2013-05-26 18:43 - 00000020 ___SH C:\Users\dennis\ntuser.ini
2013-05-26 18:43 - 2013-05-26 18:43 - 00000000 ____D C:\Users\dennis\AppData\Local\VirtualStore
2013-05-26 18:43 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-05-26 18:43 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-26 18:40 - 2013-05-26 18:40 - 00000020 ___SH C:\Users\UpdatusUser.001\ntuser.ini
2013-05-26 18:40 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.001
2013-05-26 18:39 - 2013-05-26 18:38 - 00043818 ____A C:\Windows\diagwrn.xml
2013-05-26 18:39 - 2013-05-26 18:38 - 00043818 ____A C:\Windows\diagerr.xml
2013-05-26 18:39 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.004
2013-05-26 18:39 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.003
2013-05-26 18:39 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.002
2013-05-26 18:39 - 2013-03-27 22:37 - 00000000 ____D C:\Users\dennis\Desktop\Divx
2013-05-26 18:39 - 2012-12-20 00:52 - 00000000 ___RD C:\Users\dennis\Desktop\Sicherheit
2013-05-26 18:39 - 2012-12-02 12:29 - 00000000 ____D C:\Users\dennis\Desktop\Energiefachberater
2013-05-26 18:39 - 2012-12-02 12:25 - 00000000 ___RD C:\Users\dennis\Desktop\Anwendungen
2013-05-26 18:39 - 2012-07-26 10:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-26 18:39 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\Recovery
2013-05-26 18:39 - 2012-07-26 09:21 - 00034581 ____A C:\Windows\setupact.log
2013-05-26 18:39 - 2012-07-26 07:37 - 00000000 __RHD C:\users\Default
2013-05-26 18:38 - 2013-05-26 18:38 - 00000117 ____A C:\Windows\System32\netcfg-87468.txt
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.001\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.000
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Startmenü
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Startmenü
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Dokumente
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-05-25 00:19 - 2013-05-25 00:15 - 165141856 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\kav13.0.1.4190de-de.exe
2013-05-25 00:18 - 2013-05-25 00:15 - 176212264 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\kis13.0.1.4190de-de.exe
2013-05-25 00:17 - 2013-05-25 00:13 - 188740896 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\pure13.0.2.558DE_4340.exe
2013-05-24 23:34 - 2013-05-24 23:34 - 00172052 ____A C:\Users\dennis\Documents\cc_20130524_233440.reg
2013-05-24 22:07 - 2013-05-24 21:56 - 00000000 ____D C:\Users\dennis\Desktop\mbar
2013-05-24 21:39 - 2013-05-24 21:39 - 00076252 ____A C:\Users\dennis\Downloads\Extras.Txt
2013-05-24 21:38 - 2013-05-24 21:38 - 00140104 ____A C:\Users\dennis\Downloads\OTL.Txt
2013-05-24 21:00 - 2013-05-24 20:44 - 00000474 ____A C:\Users\dennis\Downloads\defogger_disable.log
2013-05-24 20:21 - 2013-05-24 20:21 - 00377856 ____A C:\Users\dennis\Desktop\gmer_2.1.19163(1).exe
2013-05-24 20:20 - 2013-05-24 20:20 - 00050477 ____A C:\Users\dennis\Downloads\Defogger.exe
2013-05-24 20:20 - 2013-05-24 20:18 - 00602112 ____A (OldTimer Tools) C:\Users\dennis\Downloads\OTL.exe
2013-05-24 19:36 - 2013-05-24 19:36 - 00377856 ____A C:\Users\dennis\Downloads\gmer_2.1.19163.exe
2013-05-24 19:25 - 2013-05-24 19:25 - 00003344 ____A C:\{7BCD4120-C69E-4398-888E-C6C2B5425867}
2013-05-24 19:22 - 2013-05-24 19:12 - 12917756 ____A C:\Users\dennis\Downloads\mbar-1.05.0.1001.zip
2013-05-24 18:45 - 2013-05-24 18:45 - 01183936 ____A (Developer Tribe (Pvt) Ltd. ) C:\Users\dennis\Downloads\setup_rr.exe
2013-05-24 18:42 - 2013-05-24 18:42 - 00483809 ____A (Lars Hederer ) C:\Users\dennis\Downloads\ntregopt-setup.exe
2013-05-24 18:15 - 2013-05-24 18:14 - 165050896 ____N (Symantec Corporation) C:\Users\dennis\Downloads\NIS_20.3.1.22_SYMTB_TMD_MRFTT_620_9001.exe
2013-05-24 18:12 - 2013-05-24 18:12 - 00065893 ____A C:\Users\dennis\Downloads\antivir11_rootkit.zip
2013-05-24 18:00 - 2013-05-24 18:00 - 02140631 ____A C:\Users\dennis\Downloads\SharePod_3.99.zip
2013-05-24 17:53 - 2013-05-24 17:52 - 01339288 ____A C:\Users\dennis\Downloads\sar_15_sfx.exe
2013-05-24 01:38 - 2013-02-11 21:34 - 00000000 ____D C:\Users\dennis\Desktop\11.02
2013-05-24 01:38 - 2013-02-10 20:11 - 00000000 ____D C:\Users\dennis\Desktop\Sandra
2013-05-24 01:38 - 2012-12-14 22:54 - 00000000 ____D C:\Users\dennis\Documents\Command and Conquer Generals Zero Hour Data
2013-05-23 22:34 - 2013-05-23 22:34 - 00001075 ____A C:\Users\dennis\Desktop\DESK.txt
2013-05-23 21:59 - 2013-05-20 23:44 - 00000000 ____D C:\Users\dennis\Desktop\Musik
2013-05-23 21:49 - 2013-05-20 18:17 - 00000000 ____D C:\Users\dennis\Desktop\Best of Summer
2013-05-23 18:46 - 2013-05-23 18:46 - 00000000 ____D C:\Users\dennis\Desktop\RetroshARE
2013-05-17 03:33 - 2013-05-17 03:33 - 21151576 ____A (Mozilla) C:\Users\dennis\Downloads\Firefox Setup 21.0.exe
2013-05-17 00:35 - 2013-05-17 00:35 - 04346816 ____A (Piriform Ltd) C:\Users\dennis\Downloads\ccsetup401.exe
2013-05-16 21:42 - 2013-05-16 21:25 - 00000009 ____A C:\END
2013-05-16 21:34 - 2013-05-16 21:33 - 00081536 ____A (Conduit) C:\ministub.exe
2013-05-16 10:42 - 2013-05-16 10:42 - 03389035 ____A C:\Users\dennis\Downloads\eMule0.50a-Installer.exe
2013-05-16 01:27 - 2013-05-16 00:30 - 00000000 ____D C:\Users\dennis\dwhelper
2013-05-16 00:44 - 2013-05-16 00:44 - 00804552 ____A (Koyote-Lab Inc.) C:\Users\dennis\Downloads\FreeFLVConverter75Setup.exe
2013-05-15 01:14 - 2013-05-15 01:14 - 07757362 ____A C:\Users\dennis\Downloads\DIR-300_fw_revb_214b01_ALL_de_20130206.zip
2013-05-15 01:14 - 2013-05-15 01:14 - 02501599 ____A C:\Users\dennis\Downloads\DIR-300_fw_reva_106b02_ALL_de_20130411.zip
2013-05-15 01:11 - 2013-05-15 01:11 - 00001908 ____A C:\Users\dennis\Downloads\config.bin
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2012-07-26 01:55] - [2012-07-26 05:08] - 0516608 ____A (Microsoft Corporation) 93AB226C07A9789B2EC7B41F73602F76
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-07-26 02:00] - [2012-07-26 05:08] - 0030208 ____A (Microsoft Corporation) 57350BEDE3834915B6145B67C71C7BDA
C:\Windows\SysWOW64\svchost.exe
[2012-07-26 02:01] - [2012-07-26 05:20] - 0023040 ____A (Microsoft Corporation) 0A175AF8B65797BD22C11903A8BFEB2D
C:\Windows\System32\services.exe
[2012-07-26 07:26] - [2012-07-26 07:26] - 0410624 ____A (Microsoft Corporation) 754A2CC1F32107EA87CBD305ABE3E618
C:\Windows\System32\User32.dll
[2012-07-26 02:01] - [2012-07-26 05:07] - 1342464 ____A (Microsoft Corporation) 1D08594400EE1B500B93256795FE30AE
C:\Windows\SysWOW64\User32.dll
[2012-07-26 02:02] - [2012-07-26 02:02] - 1126912 ____A (Microsoft Corporation) 8A93F57772FD24959F76A65FF79D282D
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2012-08-02 13:15
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2013 03
Ran by dennis at 2013-05-26 20:01:06 Run:
Running from C:\Users\dennis\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
clear.fi SDK - Video 2 (Version: 2.1.1910)
clear.fi SDK- Movie 2 (Version: 2.1.1910)
Acer Backup Manager (Version: 4.0.0.0053)
Acer Device Fast-lane (Version: 1.00.3003)
Acer Instant Update Service (Version: 1.00.3012)
Acer Power Management (Version: 7.00.3003)
Acer Recovery Management (Version: 6.00.3006)
AcerCloud (Version: 2.01.3112)
AcerCloud Docs (Version: 1.00.3103)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Aloha TriPeaks (Version: 2.2.0.98)
ALPS Touch Pad Driver (Version: 8.100.2020.106)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 2.1.0.4)
Backup Manager v4 (Version: 4.0.0.0053)
Bejeweled 3 (Version: 2.2.0.98)
clear.fi Media (Version: 2.01.3107)
clear.fi Photo (Version: 2.01.3107)
CyberLink MediaEspresso 6.5 (Version: 6.5.3103_44819)
Delicious: Emily's True Love Premium Edition (Version: 2.2.0.98)
Dolby Home Theater v4 (Version: 7.2.8000.16)
eBay Worldwide (Version: 2.3.0630)
Final Drive: Nitro (Version: 2.2.0.95)
Governor of Poker 2 Premium Edition (Version: 2.2.0.110)
Identity Card (Version: 2.00.3002)
Intel(R) Management Engine Components (Version: 8.1.0.1252)
Intel(R) Processor Graphics (Version: 9.17.10.2828)
Intel(R) Rapid Storage Technology (Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Island Tribe (Version: 2.2.0.98)
Jewel Match 3 (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Launch Manager (Version: 7.0.4)
Live Updater (Version: 2.00.3002)
Magic Academy (Version: 2.2.0.98)
Microsoft Office (Version: 14.0.6120.5004)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (Version: 4.0.14.35)
MyWinLocker Suite (Version: 4.0.14.24)
Norton Online Backup (Version: 2.2.3.45)
Norton Online Backup ARA (Version: 4.1.0.10)
NTI Media Maker 9 (Version: 9.0.2.9008)
NVIDIA Grafiktreiber 305.46 (Version: 305.46)
NVIDIA Install Application (Version: 2.1002.82.513)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (Version: 9.12.0613)
NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613)
NVIDIA Systemsteuerung 305.46 (Version: 305.46)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office Addin (Version: 2.01.3102)
Penguins! (Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
Polar Bowler (Version: 2.2.0.97)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.204)
Qualcomm Atheros WiFi Driver Installation (Version: 11.05)
Realtek High Definition Audio Driver (Version: 6.0.1.6695)
Realtek PCIE Card Reader (Version: 6.2.8400.28123)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Spotify (Version: 0.8.4.99.ga249b5f1)
Tales of Lagoona (Version: 2.2.0.110)
Update Installer for WildTangent Games App
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Version: 4.0.9.3)
Zuma's Revenge (Version: 2.2.0.98)
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/26/2013 07:52:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: 023031~1.EXE, Version: 7.1.107.0, Zeitstempel: 0x51098160
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x690
Startzeit der fehlerhaften Anwendung: 0x023031~1.EXE0
Pfad der fehlerhaften Anwendung: 023031~1.EXE1
Pfad des fehlerhaften Moduls: 023031~1.EXE2
Berichtskennung: 023031~1.EXE3
Vollständiger Name des fehlerhaften Pakets: 023031~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 023031~1.EXE5
Error: (05/26/2013 07:42:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: 023031~1.EXE, Version: 7.1.107.0, Zeitstempel: 0x51098160
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x664
Startzeit der fehlerhaften Anwendung: 0x023031~1.EXE0
Pfad der fehlerhaften Anwendung: 023031~1.EXE1
Pfad des fehlerhaften Moduls: 023031~1.EXE2
Berichtskennung: 023031~1.EXE3
Vollständiger Name des fehlerhaften Pakets: 023031~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 023031~1.EXE5
Error: (05/26/2013 07:24:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: McSvHost.exe, Version: 2.6.195.0, Zeitstempel: 0x4face9fb
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010acd2
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000ea2b9
ID des fehlerhaften Prozesses: 0x408
Startzeit der fehlerhaften Anwendung: 0xMcSvHost.exe0
Pfad der fehlerhaften Anwendung: McSvHost.exe1
Pfad des fehlerhaften Moduls: McSvHost.exe2
Berichtskennung: McSvHost.exe3
Vollständiger Name des fehlerhaften Pakets: McSvHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McSvHost.exe5
