Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner - System bereits wiederhergestellt!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.07.2013, 16:15   #1
stammuser
 
GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



Hallo alle zusammen,

heute habe ich mir leider auch den GUV Trojaner eingefangen. Konnte mein System über "Samsung Recovery" wiederherstellen (quasi auf Werkseinstellung zurücksetzen).

Meine Festplatte hat zwei Partitionen: die Windows - und eine weitere Partition. Ich habe lediglich die Windowspartition zurückgesetzt, will jedoch sicher gehen, dass ich keinen weiteren Virus auf meinem Rechner habe.

Hier die logfiles die ihr anscheinend benötigt:

FIRST:
Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Rave (administrator) on 04-07-2013 17:05:12
Running from C:\Users\Rave\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(McAfee, Inc.) C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(McAfee, Inc.) c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\EasySpeedUpManager\ProgressDlg.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corp.) C:\Windows\system32\defrag.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\PROGRA~2\mcafee\msc\mcshell.exe
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\Core\mchost.exe
(Dropbox, Inc.) C:\Users\Rave\AppData\Roaming\Dropbox\bin\Dropbox.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\VIRUSS~1\mcvsshld.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [17412200 2010-05-05] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey [645328 2009-05-01] (McAfee, Inc.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [95848 2010-05-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [90216 2010-05-06] (NVIDIA Corporation)
Startup: C:\Users\Rave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
HKCU SearchScopes: DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Rave\AppData\Roaming\Mozilla\Firefox\Profiles\v86ins7n.default
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: No Name - C:\Users\Rave\AppData\Roaming\Mozilla\Firefox\Profiles\v86ins7n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