Error: (05/26/2013 07:24:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mcagent.exe, Version: 11.6.385.0, Zeitstempel: 0x4fe3c8dd
Name des fehlerhaften Moduls: mcagent.exe, Version: 11.6.385.0, Zeitstempel: 0x4fe3c8dd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000012c19
ID des fehlerhaften Prozesses: 0x9a4
Startzeit der fehlerhaften Anwendung: 0xmcagent.exe0
Pfad der fehlerhaften Anwendung: mcagent.exe1
Pfad des fehlerhaften Moduls: mcagent.exe2
Berichtskennung: mcagent.exe3
Vollständiger Name des fehlerhaften Pakets: mcagent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mcagent.exe5
Error: (05/26/2013 06:38:20 PM) (Source: ESENT) (User: )
Description: services (736) Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (05/26/2013 06:38:20 PM) (Source: ESENT) (User: )
Description: services (736) Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\WINDOWS\Security\Database\secedit.sdb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
System errors:
=============
Error: (05/26/2013 07:55:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Network Agent" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist möglicherweise nicht installiert.
Error: (05/26/2013 07:55:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee VirusScan Announcer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/26/2013 07:55:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee VirusScan Announcer erreicht.
Error: (05/26/2013 07:55:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/26/2013 07:55:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Services erreicht.
Error: (05/26/2013 07:52:32 PM) (Source: Service Control Manager) (User: )
Description: Dienst "McAfee Application Installer Cleanup (0230311369586906)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/26/2013 07:52:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist möglicherweise nicht installiert.
Error: (05/26/2013 07:52:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Proxy Service" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist möglicherweise nicht installiert.
Error: (05/26/2013 07:52:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist möglicherweise nicht installiert.
Error: (05/26/2013 07:49:50 PM) (Source: DCOM) (User: DENNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Microsoft Office Sessions:
=========================
Error: (05/26/2013 07:52:28 PM) (Source: Application Error)(User: )
Description: 023031~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000050000000069001ce5a39bea3242bC:\Windows\TEMP\023031~1.EXEunknown07a0caae-c62d-11e2-be71-4c72b993a0f0
Error: (05/26/2013 07:42:33 PM) (Source: Application Error)(User: )
Description: 023031~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000050000000066401ce5a38558b9199C:\Windows\TEMP\023031~1.EXEunknowna48cdd0b-c62b-11e2-be70-4c72b993a0f0
Error: (05/26/2013 07:24:58 PM) (Source: Application Error)(User: )
Description: McSvHost.exe2.6.195.04face9fbntdll.dll6.2.9200.163845010acd2c000037400000000000ea2b940801ce5a30b026022fC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\SYSTEM32\ntdll.dll2fe676e5-c629-11e2-be6f-4c72b993a0f0
Error: (05/26/2013 07:24:15 PM) (Source: Application Error)(User: )
Description: mcagent.exe11.6.385.04fe3c8ddmcagent.exe11.6.385.04fe3c8ddc00000050000000000012c199a401ce5a30be01dc5aC:\Program Files\mcafee.com\agent\mcagent.exeC:\Program Files\mcafee.com\agent\mcagent.exe1619ed99-c629-11e2-be6f-4c72b993a0f0
Error: (05/26/2013 06:38:20 PM) (Source: ESENT)(User: )
Description: services736-1216
Error: (05/26/2013 06:38:20 PM) (Source: ESENT)(User: )
Description: services736-1216C:\WINDOWS\Security\Database\secedit.sdb
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8010.27 MB
Available physical RAM: 5881.3 MB
Total Pagefile: 12618.27 MB
Available Pagefile: 10426.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:678.33 GB) (Free:516.2 GB) NTFS (Disk=0 Partition=4)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: BA709D12)
Partition: GPT Partition Type
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 22:44:22
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 TOSHIBA_MQ01ABD075 rev.AX002J 698,64GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\dennis\AppData\Local\Temp\axloapog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff8014fc6441c 1 byte [31]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb742cd8f8 7 bytes JMP 000007fc73d402d0
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb742db1a4 7 bytes JMP 000007fc73d40308
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb742db214 7 bytes JMP 000007fc73d40340
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb742db238 8 bytes JMP 000007fc73d40298
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb742db87c 8 bytes JMP 000007fc73d40378
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb73d52850 1 byte JMP 000007fc73d400d8
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb73d52852 5 bytes {JMP 0xfffffffffffed888}
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb73d52898 5 bytes JMP 000007fc73d40180
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb73d570e0 6 bytes JMP 000007fc73d40148
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb73d573fc 5 bytes JMP 000007fc73d40110
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb743cc5b0 7 bytes JMP 000007fc73d403e8
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb743d7160 5 bytes JMP 000007fc73d403b0
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb750210b0 8 bytes JMP 000007fc73d401f0
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb750311b0 8 bytes JMP 000007fc73d401b8
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fb718b6d10 5 bytes JMP 000007fc718a0110
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fb718bd060 5 bytes JMP 000007fc718a00d8
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007fb74bf2100 5 bytes JMP 000007fc73d40228
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fb74c05d4c 7 bytes JMP 000007fc73d40260
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\dwm.exe[1012] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2448] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2448] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2448] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\taskhostex.exe[1624] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\taskhostex.exe[1624] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\taskhostex.exe[1624] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\Explorer.EXE[2820] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\Explorer.EXE[2820] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\Explorer.EXE[2820] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[1964] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[1964] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[1964] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3088] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\igfxext.exe[3120] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\igfxext.exe[3120] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\igfxext.exe[3120] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3912] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3964] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3964] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3964] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3996] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb752c177a 4 bytes [2C, 75, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3996] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb752c1782 4 bytes [2C, 75, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3996] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3996] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3996] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4064] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4064] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4064] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4080] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\Apoint.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb752c177a 4 bytes [2C, 75, FB, 07]
.text C:\Program Files\Apoint2K\Apoint.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb752c1782 4 bytes [2C, 75, FB, 07]
.text C:\Program Files\Apoint2K\Apoint.exe[852] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\Apoint.exe[852] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\Apoint.exe[852] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text c:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1292] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text c:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1292] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text c:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1292] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1100] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1100] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1100] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1100] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb668a1b32 4 bytes [8A, 66, FB, 07]
.text c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1100] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb668a1b3a 4 bytes [8A, 66, FB, 07]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[3540] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 306 000007fb752c177a 4 bytes [2C, 75, FB, 07]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[3540] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 314 000007fb752c1782 4 bytes [2C, 75, FB, 07]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[3540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[3540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[3540] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\HidFind.exe[1136] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\HidFind.exe[1136] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\HidFind.exe[1136] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\Apntex.exe[2616] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\Apntex.exe[2616] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Apoint2K\Apntex.exe[2616] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\conhost.exe[2724] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\conhost.exe[2724] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\conhost.exe[2724] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Dolby PCEE4\pcee4.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Dolby PCEE4\pcee4.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Dolby PCEE4\pcee4.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4472] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb752c177a 4 bytes [2C, 75, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4472] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb752c1782 4 bytes [2C, 75, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4920] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4920] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4920] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[2980] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[2980] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[2980] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4972] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4972] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4972] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4200] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4200] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4200] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4208] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4208] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4208] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4208] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb752c177a 4 bytes [2C, 75, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4208] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb752c1782 4 bytes [2C, 75, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\NvTray.exe[3860] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\NvTray.exe[3860] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\NvTray.exe[3860] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\conhost.exe[5340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb71751532 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\conhost.exe[5340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb7175153a 4 bytes [75, 71, FB, 07]