==================== Services (Whitelisted) =================

S2 0224541372948240mcinstcleanup; C:\Windows\TEMP\022454~1.EXE [828032 2012-06-14] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [110312 2009-12-08] (McAfee, Inc.)
R2 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [865832 2009-05-01] (McAfee, Inc.)
R2 McNASvc; c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe [2482848 2009-04-09] (McAfee, Inc.)
R3 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
R2 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [359952 2009-04-09] (McAfee, Inc.)
R2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [155456 2009-06-18] (McAfee, Inc.)
S4 McSysmon; C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [606736 2009-06-16] (McAfee, Inc.)
R2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-06-09] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files (x86)\McAfee\MSK\MskSrver.exe [26640 2009-04-09] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 17:05 - 2013-07-04 17:05 - 00000000 ____D C:\FRST
2013-07-04 17:04 - 2013-07-04 17:04 - 01934636 ____A (Farbar) C:\Users\Rave\Downloads\FRST64.exe
2013-07-04 16:56 - 2013-07-04 17:03 - 00000000 ___RD C:\Users\Rave\Dropbox
2013-07-04 16:56 - 2013-07-04 16:56 - 00001037 ____A C:\Users\Rave\Desktop\Dropbox.lnk
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __RSD C:\Users\Rave\Documents\My Stationery
2013-07-04 16:53 - 2013-07-04 17:07 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Dropbox
2013-07-04 16:50 - 2013-07-04 16:51 - 33578320 ____A (Dropbox, Inc.) C:\Users\Rave\Downloads\Dropbox 2.2.8.exe
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Users\Rave\AppData\Local\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 16:31 - 2013-07-04 16:32 - 00000000 ____D C:\Users\Rave\Documents\Youcam
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Rave\AppData\Local\Microsoft Help
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Public\CyberLink
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-04 16:29 - 2013-07-04 16:29 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Macromedia
2013-07-04 16:25 - 2013-07-04 16:32 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Adobe
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Google
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Local\Google
2013-07-04 16:21 - 2013-07-04 16:21 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 16:16 - 2013-07-04 16:16 - 00000000 ____D C:\Users\Rave\AppData\Local\Power2Go
2013-07-04 16:15 - 2013-07-04 16:16 - 00000000 ____D C:\Users\Rave\AppData\Local\VirtualStore
2013-07-04 16:14 - 2013-07-04 16:14 - 00000882 ____A C:\Users\Public\Desktop\MultimediaPOP.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\UpdatusUser\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\Default\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\Default User\Desktop\CyberLink YouCam.lnk
2013-07-04 16:12 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files\Windows Live
2013-07-04 16:12 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-04 16:12 - 2009-08-05 23:24 - 00061280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2013-07-04 16:11 - 2013-07-04 16:11 - 00031343 ____A C:\Windows\DirectX.log
2013-07-04 16:11 - 2012-02-15 08:27 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2013-07-04 16:11 - 2012-02-15 07:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-07-04 16:11 - 2012-02-15 06:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-07-04 16:11 - 2012-02-15 06:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2013-07-04 16:11 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-07-04 16:11 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-07-04 16:10 - 2013-07-04 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-04 16:09 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-04 16:09 - 2013-07-04 16:09 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-04 16:09 - 2013-07-04 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-07-04 16:07 - 2013-07-04 16:12 - 00138093 ____A C:\Windows\2013-07-04_16-07_378-97hcv2tg.log
2013-07-04 16:07 - 2013-07-04 16:07 - 00062648 ____A C:\Users\Rave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 16:07 - 2013-07-04 16:07 - 00000033 ____A C:\Windows\0
2013-07-04 16:07 - 2013-07-04 16:07 - 00000000 ____D C:\ProgramData\OberonGameConsole
2013-07-04 16:04 - 2012-06-03 00:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-07-04 16:04 - 2012-06-03 00:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-07-04 16:04 - 2012-06-03 00:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-07-04 16:04 - 2012-06-03 00:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-07-04 16:04 - 2012-06-03 00:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-07-04 16:04 - 2012-06-03 00:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-07-04 16:04 - 2012-06-03 00:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-07-04 16:04 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-07-04 16:04 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-07-04 16:01 - 2013-07-04 16:07 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-07-04 16:01 - 2013-07-04 16:01 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\Users\Rave\AppData\Local\Adobe
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 16:01 - 2010-01-16 07:15 - 00131368 ____A C:\ProgramData\FullRemove.exe
2013-07-04 16:00 - 2013-07-04 16:56 - 00000000 ____D C:\users\Rave
2013-07-04 16:00 - 2013-07-04 16:00 - 00000020 ___SH C:\Users\Rave\ntuser.ini
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Vorlagen
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Startmenü
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Netzwerkumgebung
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Lokale Einstellungen
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Eigene Dateien
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Druckumgebung
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Documents\Eigene Musik
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Documents\Eigene Bilder
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\AppData\Local\Verlauf
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\AppData\Local\Anwendungsdaten
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Anwendungsdaten
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 ____A C:\Windows\System32\Drivers\144D_SAMSUNG_N_Q330_03UU.mrk
2013-07-04 15:58 - 2013-07-04 15:58 - 00000000 __SHD C:\Recovery

==================== One Month Modified Files and Folders =======

2013-07-05 01:53 - 2010-06-28 05:14 - 00000000 ____D C:\ProgramData\WinClon
2013-07-04 17:07 - 2013-07-04 16:53 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Dropbox
2013-07-04 17:05 - 2013-07-04 17:05 - 00000000 ____D C:\FRST
2013-07-04 17:04 - 2013-07-04 17:04 - 01934636 ____A (Farbar) C:\Users\Rave\Downloads\FRST64.exe
2013-07-04 17:03 - 2013-07-04 16:56 - 00000000 ___RD C:\Users\Rave\Dropbox
2013-07-04 16:56 - 2013-07-04 16:56 - 00001037 ____A C:\Users\Rave\Desktop\Dropbox.lnk
2013-07-04 16:56 - 2013-07-04 16:00 - 00000000 ____D C:\users\Rave
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __RSD C:\Users\Rave\Documents\My Stationery
2013-07-04 16:51 - 2013-07-04 16:50 - 33578320 ____A (Dropbox, Inc.) C:\Users\Rave\Downloads\Dropbox 2.2.8.exe
2013-07-04 16:46 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 16:46 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Users\Rave\AppData\Local\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 16:32 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Rave\Documents\Youcam
2013-07-04 16:32 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Adobe
2013-07-04 16:32 - 2010-06-28 05:05 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Rave\AppData\Local\Microsoft Help
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Public\CyberLink
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-04 16:30 - 2010-06-28 05:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-04 16:29 - 2013-07-04 16:29 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Macromedia
2013-07-04 16:28 - 2010-07-06 21:31 - 00680010 ____A C:\Windows\System32\perfh010.dat
2013-07-04 16:28 - 2010-07-06 21:31 - 00124006 ____A C:\Windows\System32\perfc010.dat
2013-07-04 16:28 - 2010-07-06 21:25 - 00643866 ____A C:\Windows\System32\perfh007.dat
2013-07-04 16:28 - 2010-07-06 21:25 - 00126394 ____A C:\Windows\System32\perfc007.dat
2013-07-04 16:28 - 2010-07-06 21:19 - 00684954 ____A C:\Windows\System32\perfh00C.dat
2013-07-04 16:28 - 2010-07-06 21:19 - 00127070 ____A C:\Windows\System32\perfc00C.dat
2013-07-04 16:28 - 2009-07-14 07:13 - 03085342 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-04 16:26 - 2010-06-28 04:57 - 02054395 ____A C:\Windows\WindowsUpdate.log
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Google
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Local\Google
2013-07-04 16:25 - 2010-06-28 05:30 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-04 16:24 - 2010-06-28 05:29 - 00004619 ____A C:\Windows\System32\Config.MPF
2013-07-04 16:21 - 2013-07-04 16:21 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 16:21 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 16:21 - 2009-07-14 06:51 - 00037823 ____A C:\Windows\setupact.log
2013-07-04 16:21 - 2009-07-14 06:45 - 00276976 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-04 16:20 - 2010-06-28 05:56 - 00658854 ____A C:\Windows\PFRO.log
2013-07-04 16:16 - 2013-07-04 16:16 - 00000000 ____D C:\Users\Rave\AppData\Local\Power2Go
2013-07-04 16:16 - 2013-07-04 16:15 - 00000000 ____D C:\Users\Rave\AppData\Local\VirtualStore
2013-07-04 16:14 - 2013-07-04 16:14 - 00000882 ____A C:\Users\Public\Desktop\MultimediaPOP.lnk
2013-07-04 16:14 - 2010-07-06 21:10 - 00000000 ____D C:\Windows\MSetup
2013-07-04 16:14 - 2010-06-28 05:03 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-04 16:14 - 2010-06-28 04:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 16:14 - 2010-06-28 04:53 - 00000162 ____A C:\setup.log
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\UpdatusUser\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\Default\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\Default User\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2010-06-28 05:05 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-07-04 16:13 - 2010-06-28 04:56 - 00000157 ____A C:\Windows\setup.log
2013-07-04 16:12 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files\Windows Live
2013-07-04 16:12 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-04 16:12 - 2013-07-04 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-04 16:12 - 2013-07-04 16:07 - 00138093 ____A C:\Windows\2013-07-04_16-07_378-97hcv2tg.log
2013-07-04 16:11 - 2013-07-04 16:11 - 00031343 ____A C:\Windows\DirectX.log
2013-07-04 16:10 - 2013-07-04 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-04 16:09 - 2013-07-04 16:09 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-04 16:09 - 2013-07-04 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-07-04 16:09 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-04 16:07 - 2013-07-04 16:07 - 00062648 ____A C:\Users\Rave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 16:07 - 2013-07-04 16:07 - 00000033 ____A C:\Windows\0
2013-07-04 16:07 - 2013-07-04 16:07 - 00000000 ____D C:\ProgramData\OberonGameConsole
2013-07-04 16:07 - 2013-07-04 16:01 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-07-04 16:03 - 2010-06-28 05:16 - 00000000 ____D C:\ProgramData\McAfee
2013-07-04 16:02 - 2010-06-28 06:00 - 00014897 ____A C:\Windows\SetDisplayResolution.log
2013-07-04 16:01 - 2013-07-04 16:01 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\Users\Rave\AppData\Local\Adobe
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 16:00 - 2013-07-04 16:00 - 00000020 ___SH C:\Users\Rave\ntuser.ini
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Vorlagen
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Startmenü
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Netzwerkumgebung
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Lokale Einstellungen
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Eigene Dateien
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Druckumgebung
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Documents\Eigene Musik
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Documents\Eigene Bilder
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\AppData\Local\Verlauf
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\AppData\Local\Anwendungsdaten
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Anwendungsdaten
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 ____A C:\Windows\System32\Drivers\144D_SAMSUNG_N_Q330_03UU.mrk
2013-07-04 16:00 - 2010-06-28 05:59 - 00001336 ____A C:\Windows\LCDStretchMode.log
2013-07-04 15:58 - 2013-07-04 15:58 - 00000000 __SHD C:\Recovery
2013-07-04 15:58 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2010-06-28 06:21