.text C:\Windows\system32\conhost.exe[5340] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb7175165a 4 bytes [75, 71, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [652:3768] fffff960009605e8
Thread C:\Windows\system32\svchost.exe [1396:2384] 000007fb6c751544
Thread C:\Windows\system32\svchost.exe [1396:2388] 000007fb6c1155dc
Thread C:\Windows\system32\svchost.exe [1396:1776] 000007fb6ca04910
Thread C:\Windows\system32\svchost.exe [1396:1448] 000007fb6ca01044
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
26.05.2013, 22:02
| #14 |
| /// TB-Ausbilder | Verseuchter Laptop Windows 8 64 bit version Also von Verseuchung sehe ich da im Moment nichts, nur von McAfee Überresten ist da was. Hattest du mal ein McAfee Produkt installiert? Wenn ja bitte hier mit die Reste beseitigen, dann entferne ich den Rest http://download.mcafee.com/products/...tches/MCPR.exe Danach: Bitte neues FRST-Logfile.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
26.05.2013, 22:15
| #15 |
| | Verseuchter Laptop Windows 8 64 bit version Jein, war beim Betriebssystem schon damals mit dabei habs gegen Kaspersky getauscht. So das Deinstallationsprogramm habe ich gedownloadet und laufen lassen, müsste jetzt alles entfernt sein. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-05-2013 03
Ran by dennis (administrator) on 26-05-2013 23:16:49
Running from C:\Users\dennis\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Qualcomm Atheros) c:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Farbar) C:\Users\dennis\Desktop\FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [650648 2012-07-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [64640 2012-07-31] ()
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKLM-x32\...\Run: [BakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] [x]
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe" [25608 2012-12-20] (Kaspersky Lab ZAO)
HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [x]
HKU\UpdatusUser.000\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [x]
HKU\UpdatusUser.002\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [x]
HKU\UpdatusUser.003\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [x]
HKU\UpdatusUser.004\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [x]
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU SearchScopes: DefaultScope {595B4868-2D76-4051-944A-279993CBA921} URL =
SearchScopes: HKCU - {595B4868-2D76-4051-944A-279993CBA921} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FireFox:
========
FF ProfilePath: C:\Users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\21i214iw.default
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
==================== Services (Whitelisted) =================
S2 0230311369586906mcinstcleanup; C:\Windows\TEMP\023031~1.EXE [833616 2013-01-30] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-04] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
==================== Drivers (Whitelisted) ====================
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [612696 2012-11-02] (Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [48472 2012-10-23] (Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
R3 L1C; C:\Windows\system32\DRIVERS\L1C63x64.sys [110744 2012-06-21] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-04] (Dritek System Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-27 04:36 - 2013-05-27 04:36 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-05-27 04:36 - 2013-05-27 04:36 - 00000000 ____D C:\Windows.old
2013-05-27 04:12 - 2013-05-27 04:13 - 00000000 ___HD C:\$SysReset
2013-05-26 23:12 - 2013-05-26 23:12 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-05-26 23:12 - 2013-05-26 23:12 - 00000000 ____D C:\Windows\System32\NV
2013-05-26 23:03 - 2013-05-26 23:04 - 03191888 ____A (McAfee, Inc.) C:\Users\dennis\Downloads\MCPR.exe
2013-05-26 22:44 - 2013-05-26 22:44 - 00021612 ____A C:\Users\dennis\Desktop\Gmerlog.log
2013-05-26 22:42 - 2013-05-26 22:42 - 00001073 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-05-26 22:42 - 2013-05-26 22:42 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Malwarebytes
2013-05-26 22:42 - 2013-05-26 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-26 22:42 - 2013-05-26 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-26 22:42 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-26 22:40 - 2013-05-26 22:40 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\dennis\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-26 22:32 - 2013-05-26 22:32 - 00000000 ____A C:\Users\dennis\defogger_reenable
2013-05-26 22:30 - 2013-05-26 22:30 - 00000020 ___SH C:\Users\UpdatusUser.DENNIS\ntuser.ini
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Vorlagen
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Startmenü
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Netzwerkumgebung
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Lokale Einstellungen
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Eigene Dateien
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Druckumgebung
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Documents\Eigene Musik
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Documents\Eigene Bilder
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\AppData\Local\Verlauf
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\AppData\Local\Anwendungsdaten
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Anwendungsdaten
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 ____D C:\users\UpdatusUser.DENNIS
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-05-26 22:29 - 2013-05-26 22:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-26 22:28 - 2013-03-15 06:16 - 06398240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-05-26 22:28 - 2013-03-15 06:16 - 03477280 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-05-26 22:28 - 2013-03-15 06:16 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-05-26 22:28 - 2013-03-15 06:16 - 01016096 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2013-05-26 22:28 - 2013-03-15 06:16 - 00877856 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-05-26 22:28 - 2013-03-15 06:16 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-05-26 22:28 - 2013-03-15 06:16 - 00076064 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2013-05-26 22:28 - 2013-03-15 06:16 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-05-26 22:28 - 2013-03-13 18:24 - 03065455 ____A C:\Windows\System32\nvcoproc.bin
2013-05-26 22:27 - 2013-05-26 23:01 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-05-26 22:26 - 2013-05-26 22:27 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-05-26 22:26 - 2013-05-26 22:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-05-26 22:18 - 2013-05-26 22:19 - 00281248 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-26 22:17 - 2013-05-26 22:17 - 02365840 ____A C:\Users\dennis\Downloads\SecurityTaskManager_Setup.exe
2013-05-26 22:15 - 2013-03-15 07:53 - 26956576 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 25256736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 20542752 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 17990800 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 15508512 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 15042928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 13088000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 11048736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-05-26 22:15 - 2013-03-15 07:53 - 09414456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 07959000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 07573816 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 06271872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 02913056 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 02864144 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 02728736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 02539128 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 02355488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 01995552 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 01807136 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6431422.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6431422.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 01118776 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 00968408 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 00250504 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 00205184 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-05-26 22:15 - 2013-03-15 07:53 - 00030496 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2013-05-26 22:15 - 2013-03-15 07:53 - 00017738 ____A C:\Windows\System32\nvinfo.pb
2013-05-26 21:50 - 2013-05-07 22:07 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-26 21:50 - 2013-05-07 22:07 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-26 21:44 - 2013-05-26 21:51 - 00000000 ___RD C:\Windows\BrowserChoice
2013-05-26 21:21 - 2013-05-26 21:22 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\dennis\Downloads\spybot-2.1.exe
2013-05-26 20:50 - 2013-05-03 16:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-26 20:49 - 2013-05-26 20:49 - 00000117 ____A C:\Windows\System32\netcfg-2419578.txt
2013-05-26 20:48 - 2013-05-26 20:48 - 00000117 ____A C:\Windows\System32\netcfg-2362562.txt
2013-05-26 20:48 - 2013-05-26 20:48 - 00000117 ____A C:\Windows\System32\netcfg-2362468.txt
2013-05-26 20:48 - 2013-05-26 20:48 - 00000117 ____A C:\Windows\System32\netcfg-2357921.txt
2013-05-26 20:46 - 2013-05-26 20:46 - 00000219 ____A C:\Users\dennis\Desktop\Counter-Strike Global Offensive.url