==================== End Of Log ============================
und ADDITION:

Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Rave at 2013-07-04 17:08:04
Running from C:\Users\Rave\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (x32 Version: 1.5.2.8870)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.42.34)
Adobe Reader 9.1 - Deutsch (x32 Version: 9.1.0)
Alice Greenfingers (x32)
Atheros Client Installation Program (x32 Version: 1.0.2.1119)
BatteryLifeExtender (x32 Version: 1.0.3)
Bonbon Quest (x32)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44)
Cake Mania (x32)
ChargeableUSB (x32 Version: 1.0.0.0)
CyberLink DVD Suite (x32 Version: 6.0.2806)
CyberLink LabelPrint (x32 Version: 2.5.1916)
CyberLink Power2Go (x32 Version: 6.0.3108a)
CyberLink PowerDirector (x32 Version: 7.0.3213)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b)
CyberLink PowerProducer (x32 Version: 5.0.1.1812)
CyberLink YouCam (x32 Version: 2.0.3911)
Daycare Nightmare (x32)
Dropbox (HKCU Version: 2.2.8)
Easy Content Share (x32 Version: 1.0.0.13)
Easy Display Manager (x32 Version: 3.2)
Easy Network Manager (x32 Version: 4.3.1)
Easy SpeedUp Manager (x32 Version: 2.1.0.11)
EasyBatteryManager (x32 Version: 4.0.0.4)
EasyFileShare (x32 Version: 1.0.3)
Flip Words (x32)
Galapago (x32)
Game Pack (x32 Version: 6.3.1.1)
Gem Shop (x32)
Insaniquarium Deluxe (x32)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2104)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) PROSet/Wireless WiFi Software (Version: 13.02.0000)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Mahjong Escape Ancient China (x32)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
McAfee SecurityCenter (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MultimediaPOP (x32 Version: 1.0)
Norton Online Backup (x32 Version: 2.1.13580)
NVIDIA Drivers (Version: 1.10.61.39)
NVIDIA Updatus (x32 Version: 1.0.3)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung Support Center (x32 Version: 1.0.2)
Samsung Update Plus (x32 Version: 2.0)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 4.2 (x32 Version: 4.2.155)
Slingo (x32)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
User Guide (x32 Version: 1.0)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

==================== Restore Points =========================

04-07-2013 14:00:22 Installed Adobe Reader 9.1 - Deutsch.
04-07-2013 14:03:36 Windows Update
04-07-2013 14:11:02 DirectX wurde installiert
04-07-2013 14:12:36 Installiert YouCam
04-07-2013 14:13:50 Installed MultimediaPOP
04-07-2013 14:14:21 Installed Adobe AIR
04-07-2013 14:16:25 Windows Update
04-07-2013 14:30:24 Installed Microsoft Office Professional 2010-Testversion

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {212959D5-5770-4FF1-92AF-CB74F26E80D5} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.)
Task: {3C5E96EE-4009-4E5B-BA42-FB87C04E5E30} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe No File
Task: {3CC57143-F009-4A14-936B-914ACE2E02C4} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe No File
Task: {4A153465-2DFB-40E0-B6F9-8E8D5307068F} - System32\Tasks\McQcTask => C:\PROGRA~2\mcafee\mqc\QcConsol.exe [2009-04-09] (McAfee, Inc.)
Task: {4A75A083-5425-49D5-98E4-7A86D2AB3FDB} - System32\Tasks\SamsungSupportCenterSettings => %programfiles(x86)%\Common Files\Samsung\SSCSettings\SSCSettings.exe No File
Task: {8C470476-9A45-40C4-B3DC-B92F68974BC4} - System32\Tasks\EasySpeedUpManager => %programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe No File
Task: {9D2922E8-3C75-4815-A329-DEC12C0FDAE4} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe No File
Task: {AE636520-2E4B-4CDC-A6C5-C145CCE4BB0D} - System32\Tasks\McDefragTask => C:\PROGRA~2\mcafee\mqc\QcConsol.exe [2009-04-09] (McAfee, Inc.)
Task: {CCA18D8F-FCFD-4DBB-BF39-0965FE043642} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-05-20] (Samsung Electronics Co., Ltd.)
Task: {E2D27C30-AEB4-45A6-9005-02CEF1D319E2} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\McQcTask.job => c:\PROGRA~2\mcafee\mqc\QcConsol.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 08:55:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.


System errors:
=============
Error: (07/04/2013 04:23:40 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070420


Microsoft Office Sessions:
=========================
Error: (07/04/2013 08:55:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.


==================== Memory info ===========================

Percentage of memory in use: 70%
Total physical RAM: 3892.49 MB
Available physical RAM: 1131.23 MB
Total Pagefile: 7783.12 MB
Available Pagefile: 5323.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:179 GB) (Free:148.39 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:266.66 GB) (Free:47.37 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: DEC82739)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended)

==================== End Of Log ============================
Ich hoffe ihr habt alles was ihr braucht

Vielen Dank schonmal für eure Hilfe

Alt 04.07.2013, 16:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 04.07.2013, 19:55   #3
stammuser
 
GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



sorry, hat was gedauert:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-04.01 - Rave 04.07.2013  20:42:44.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3892.2724 [GMT 2:00]
ausgeführt von:: c:\users\beep\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-04 bis 2013-07-04  ))))))))))))))))))))))))))))))
.
.
2013-07-04 18:47 . 2013-07-04 18:47	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-07-04 18:47 . 2013-07-04 18:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-04 17:23 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2013-07-04 17:23 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2013-07-04 16:27 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-07-04 16:27 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-07-04 16:27 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-07-04 16:27 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-07-04 16:03 . 2009-11-25 10:47	99176	----a-w-	c:\windows\SysWow64\PresentationHostProxy.dll
2013-07-04 16:03 . 2009-11-25 10:47	49472	----a-w-	c:\windows\SysWow64\netfxperf.dll
2013-07-04 16:03 . 2009-11-25 10:47	48960	----a-w-	c:\windows\system32\netfxperf.dll
2013-07-04 16:03 . 2009-11-25 10:47	297808	----a-w-	c:\windows\SysWow64\mscoree.dll
2013-07-04 16:03 . 2009-11-25 10:47	295264	----a-w-	c:\windows\SysWow64\PresentationHost.exe
2013-07-04 16:03 . 2009-11-25 10:47	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2013-07-04 16:03 . 2009-11-25 10:47	109912	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2013-07-04 16:03 . 2009-11-25 10:47	444752	----a-w-	c:\windows\system32\mscoree.dll
2013-07-04 16:03 . 2009-11-25 10:47	320352	----a-w-	c:\windows\system32\PresentationHost.exe
2013-07-04 16:03 . 2009-11-25 10:47	1942856	----a-w-	c:\windows\system32\dfshim.dll
2013-07-04 16:01 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-07-04 15:38 . 2013-06-02 15:11	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-07-04 15:36 . 2012-12-16 16:52	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-07-04 15:36 . 2012-12-16 14:25	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-07-04 15:36 . 2012-12-16 14:40	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-07-04 15:36 . 2012-12-16 14:25	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-07-04 15:34 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-07-04 15:34 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-07-04 15:34 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-07-04 15:34 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-07-04 15:34 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-07-04 15:34 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-07-04 15:34 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-07-04 15:26 . 2013-07-04 15:26	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-04 15:26 . 2013-07-04 15:26	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-04 15:26 . 2013-07-04 15:26	--------	d-----w-	c:\windows\system32\Macromed
2013-07-04 15:22 . 2012-03-01 06:54	22896	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-07-04 15:22 . 2012-03-01 06:40	80896	----a-w-	c:\windows\system32\imagehlp.dll