2013-05-26 20:19 - 2013-05-26 20:19 - 00000000 ____D C:\Encryption
2013-05-26 20:15 - 2013-05-26 23:13 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-26 20:12 - 2013-05-26 20:13 - 08531968 ____A C:\Users\dennis\Downloads\SteamInstall_German.msi
2013-05-26 20:11 - 2013-05-26 21:56 - 00000000 ____D C:\Users\dennis\AppData\Local\clear.fi
2013-05-26 20:10 - 2013-05-26 20:10 - 00000117 ____A C:\Windows\System32\netcfg-85265.txt
2013-05-26 20:08 - 2013-05-26 20:08 - 00000117 ____A C:\Windows\System32\netcfg-1030421.txt
2013-05-26 20:02 - 2013-05-26 20:02 - 00050145 ____A C:\Users\dennis\Downloads\FRST.txt
2013-05-26 20:01 - 2013-05-26 20:02 - 00012701 ____A C:\Users\dennis\Downloads\Addition.txt
2013-05-26 19:59 - 2013-05-26 19:59 - 00000000 ____D C:\FRST
2013-05-26 19:58 - 2013-05-26 19:59 - 01915176 ____A (Farbar) C:\Users\dennis\Desktop\FRST64.exe
2013-05-26 19:56 - 2013-05-26 19:56 - 00002220 ____A C:\Users\dennis\Desktop\Sicherer Zahlungsverkehr.lnk
2013-05-26 19:56 - 2013-05-26 19:55 - 00001082 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-05-26 19:55 - 2013-05-26 19:55 - 00000167 ____A C:\Windows\System32\netcfg-276171.txt
2013-05-26 19:55 - 2012-12-10 15:14 - 00098064 ____A (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2013-05-26 19:55 - 2012-12-10 15:14 - 00067344 ____A (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2013-05-26 19:55 - 2012-07-11 17:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll
2013-05-26 19:54 - 2013-05-26 23:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-26 19:54 - 2013-05-26 19:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-05-26 19:53 - 2012-11-02 15:48 - 00612696 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2013-05-26 19:53 - 2012-11-02 15:48 - 00089944 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2013-05-26 19:52 - 2013-05-26 19:52 - 00000117 ____A C:\Windows\System32\netcfg-80171.txt
2013-05-26 19:50 - 2013-05-26 19:50 - 00000117 ____A C:\Windows\System32\netcfg-583093.txt
2013-05-26 19:48 - 2013-05-26 19:48 - 00000117 ____A C:\Windows\System32\netcfg-476375.txt
2013-05-26 19:38 - 2013-05-26 19:38 - 00000117 ____A C:\Windows\System32\netcfg-3715921.txt
2013-05-26 19:37 - 2013-05-26 19:39 - 00000000 ___HD C:\kleaner.tmp
2013-05-26 19:33 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-26 19:33 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-26 19:33 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-26 19:33 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-26 19:33 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-26 19:33 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-26 19:33 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-26 19:33 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-26 19:33 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-26 19:33 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-26 19:33 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-26 19:33 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-26 19:33 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-26 19:33 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-26 19:33 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-26 19:33 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-26 19:33 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-26 19:33 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-26 19:33 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-26 19:33 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-26 19:33 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-26 19:33 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-26 19:33 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-26 19:33 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-26 19:33 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-26 19:33 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-26 19:33 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-26 19:33 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-26 19:33 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-26 19:33 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-26 19:33 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-26 19:33 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-26 19:33 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-26 19:33 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-26 19:33 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-26 19:33 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-26 19:33 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-26 19:33 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-26 19:33 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-26 19:33 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-26 19:33 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-26 19:33 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-26 19:33 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-26 19:33 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-26 19:33 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-26 19:33 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-26 19:33 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-26 19:33 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-26 19:33 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-26 19:33 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-26 19:33 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-26 19:32 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-26 19:32 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-26 19:32 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-26 19:32 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-26 19:32 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-26 19:32 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-26 19:32 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-26 19:32 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-26 19:32 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-26 19:32 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-26 19:31 - 2012-04-20 16:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2013-05-26 19:30 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-26 19:30 - 2013-04-10 01:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-26 19:30 - 2013-04-10 01:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-05-26 19:30 - 2013-04-10 01:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-26 19:30 - 2013-04-10 00:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-26 19:30 - 2013-04-10 00:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-26 19:30 - 2013-04-10 00:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-26 19:29 - 2013-04-10 01:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-26 19:29 - 2013-04-10 01:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-26 19:29 - 2013-04-10 01:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-26 19:29 - 2013-04-10 01:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-26 19:29 - 2013-04-10 01:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-26 19:29 - 2013-04-10 01:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-26 19:29 - 2013-04-10 01:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-26 19:29 - 2013-04-10 00:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-26 19:29 - 2013-04-10 00:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-26 19:29 - 2013-04-10 00:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-26 19:29 - 2013-04-10 00:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-26 19:29 - 2013-04-10 00:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-26 19:27 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-26 19:27 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-26 19:25 - 2013-03-02 13:02 - 00058288 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-05-26 19:25 - 2013-03-02 12:57 - 00332520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-05-26 19:25 - 2013-03-02 10:24 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-05-26 19:25 - 2013-03-02 10:23 - 01338880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00893952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00601088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00504320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00356352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00246784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00100864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-05-26 19:25 - 2013-03-02 10:23 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-05-26 19:25 - 2013-03-02 10:22 - 05091840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-26 19:25 - 2013-03-02 10:22 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-05-26 19:25 - 2013-03-02 10:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-05-26 19:25 - 2013-03-02 10:21 - 00550912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-05-26 19:25 - 2013-03-02 10:21 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-05-26 19:25 - 2013-03-02 10:21 - 00145408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-05-26 19:25 - 2013-03-02 10:21 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 03240448 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 01627648 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 01161728 ____A (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 01149952 ____A (Microsoft Corporation) C:\Windows\System32\winmde.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 01101824 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00951808 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00645120 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\usbmon.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00171008 ____A (Microsoft Corporation) C:\Windows\System32\TimeBrokerServer.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00077824 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-05-26 19:25 - 2013-03-02 04:45 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\taskhostex.exe
2013-05-26 19:25 - 2013-03-02 04:45 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\WSDPrintProxy.DLL
2013-05-26 19:25 - 2013-03-02 04:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-05-26 19:25 - 2013-03-02 04:45 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-05-26 19:25 - 2013-03-02 04:44 - 05978624 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-26 19:25 - 2013-03-02 04:44 - 01048576 ____A (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2013-05-26 19:25 - 2013-03-02 04:44 - 00703488 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll
2013-05-26 19:25 - 2013-03-02 04:44 - 00455168 ____A (Microsoft Corporation) C:\Windows\System32\netcfgx.dll
2013-05-26 19:25 - 2013-03-02 04:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSync.dll
2013-05-26 19:25 - 2013-03-02 04:44 - 00150016 ____A (Microsoft Corporation) C:\Windows\System32\discan.dll
2013-05-26 19:25 - 2013-03-02 04:44 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSyncInfo.dll
2013-05-26 19:25 - 2013-03-02 04:44 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\NdisImPlatform.dll
2013-05-26 19:25 - 2013-03-02 04:44 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
2013-05-26 19:25 - 2013-03-02 04:43 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-05-26 19:25 - 2013-03-02 04:43 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-05-26 19:25 - 2013-03-02 04:43 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\powercfg.cpl
2013-05-26 19:24 - 2013-05-26 23:08 - 00000000 ____D C:\Users\dennis\AppData\Local\CrashDumps
2013-05-26 19:24 - 2013-03-02 12:57 - 00337128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-05-26 19:24 - 2013-03-02 12:57 - 00077544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
2013-05-26 19:24 - 2013-03-02 12:45 - 00194792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2013-05-26 19:24 - 2013-03-02 12:45 - 00148712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2013-05-26 19:24 - 2013-03-02 12:45 - 00125160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2013-05-26 19:24 - 2013-03-02 12:39 - 00495336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2013-05-26 19:24 - 2013-03-02 12:39 - 00327912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2013-05-26 19:24 - 2013-03-02 12:39 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-05-26 19:24 - 2013-03-02 11:59 - 02231528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-26 19:24 - 2013-03-02 11:59 - 00411880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-05-26 19:24 - 2013-03-02 04:45 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\fsquirt.exe
2013-05-26 19:24 - 2013-03-02 04:15 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2013-05-26 19:24 - 2013-03-01 06:56 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2013-05-26 19:24 - 2013-03-01 06:56 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2013-05-26 19:24 - 2013-03-01 06:55 - 01175040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-05-26 19:21 - 2013-05-26 19:21 - 00000246 ____A C:\Users\dennis\Downloads\defogger_enable.log
2013-05-26 19:20 - 2013-05-26 19:21 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Mozilla
2013-05-26 19:20 - 2013-05-26 19:20 - 00000000 ____D C:\Users\dennis\AppData\Local\Mozilla
2013-05-26 19:18 - 2013-05-26 19:18 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 19:18 - 2013-02-21 12:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-26 19:18 - 2013-02-21 12:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-26 19:18 - 2013-02-21 12:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-26 19:18 - 2013-02-21 12:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-26 19:18 - 2013-02-21 12:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-26 19:18 - 2013-02-21 12:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-26 19:18 - 2013-02-19 11:53 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-05-26 19:17 - 2013-05-26 19:17 - 21151576 ____A (Mozilla) C:\Users\dennis\Downloads\Firefox Setup 21.0 (1).exe
2013-05-26 19:17 - 2013-05-26 19:17 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Macromedia
2013-05-26 19:17 - 2013-02-02 07:41 - 01437184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-05-26 19:17 - 2013-02-02 07:31 - 01690624 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2013-05-26 19:16 - 2013-02-07 03:33 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-05-26 19:15 - 2013-02-02 13:19 - 00496872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-05-26 19:15 - 2013-02-02 13:19 - 00446184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-05-26 19:15 - 2013-02-02 13:19 - 00061672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2013-05-26 19:15 - 2013-02-02 12:54 - 01933544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-26 19:15 - 2013-02-02 12:28 - 00993512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-05-26 19:15 - 2013-02-02 10:40 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-05-26 19:15 - 2013-02-02 10:40 - 00370688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-05-26 19:15 - 2013-02-02 10:40 - 00197632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-05-26 19:15 - 2013-02-02 10:40 - 00155136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-05-26 19:15 - 2013-02-02 10:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-05-26 19:15 - 2013-02-02 10:40 - 00079360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-05-26 19:15 - 2013-02-02 10:39 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-05-26 19:15 - 2013-02-02 10:39 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-05-26 19:15 - 2013-02-02 10:39 - 00055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-05-26 19:15 - 2013-02-02 10:39 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-05-26 19:15 - 2013-02-02 10:39 - 00015872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-05-26 19:15 - 2013-02-02 10:39 - 00012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-05-26 19:15 - 2013-02-02 10:38 - 00567808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-05-26 19:15 - 2013-02-02 10:24 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\taskkill.exe
2013-05-26 19:15 - 2013-02-02 10:24 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\tasklist.exe
2013-05-26 19:15 - 2013-02-02 10:23 - 00731648 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-05-26 19:15 - 2013-02-02 10:23 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2013-05-26 19:15 - 2013-02-02 10:23 - 00543232 ____A (Microsoft Corporation) C:\Windows\System32\wlroamextension.dll
2013-05-26 19:15 - 2013-02-02 10:23 - 00475136 ____A (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll
2013-05-26 19:15 - 2013-02-02 10:23 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-05-26 19:15 - 2013-02-02 10:23 - 00228352 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2013-05-26 19:15 - 2013-02-02 10:23 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\wersvc.dll
2013-05-26 19:15 - 2013-02-02 10:21 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-05-26 19:15 - 2013-02-02 10:21 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-05-26 19:15 - 2013-02-02 10:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\mbsmsapi.dll
2013-05-26 19:15 - 2013-02-02 10:20 - 00729600 ____A (Microsoft Corporation) C:\Windows\System32\duser.dll
2013-05-26 19:15 - 2013-02-02 10:20 - 00260096 ____A (Microsoft Corporation) C:\Windows\System32\hotspotauth.dll
2013-05-26 19:15 - 2013-02-02 09:25 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2013-05-26 19:15 - 2013-02-02 09:25 - 00037632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2013-05-26 19:14 - 2013-02-12 03:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-05-26 19:14 - 2013-02-12 02:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-05-26 19:13 - 2013-05-26 22:45 - 01618052 ____A C:\Windows\WindowsUpdate.log
2013-05-26 19:13 - 2013-05-26 19:13 - 00000117 ____A C:\Windows\System32\netcfg-2186703.txt
2013-05-26 19:13 - 2013-05-26 19:13 - 00000117 ____A C:\Windows\System32\netcfg-2186203.txt
2013-05-26 19:13 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-26 19:13 - 2013-02-12 02:17 - 00020992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-26 19:12 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-26 19:12 - 2013-03-02 10:23 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-05-26 19:12 - 2013-03-02 04:44 - 01011200 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2013-05-26 19:12 - 2013-02-06 00:29 - 00370688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-05-26 19:12 - 2013-02-06 00:28 - 00215552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-05-26 19:11 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-26 19:11 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-26 19:11 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-26 19:11 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-26 19:11 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-26 19:11 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-26 19:10 - 2013-01-10 03:53 - 00028904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msgpiowin32.sys
2013-05-26 19:10 - 2013-01-10 03:40 - 00303848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-26 19:10 - 2013-01-10 03:29 - 00785504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-26 19:10 - 2013-01-10 03:29 - 00091880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-05-26 19:10 - 2013-01-10 01:26 - 01752064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2013-05-26 19:10 - 2013-01-10 01:26 - 01611776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2013-05-26 19:10 - 2013-01-10 01:26 - 00890880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-05-26 19:10 - 2013-01-10 01:26 - 00436736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2013-05-26 19:10 - 2013-01-10 01:26 - 00261120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2013-05-26 19:10 - 2013-01-10 01:26 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
2013-05-26 19:10 - 2013-01-10 01:26 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-05-26 19:10 - 2013-01-10 01:23 - 02094592 ____A (Microsoft Corporation) C:\Windows\System32\mmc.exe
2013-05-26 19:10 - 2013-01-10 01:23 - 01964544 ____A (Microsoft Corporation) C:\Windows\System32\wlidsvc.dll
2013-05-26 19:10 - 2013-01-10 01:23 - 01886208 ____A (Microsoft Corporation) C:\Windows\System32\setupapi.dll
2013-05-26 19:10 - 2013-01-10 01:23 - 00728064 ____A (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2013-05-26 19:10 - 2013-01-10 01:23 - 00406016 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2013-05-26 19:10 - 2013-01-10 01:23 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\WSDMon.dll
2013-05-26 19:10 - 2013-01-10 01:23 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\wiaacmgr.exe
2013-05-26 19:10 - 2013-01-10 01:22 - 01120768 ____A (Microsoft Corporation) C:\Windows\System32\msctf.dll
2013-05-26 19:10 - 2013-01-10 01:22 - 00894464 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-05-26 19:10 - 2013-01-10 01:22 - 00666112 ____A (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL
2013-05-26 19:10 - 2013-01-10 01:22 - 00438272 ____A (Microsoft Corporation) C:\Windows\System32\lsm.dll
2013-05-26 19:10 - 2013-01-10 01:22 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\inetpp.dll
2013-05-26 19:10 - 2013-01-09 05:59 - 00341504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
2013-05-26 19:10 - 2013-01-09 05:59 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2013-05-26 19:10 - 2013-01-09 05:58 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2013-05-26 19:10 - 2012-11-02 07:19 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\ncbservice.dll
2013-05-26 19:10 - 2012-11-02 07:18 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\httpprxm.dll
2013-05-26 19:10 - 2012-11-02 07:18 - 00062464 ____A (Microsoft Corporation) C:\Windows\System32\adhsvc.dll
2013-05-26 19:10 - 2012-11-02 07:18 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\adhapi.dll
2013-05-26 19:10 - 2012-11-02 07:18 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\httpprxp.dll
2013-05-26 19:10 - 2012-11-02 07:18 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\keepaliveprovider.dll