2013-07-04 15:22 . 2012-03-01 05:45	158720	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-07-04 15:22 . 2012-03-01 06:35	5120	----a-w-	c:\windows\system32\wmi.dll
2013-07-04 15:22 . 2012-03-01 05:40	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-07-04 15:15 . 2010-03-04 04:40	184832	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2013-07-04 15:15 . 2010-03-04 04:32	243712	----a-w-	c:\windows\system32\drivers\ks.sys
2013-07-04 15:06 . 2012-04-07 12:18	3213824	----a-w-	c:\windows\system32\msi.dll
2013-07-04 15:06 . 2012-04-07 11:34	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2013-07-04 15:05 . 2013-07-04 15:05	--------	d-----w-	C:\FRST
2013-07-04 15:04 . 2013-03-02 05:43	9377280	----a-w-	c:\windows\system32\mshtml.dll
2013-07-04 15:02 . 2013-03-19 06:19	5497688	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-04 15:01 . 2012-12-07 03:21	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2013-07-04 15:01 . 2012-12-07 03:45	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2013-07-04 15:01 . 2012-12-07 03:45	51712	----a-w-	c:\windows\system32\esrb.rs
2013-07-04 15:01 . 2012-12-07 03:21	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2013-07-04 15:01 . 2012-12-07 03:45	23552	----a-w-	c:\windows\system32\oflc.rs
2013-07-04 15:01 . 2012-12-07 03:45	55296	----a-w-	c:\windows\system32\cero.rs
2013-07-04 15:01 . 2012-12-07 03:21	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2013-07-04 15:01 . 2012-12-07 03:21	55296	----a-w-	c:\windows\SysWow64\cero.rs
2013-07-04 15:00 . 2013-04-12 14:36	1653096	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-07-04 15:00 . 2013-03-01 03:32	3150848	----a-w-	c:\windows\system32\win32k.sys
2013-07-04 15:00 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2013-07-04 15:00 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2013-07-04 14:55 . 2013-02-12 15:37	3138048	----a-w-	c:\windows\system32\mstscax.dll
2013-07-04 14:55 . 2013-02-12 15:13	2691072	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-07-04 14:55 . 2013-02-12 15:07	131072	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-07-04 14:55 . 2013-02-12 15:42	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-07-04 14:55 . 2013-02-12 15:31	158208	----a-w-	c:\windows\system32\aaclient.dll
2013-07-04 14:55 . 2013-02-12 13:59	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-07-04 14:53 . 2012-06-16 05:25	609792	----a-w-	c:\windows\system32\vbscript.dll
2013-07-04 14:52 . 2012-11-09 05:34	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-04 14:51 . 2010-06-29 05:35	4582912	----a-w-	c:\program files\Windows NT\Accessories\wordpad.exe
2013-07-04 14:50 . 2011-12-28 03:59	499200	----a-w-	c:\windows\system32\drivers\afd.sys
2013-07-04 14:49 . 2011-05-03 05:21	976896	----a-w-	c:\windows\system32\inetcomm.dll
2013-07-04 14:48 . 2010-05-05 07:37	483840	----a-w-	c:\windows\system32\StructuredQuery.dll
2013-07-04 14:34 . 2013-07-04 14:34	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-07-04 14:31 . 2013-07-04 14:31	--------	d-----w-	c:\programdata\Microsoft Help
2013-07-04 14:31 . 2013-07-04 14:31	--------	d-----w-	c:\users\Public\CyberLink
2013-07-04 14:29 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2013-07-04 14:29 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
2013-07-04 14:14 . 2013-07-04 14:14	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2013-07-04 14:14 . 2002-07-25 15:06	282624	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2013-07-04 14:09 . 2013-07-04 14:09	--------	d-----w-	c:\windows\PCHEALTH
2013-07-04 14:01 . 2013-07-04 14:01	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-07-04 14:00 . 2013-07-04 14:56	--------	d-----w-	c:\users\Rave
2013-07-04 13:58 . 2013-07-04 13:58	--------	d-----w-	C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Rave\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Rave\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Rave\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Rave\AppData\Roaming\Spotify\Spotify.exe" [2013-07-04 4643328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
.
c:\users\