2013-05-26 19:09 - 2013-01-04 07:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-26 19:09 - 2013-01-04 06:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-26 19:09 - 2012-12-15 06:55 - 00443392 ____A (Microsoft Corporation) C:\Windows\System32\ReAgent.dll
2013-05-26 19:07 - 2012-11-26 06:21 - 00071168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2013-05-26 19:07 - 2012-11-26 06:20 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll
2013-05-26 19:06 - 2012-11-27 05:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BtaMPM.sys
2013-05-26 19:06 - 2012-11-27 05:55 - 00029952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthhfHid.sys
2013-05-26 19:05 - 2013-01-29 03:57 - 00035232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2013-05-26 19:05 - 2013-01-29 01:08 - 00230904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2013-05-26 19:05 - 2012-11-20 06:56 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-05-26 19:05 - 2012-11-20 06:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidi2c.sys
2013-05-26 19:05 - 2012-11-03 07:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\sysreset.exe
2013-05-26 19:05 - 2012-11-03 07:25 - 00945152 ____A (Microsoft Corporation) C:\Windows\System32\resetengmig.dll
2013-05-26 19:04 - 2012-11-06 09:33 - 00522640 ____A (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2013-05-26 19:04 - 2012-11-06 07:00 - 00463768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2013-05-26 19:04 - 2012-11-06 06:20 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-05-26 19:04 - 2012-11-06 06:20 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\wuaext.dll
2013-05-26 19:04 - 2012-11-06 06:18 - 00267264 ____A (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2013-05-26 19:04 - 2012-11-06 06:00 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\wushareduxresources.dll
2013-05-26 19:04 - 2012-11-02 07:20 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-05-26 19:02 - 2012-10-24 05:25 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2013-05-26 19:02 - 2012-10-24 05:24 - 00405504 ____A (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2013-05-26 19:02 - 2012-10-24 05:24 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2013-05-26 19:02 - 2012-10-24 05:05 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2013-05-26 19:01 - 2012-11-10 06:23 - 00148480 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2013-05-26 19:01 - 2012-11-10 06:23 - 00132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-05-26 19:01 - 2012-11-10 06:22 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-05-26 19:01 - 2012-11-10 06:22 - 00126976 ____A (Microsoft Corporation) C:\Windows\System32\RDWebAI.dll
2013-05-26 19:01 - 2012-11-10 06:22 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\VmHostAI.dll
2013-05-26 19:01 - 2012-11-10 06:20 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\appserverai.dll
2013-05-26 19:00 - 2012-10-11 07:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2013-05-26 19:00 - 2012-10-11 07:44 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
2013-05-26 19:00 - 2012-10-11 07:06 - 00094208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2013-05-26 19:00 - 2012-10-11 07:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-05-26 18:58 - 2012-11-03 07:26 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-05-26 18:58 - 2012-11-03 07:26 - 00032256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2013-05-26 18:58 - 2012-11-03 07:24 - 00463872 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-05-26 18:58 - 2012-11-03 07:24 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-05-26 18:58 - 2012-11-03 07:24 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\dpnathlp.dll
2013-05-26 18:58 - 2012-11-03 07:24 - 00058880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2013-05-26 18:58 - 2012-11-03 07:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\dpnhupnp.dll
2013-05-26 18:58 - 2012-11-03 07:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\dpnhpast.dll
2013-05-26 18:58 - 2012-11-03 07:24 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2013-05-26 18:58 - 2012-11-03 07:24 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2013-05-26 18:58 - 2012-11-03 07:04 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dpnlobby.dll
2013-05-26 18:58 - 2012-11-03 07:04 - 00003584 ____A (Microsoft Corporation) C:\Windows\System32\dpnaddr.dll
2013-05-26 18:58 - 2012-11-03 07:00 - 00003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2013-05-26 18:58 - 2012-11-03 07:00 - 00002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-05-26 18:56 - 2012-08-31 02:53 - 00017888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2013-05-26 18:56 - 2012-08-31 02:52 - 00017888 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100_clr0400.dll
2013-05-26 18:54 - 2012-10-24 05:25 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\ReAgentc.exe
2013-05-26 18:54 - 2012-10-24 04:48 - 00024064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-05-26 18:54 - 2012-10-06 06:53 - 02893824 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-26 18:54 - 2012-10-06 06:15 - 02400256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-26 18:53 - 2013-05-26 18:53 - 00000000 ____D C:\Users\dennis\AppData\Local\EgisTec IPS
2013-05-26 18:53 - 2012-11-08 06:20 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-26 18:53 - 2012-11-08 06:20 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-26 18:52 - 2012-11-01 06:41 - 01802240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-05-26 18:52 - 2012-11-01 06:41 - 01438720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-05-26 18:52 - 2012-11-01 06:40 - 02361344 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-05-26 18:52 - 2012-11-01 06:40 - 01836032 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-05-26 18:52 - 2012-11-01 06:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2013-05-26 18:52 - 2012-11-01 06:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-05-26 18:52 - 2012-11-01 06:20 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2013-05-26 18:52 - 2012-11-01 06:20 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-05-26 18:49 - 2012-09-20 08:33 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\fhmanagew.exe
2013-05-26 18:49 - 2012-09-20 08:31 - 00315392 ____A (Microsoft Corporation) C:\Windows\System32\fhcfg.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00280576 ____A (Microsoft Corporation) C:\Windows\System32\fhcat.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00137728 ____A (Microsoft Corporation) C:\Windows\System32\fhshl.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00116736 ____A (Microsoft Corporation) C:\Windows\System32\fhsvc.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\fhsrchapi.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fhevents.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\fhsrchph.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\fhlisten.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\fhautoplay.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\fhcleanup.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\fhtask.dll
2013-05-26 18:49 - 2012-09-20 08:31 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\fhsvcctl.dll
2013-05-26 18:48 - 2013-05-26 18:48 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Atheros
2013-05-26 18:48 - 2012-09-20 08:32 - 00356352 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-05-26 18:48 - 2012-09-20 08:32 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-05-26 18:47 - 2012-09-20 08:33 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\ndptsp.tsp
2013-05-26 18:47 - 2012-09-20 08:33 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\kmddsp.tsp
2013-05-26 18:47 - 2012-09-20 08:32 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\rascfg.dll
2013-05-26 18:47 - 2012-09-20 08:32 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\rasdiag.dll
2013-05-26 18:47 - 2012-09-20 08:32 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\rasmxs.dll
2013-05-26 18:47 - 2012-09-20 08:32 - 00029696 ____A (Microsoft Corporation) C:\Windows\System32\rasser.dll
2013-05-26 18:47 - 2012-09-20 08:32 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2013-05-26 18:47 - 2012-09-20 08:32 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2013-05-26 18:47 - 2012-09-20 08:32 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2013-05-26 18:47 - 2012-09-20 08:12 - 09374208 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-05-26 18:47 - 2012-09-20 08:09 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2013-05-26 18:47 - 2012-09-20 07:55 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2013-05-26 18:47 - 2012-09-20 07:55 - 00038912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2013-05-26 18:47 - 2012-09-20 07:54 - 00108544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2013-05-26 18:47 - 2012-09-20 07:54 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2013-05-26 18:47 - 2012-09-20 07:54 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2013-05-26 18:47 - 2012-09-20 07:54 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2013-05-26 18:47 - 2012-09-20 07:32 - 09374208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-05-26 18:46 - 2013-05-26 18:46 - 00002609 ____A C:\Users\Public\Desktop\eBay.lnk
2013-05-26 18:46 - 2013-05-26 18:46 - 00000000 ____D C:\Program Files (x86)\OEM
2013-05-26 18:46 - 2012-09-20 07:54 - 00009216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2013-05-26 18:46 - 2012-09-20 07:54 - 00004608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2013-05-26 18:46 - 2012-09-20 07:54 - 00004608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Users\dennis\AppData\Roaming\lm
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Adobe
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Program Files\Preload
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Program Files\Accessory Store
2013-05-26 18:45 - 2012-09-20 09:55 - 00488168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-05-26 18:45 - 2012-09-20 09:55 - 00212200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-05-26 18:45 - 2012-09-20 09:55 - 00079080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-05-26 18:45 - 2012-09-20 09:55 - 00021736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-05-26 18:45 - 2012-09-20 08:09 - 00032256 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-05-26 18:43 - 2013-05-26 18:43 - 00000020 ___SH C:\Users\dennis\ntuser.ini
2013-05-26 18:43 - 2013-05-26 18:43 - 00000000 ____D C:\Users\dennis\AppData\Local\VirtualStore
2013-05-26 18:42 - 2012-12-16 10:28 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-05-26 18:42 - 2012-12-16 10:20 - 00035328 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-05-26 18:42 - 2012-12-16 10:08 - 00362496 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-05-26 18:42 - 2012-12-16 09:57 - 00300032 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-05-26 18:42 - 2012-11-08 06:24 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-05-26 18:42 - 2012-11-08 06:24 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-05-26 18:42 - 2012-11-08 06:20 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-05-26 18:42 - 2012-11-08 06:20 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-05-26 18:42 - 2012-11-08 06:02 - 00003072 ____A (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-05-26 18:42 - 2012-11-08 06:01 - 00003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-05-26 18:40 - 2012-10-10 09:04 - 00094208 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-05-26 18:40 - 2012-10-10 08:31 - 00072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-05-26 18:38 - 2013-05-26 22:32 - 00000000 ____D C:\users\dennis
2013-05-26 18:38 - 2013-05-26 18:39 - 00043818 ____A C:\Windows\diagwrn.xml
2013-05-26 18:38 - 2013-05-26 18:39 - 00043818 ____A C:\Windows\diagerr.xml
2013-05-26 18:38 - 2013-05-26 18:39 - 00000000 ____D C:\users\UpdatusUser.004
2013-05-26 18:38 - 2013-05-26 18:39 - 00000000 ____D C:\users\UpdatusUser.003
2013-05-26 18:38 - 2013-05-26 18:39 - 00000000 ____D C:\users\UpdatusUser.002
2013-05-26 18:38 - 2013-05-26 18:38 - 00000117 ____A C:\Windows\System32\netcfg-87468.txt
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.000
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Startmenü
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Startmenü
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Dokumente
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-05-25 00:15 - 2013-05-25 00:19 - 165141856 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\kav13.0.1.4190de-de.exe
2013-05-25 00:15 - 2013-05-25 00:18 - 176212264 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\kis13.0.1.4190de-de.exe
2013-05-25 00:13 - 2013-05-25 00:17 - 188740896 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\pure13.0.2.558DE_4340.exe
2013-05-24 23:34 - 2013-05-24 23:34 - 00172052 ____A C:\Users\dennis\Documents\cc_20130524_233440.reg
2013-05-24 21:39 - 2013-05-24 21:39 - 00076252 ____A C:\Users\dennis\Downloads\Extras.Txt
2013-05-24 21:38 - 2013-05-24 21:38 - 00140104 ____A C:\Users\dennis\Downloads\OTL.Txt
2013-05-24 20:44 - 2013-05-26 23:10 - 00000184 ____A C:\Users\dennis\Downloads\defogger_disable.log
2013-05-24 20:20 - 2013-05-24 20:20 - 00050477 ____A C:\Users\dennis\Downloads\Defogger.exe
2013-05-24 20:18 - 2013-05-24 20:20 - 00602112 ____A (OldTimer Tools) C:\Users\dennis\Downloads\OTL.exe
2013-05-24 19:36 - 2013-05-24 19:36 - 00377856 ____A C:\Users\dennis\Downloads\gmer_2.1.19163.exe
2013-05-24 19:25 - 2013-05-24 19:25 - 00003344 ____A C:\{7BCD4120-C69E-4398-888E-C6C2B5425867}
2013-05-24 19:12 - 2013-05-24 19:22 - 12917756 ____A C:\Users\dennis\Downloads\mbar-1.05.0.1001.zip
2013-05-24 18:45 - 2013-05-24 18:45 - 01183936 ____A (Developer Tribe (Pvt) Ltd. ) C:\Users\dennis\Downloads\setup_rr.exe
2013-05-24 18:42 - 2013-05-24 18:42 - 00483809 ____A (Lars Hederer ) C:\Users\dennis\Downloads\ntregopt-setup.exe
2013-05-24 18:14 - 2013-05-24 18:15 - 165050896 ____N (Symantec Corporation) C:\Users\dennis\Downloads\NIS_20.3.1.22_SYMTB_TMD_MRFTT_620_9001.exe
2013-05-24 18:12 - 2013-05-24 18:12 - 00065893 ____A C:\Users\dennis\Downloads\antivir11_rootkit.zip
2013-05-24 18:00 - 2013-05-24 18:00 - 02140631 ____A C:\Users\dennis\Downloads\SharePod_3.99.zip
2013-05-24 17:52 - 2013-05-24 17:53 - 01339288 ____A C:\Users\dennis\Downloads\sar_15_sfx.exe
2013-05-23 18:46 - 2013-05-23 18:46 - 00000000 ____D C:\Users\dennis\Desktop\RetroshARE
2013-05-20 23:44 - 2013-05-23 21:59 - 00000000 ____D C:\Users\dennis\Desktop\Musik
2013-05-20 18:17 - 2013-05-23 21:49 - 00000000 ____D C:\Users\dennis\Desktop\Best of Summer
2013-05-17 03:33 - 2013-05-17 03:33 - 21151576 ____A (Mozilla) C:\Users\dennis\Downloads\Firefox Setup 21.0.exe
2013-05-17 00:35 - 2013-05-17 00:35 - 04346816 ____A (Piriform Ltd) C:\Users\dennis\Downloads\ccsetup401.exe
2013-05-16 21:33 - 2013-05-16 21:34 - 00081536 ____A (Conduit) C:\ministub.exe
2013-05-16 21:25 - 2013-05-16 21:42 - 00000009 ____A C:\END
2013-05-16 10:42 - 2013-05-16 10:42 - 03389035 ____A C:\Users\dennis\Downloads\eMule0.50a-Installer.exe
2013-05-16 00:44 - 2013-05-16 00:44 - 00804552 ____A (Koyote-Lab Inc.) C:\Users\dennis\Downloads\FreeFLVConverter75Setup.exe
2013-05-16 00:30 - 2013-05-16 01:27 - 00000000 ____D C:\Users\dennis\dwhelper
2013-05-15 01:14 - 2013-05-15 01:14 - 07757362 ____A C:\Users\dennis\Downloads\DIR-300_fw_revb_214b01_ALL_de_20130206.zip
2013-05-15 01:14 - 2013-05-15 01:14 - 02501599 ____A C:\Users\dennis\Downloads\DIR-300_fw_reva_106b02_ALL_de_20130411.zip
2013-05-15 01:11 - 2013-05-15 01:11 - 00001908 ____A C:\Users\dennis\Downloads\config.bin
==================== One Month Modified Files and Folders =======
2013-05-27 04:36 - 2013-05-27 04:36 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-05-27 04:36 - 2013-05-27 04:36 - 00000000 ____D C:\Windows.old
2013-05-27 04:36 - 2012-07-26 10:13 - 00262144 ____A C:\Windows\System32\config\BCD-Template
2013-05-27 04:13 - 2013-05-27 04:12 - 00000000 ___HD C:\$SysReset
2013-05-26 23:14 - 2013-05-26 19:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-26 23:13 - 2013-05-26 20:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-26 23:12 - 2013-05-26 23:12 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-05-26 23:12 - 2013-05-26 23:12 - 00000000 ____D C:\Windows\System32\NV
2013-05-26 23:12 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 23:11 - 2012-08-02 13:15 - 00118958 ____A C:\Windows\PFRO.log
2013-05-26 23:10 - 2013-05-24 20:44 - 00000184 ____A C:\Users\dennis\Downloads\defogger_disable.log
2013-05-26 23:08 - 2013-05-26 19:24 - 00000000 ____D C:\Users\dennis\AppData\Local\CrashDumps
2013-05-26 23:04 - 2013-05-26 23:03 - 03191888 ____A (McAfee, Inc.) C:\Users\dennis\Downloads\MCPR.exe
2013-05-26 23:01 - 2013-05-26 22:27 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-05-26 23:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-05-26 22:45 - 2013-05-26 19:13 - 01618052 ____A C:\Windows\WindowsUpdate.log
2013-05-26 22:44 - 2013-05-26 22:44 - 00021612 ____A C:\Users\dennis\Desktop\Gmerlog.log
2013-05-26 22:42 - 2013-05-26 22:42 - 00001073 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-05-26 22:42 - 2013-05-26 22:42 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Malwarebytes
2013-05-26 22:42 - 2013-05-26 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-26 22:42 - 2013-05-26 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-26 22:40 - 2013-05-26 22:40 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\dennis\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-26 22:35 - 2012-12-02 12:25 - 00000000 ___RD C:\Users\dennis\Desktop\Anwendungen
2013-05-26 22:32 - 2013-05-26 22:32 - 00000000 ____A C:\Users\dennis\defogger_reenable
2013-05-26 22:32 - 2013-05-26 18:38 - 00000000 ____D C:\users\dennis
2013-05-26 22:32 - 2012-09-05 07:00 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-05-26 22:32 - 2012-09-05 07:00 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-05-26 22:32 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-26 22:30 - 2013-05-26 22:30 - 00000020 ___SH C:\Users\UpdatusUser.DENNIS\ntuser.ini
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Vorlagen
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Startmenü
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Netzwerkumgebung
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Lokale Einstellungen
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Eigene Dateien
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Druckumgebung
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Documents\Eigene Musik
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Documents\Eigene Bilder
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\AppData\Local\Verlauf
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\AppData\Local\Anwendungsdaten
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 __SHD C:\Users\UpdatusUser.DENNIS\Anwendungsdaten
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 ____D C:\users\UpdatusUser.DENNIS
2013-05-26 22:30 - 2013-05-26 22:30 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-05-26 22:30 - 2013-05-26 22:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-26 22:30 - 2012-09-04 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-26 22:30 - 2012-09-04 21:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-05-26 22:28 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Help
2013-05-26 22:27 - 2013-05-26 22:26 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-05-26 22:26 - 2013-05-26 22:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-05-26 22:19 - 2013-05-26 22:18 - 00281248 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-26 22:17 - 2013-05-26 22:17 - 02365840 ____A C:\Users\dennis\Downloads\SecurityTaskManager_Setup.exe
2013-05-26 22:04 - 2012-12-20 00:52 - 00000000 ___RD C:\Users\dennis\Desktop\Sicherheit
2013-05-26 21:56 - 2013-05-26 20:11 - 00000000 ____D C:\Users\dennis\AppData\Local\clear.fi
2013-05-26 21:56 - 2012-08-02 13:35 - 00000000 ____D C:\Program Files (x86)\Acer
2013-05-26 21:56 - 2012-08-02 13:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-26 21:56 - 2012-08-02 13:29 - 00000000 ____D C:\ProgramData\WildTangent
2013-05-26 21:51 - 2013-05-26 21:44 - 00000000 ___RD C:\Windows\BrowserChoice
2013-05-26 21:51 - 2012-08-02 13:25 - 00000000 ____D C:\ProgramData\PRICache
2013-05-26 21:45 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-26 21:41 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\oobe
2013-05-26 21:38 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-26 21:37 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-26 21:36 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-26 21:36 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-05-26 21:22 - 2013-05-26 21:21 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\dennis\Downloads\spybot-2.1.exe
2013-05-26 20:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-05-26 20:50 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\NDF
2013-05-26 20:49 - 2013-05-26 20:49 - 00000117 ____A C:\Windows\System32\netcfg-2419578.txt
2013-05-26 20:48 - 2013-05-26 20:48 - 00000117 ____A C:\Windows\System32\netcfg-2362562.txt
2013-05-26 20:48 - 2013-05-26 20:48 - 00000117 ____A C:\Windows\System32\netcfg-2362468.txt
2013-05-26 20:48 - 2013-05-26 20:48 - 00000117 ____A C:\Windows\System32\netcfg-2357921.txt
2013-05-26 20:47 - 2012-11-30 23:38 - 00000219 ____A C:\Users\dennis\Desktop\Left 4 Dead 2.url
2013-05-26 20:46 - 2013-05-26 20:46 - 00000219 ____A C:\Users\dennis\Desktop\Counter-Strike Global Offensive.url
2013-05-26 20:19 - 2013-05-26 20:19 - 00000000 ____D C:\Encryption
2013-05-26 20:14 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\restore
2013-05-26 20:13 - 2013-05-26 20:12 - 08531968 ____A C:\Users\dennis\Downloads\SteamInstall_German.msi
2013-05-26 20:10 - 2013-05-26 20:10 - 00000117 ____A C:\Windows\System32\netcfg-85265.txt
2013-05-26 20:08 - 2013-05-26 20:08 - 00000117 ____A C:\Windows\System32\netcfg-1030421.txt
2013-05-26 20:02 - 2013-05-26 20:02 - 00050145 ____A C:\Users\dennis\Downloads\FRST.txt
2013-05-26 20:02 - 2013-05-26 20:01 - 00012701 ____A C:\Users\dennis\Downloads\Addition.txt
2013-05-26 19:59 - 2013-05-26 19:59 - 00000000 ____D C:\FRST
2013-05-26 19:59 - 2013-05-26 19:58 - 01915176 ____A (Farbar) C:\Users\dennis\Desktop\FRST64.exe
2013-05-26 19:56 - 2013-05-26 19:56 - 00002220 ____A C:\Users\dennis\Desktop\Sicherer Zahlungsverkehr.lnk
2013-05-26 19:55 - 2013-05-26 19:56 - 00001082 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-05-26 19:55 - 2013-05-26 19:55 - 00000167 ____A C:\Windows\System32\netcfg-276171.txt
2013-05-26 19:55 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-05-26 19:54 - 2013-05-26 19:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-05-26 19:54 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-05-26 19:52 - 2013-05-26 19:52 - 00000117 ____A C:\Windows\System32\netcfg-80171.txt
2013-05-26 19:50 - 2013-05-26 19:50 - 00000117 ____A C:\Windows\System32\netcfg-583093.txt
2013-05-26 19:50 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-05-26 19:48 - 2013-05-26 19:48 - 00000117 ____A C:\Windows\System32\netcfg-476375.txt
2013-05-26 19:39 - 2013-05-26 19:37 - 00000000 ___HD C:\kleaner.tmp
2013-05-26 19:38 - 2013-05-26 19:38 - 00000117 ____A C:\Windows\System32\netcfg-3715921.txt
2013-05-26 19:21 - 2013-05-26 19:21 - 00000246 ____A C:\Users\dennis\Downloads\defogger_enable.log
2013-05-26 19:21 - 2013-05-26 19:20 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Mozilla
2013-05-26 19:20 - 2013-05-26 19:20 - 00000000 ____D C:\Users\dennis\AppData\Local\Mozilla
2013-05-26 19:18 - 2013-05-26 19:18 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-26 19:18 - 2013-05-26 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 19:17 - 2013-05-26 19:17 - 21151576 ____A (Mozilla) C:\Users\dennis\Downloads\Firefox Setup 21.0 (1).exe
2013-05-26 19:17 - 2013-05-26 19:17 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Macromedia
2013-05-26 19:13 - 2013-05-26 19:13 - 00000117 ____A C:\Windows\System32\netcfg-2186703.txt
2013-05-26 19:13 - 2013-05-26 19:13 - 00000117 ____A C:\Windows\System32\netcfg-2186203.txt
2013-05-26 18:53 - 2013-05-26 18:53 - 00000000 ____D C:\Users\dennis\AppData\Local\EgisTec IPS
2013-05-26 18:53 - 2012-08-02 13:36 - 00000000 ____D C:\ProgramData\EgisTec IPS
2013-05-26 18:48 - 2013-05-26 18:48 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Atheros
2013-05-26 18:47 - 2012-08-02 14:09 - 00000000 ___HD C:\OEM
2013-05-26 18:46 - 2013-05-26 18:46 - 00002609 ____A C:\Users\Public\Desktop\eBay.lnk
2013-05-26 18:46 - 2013-05-26 18:46 - 00000000 ____D C:\Program Files (x86)\OEM
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Users\dennis\AppData\Roaming\lm
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Users\dennis\AppData\Roaming\Adobe
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Program Files\Preload
2013-05-26 18:45 - 2013-05-26 18:45 - 00000000 ____D C:\Program Files\Accessory Store
2013-05-26 18:45 - 2012-11-30 22:43 - 00000000 ____D C:\Users\dennis\AppData\Local\Packages
2013-05-26 18:45 - 2012-09-04 21:53 - 00000000 ____D C:\ProgramData\OEM
2013-05-26 18:43 - 2013-05-26 18:43 - 00000020 ___SH C:\Users\dennis\ntuser.ini
2013-05-26 18:43 - 2013-05-26 18:43 - 00000000 ____D C:\Users\dennis\AppData\Local\VirtualStore
2013-05-26 18:43 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-05-26 18:39 - 2013-05-26 18:38 - 00043818 ____A C:\Windows\diagwrn.xml
2013-05-26 18:39 - 2013-05-26 18:38 - 00043818 ____A C:\Windows\diagerr.xml
2013-05-26 18:39 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.004
2013-05-26 18:39 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.003
2013-05-26 18:39 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.002
2013-05-26 18:39 - 2013-03-27 22:37 - 00000000 ____D C:\Users\dennis\Desktop\Divx
2013-05-26 18:39 - 2012-12-02 12:29 - 00000000 ____D C:\Users\dennis\Desktop\Energiefachberater
2013-05-26 18:39 - 2012-07-26 10:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-26 18:39 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\Recovery
2013-05-26 18:39 - 2012-07-26 09:21 - 00034581 ____A C:\Windows\setupact.log
2013-05-26 18:39 - 2012-07-26 07:37 - 00000000 __RHD C:\users\Default
2013-05-26 18:38 - 2013-05-26 18:38 - 00000117 ____A C:\Windows\System32\netcfg-87468.txt
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.004\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.003\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.002\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\UpdatusUser.000\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Vorlagen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Startmenü
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Netzwerkumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Lokale Einstellungen
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Eigene Dateien
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Druckumgebung
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Documents\Eigene Musik
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Documents\Eigene Bilder
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\AppData\Local\Verlauf
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\AppData\Local\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 __SHD C:\Users\dennis\Anwendungsdaten
2013-05-26 18:38 - 2013-05-26 18:38 - 00000000 ____D C:\users\UpdatusUser.000
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Vorlagen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Startmenü
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Lokale Einstellungen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Eigene Dateien
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Druckumgebung
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\AppData\Local\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Users\Default\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Vorlagen
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Startmenü
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Dokumente
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\ProgramData\Anwendungsdaten
2013-05-26 18:37 - 2013-05-26 18:37 - 00000000 __SHD C:\Program Files\Gemeinsame Dateien
2013-05-25 00:19 - 2013-05-25 00:15 - 165141856 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\kav13.0.1.4190de-de.exe
2013-05-25 00:18 - 2013-05-25 00:15 - 176212264 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\kis13.0.1.4190de-de.exe
2013-05-25 00:17 - 2013-05-25 00:13 - 188740896 ____A (Kaspersky Lab) C:\Users\dennis\Downloads\pure13.0.2.558DE_4340.exe
2013-05-24 23:34 - 2013-05-24 23:34 - 00172052 ____A C:\Users\dennis\Documents\cc_20130524_233440.reg
2013-05-24 21:39 - 2013-05-24 21:39 - 00076252 ____A C:\Users\dennis\Downloads\Extras.Txt
2013-05-24 21:38 - 2013-05-24 21:38 - 00140104 ____A C:\Users\dennis\Downloads\OTL.Txt
2013-05-24 20:20 - 2013-05-24 20:20 - 00050477 ____A C:\Users\dennis\Downloads\Defogger.exe
2013-05-24 20:20 - 2013-05-24 20:18 - 00602112 ____A (OldTimer Tools) C:\Users\dennis\Downloads\OTL.exe
2013-05-24 19:36 - 2013-05-24 19:36 - 00377856 ____A C:\Users\dennis\Downloads\gmer_2.1.19163.exe
2013-05-24 19:25 - 2013-05-24 19:25 - 00003344 ____A C:\{7BCD4120-C69E-4398-888E-C6C2B5425867}
2013-05-24 19:22 - 2013-05-24 19:12 - 12917756 ____A C:\Users\dennis\Downloads\mbar-1.05.0.1001.zip
2013-05-24 18:45 - 2013-05-24 18:45 - 01183936 ____A (Developer Tribe (Pvt) Ltd. ) C:\Users\dennis\Downloads\setup_rr.exe
2013-05-24 18:42 - 2013-05-24 18:42 - 00483809 ____A (Lars Hederer ) C:\Users\dennis\Downloads\ntregopt-setup.exe
2013-05-24 18:15 - 2013-05-24 18:14 - 165050896 ____N (Symantec Corporation) C:\Users\dennis\Downloads\NIS_20.3.1.22_SYMTB_TMD_MRFTT_620_9001.exe
2013-05-24 18:12 - 2013-05-24 18:12 - 00065893 ____A C:\Users\dennis\Downloads\antivir11_rootkit.zip
2013-05-24 18:00 - 2013-05-24 18:00 - 02140631 ____A C:\Users\dennis\Downloads\SharePod_3.99.zip
2013-05-24 17:53 - 2013-05-24 17:52 - 01339288 ____A C:\Users\dennis\Downloads\sar_15_sfx.exe
2013-05-24 01:38 - 2013-02-11 21:34 - 00000000 ____D C:\Users\dennis\Desktop\11.02
2013-05-24 01:38 - 2013-02-10 20:11 - 00000000 ____D C:\Users\dennis\Desktop\Sandra
2013-05-24 01:38 - 2012-12-14 22:54 - 00000000 ____D C:\Users\dennis\Documents\Command and Conquer Generals Zero Hour Data
2013-05-23 21:59 - 2013-05-20 23:44 - 00000000 ____D C:\Users\dennis\Desktop\Musik
2013-05-23 21:49 - 2013-05-20 18:17 - 00000000 ____D C:\Users\dennis\Desktop\Best of Summer
2013-05-23 18:46 - 2013-05-23 18:46 - 00000000 ____D C:\Users\dennis\Desktop\RetroshARE
2013-05-17 03:33 - 2013-05-17 03:33 - 21151576 ____A (Mozilla) C:\Users\dennis\Downloads\Firefox Setup 21.0.exe
2013-05-17 00:35 - 2013-05-17 00:35 - 04346816 ____A (Piriform Ltd) C:\Users\dennis\Downloads\ccsetup401.exe
2013-05-16 21:42 - 2013-05-16 21:25 - 00000009 ____A C:\END
2013-05-16 21:34 - 2013-05-16 21:33 - 00081536 ____A (Conduit) C:\ministub.exe
2013-05-16 10:42 - 2013-05-16 10:42 - 03389035 ____A C:\Users\dennis\Downloads\eMule0.50a-Installer.exe
2013-05-16 01:27 - 2013-05-16 00:30 - 00000000 ____D C:\Users\dennis\dwhelper
2013-05-16 00:44 - 2013-05-16 00:44 - 00804552 ____A (Koyote-Lab Inc.) C:\Users\dennis\Downloads\FreeFLVConverter75Setup.exe
2013-05-15 01:14 - 2013-05-15 01:14 - 07757362 ____A C:\Users\dennis\Downloads\DIR-300_fw_revb_214b01_ALL_de_20130206.zip
2013-05-15 01:14 - 2013-05-15 01:14 - 02501599 ____A C:\Users\dennis\Downloads\DIR-300_fw_reva_106b02_ALL_de_20130411.zip
2013-05-15 01:11 - 2013-05-15 01:11 - 00001908 ____A C:\Users\dennis\Downloads\config.bin
2013-05-07 22:07 - 2013-05-26 21:50 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-07 22:07 - 2013-05-26 21:50 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-03 16:15 - 2013-05-26 20:50 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2012-07-26 01:55] - [2012-07-26 05:08] - 0516608 ____A (Microsoft Corporation) 93AB226C07A9789B2EC7B41F73602F76
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-07-26 02:00] - [2012-07-26 05:08] - 0030208 ____A (Microsoft Corporation) 57350BEDE3834915B6145B67C71C7BDA
C:\Windows\SysWOW64\svchost.exe
[2012-07-26 02:01] - [2012-07-26 05:20] - 0023040 ____A (Microsoft Corporation) 0A175AF8B65797BD22C11903A8BFEB2D
C:\Windows\System32\services.exe
[2012-07-26 07:26] - [2012-07-26 07:26] - 0410624 ____A (Microsoft Corporation) 754A2CC1F32107EA87CBD305ABE3E618
C:\Windows\System32\User32.dll
[2012-07-26 02:01] - [2012-07-26 05:07] - 1342464 ____A (Microsoft Corporation) 1D08594400EE1B500B93256795FE30AE
C:\Windows\SysWOW64\User32.dll
[2012-07-26 02:02] - [2012-07-26 02:02] - 1126912 ____A (Microsoft Corporation) 8A93F57772FD24959F76A65FF79D282D
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2012-08-02 13:15
==================== End Of Log ============================
|
|
| Themen zu Verseuchter Laptop Windows 8 64 bit version |
| aktive, autostart, benutzer, e-mail, entfernen, entfernung, gelöscht, gestartet, getarnt, hijack, hijackthis, kaspersky, laptop, log, netzwerk, norton, prozesse, rootkits, systeme, taskmanager, version, virenentfernung, windows, windows 8 64, windows 8 64 bit, wissen, zusätzlich |
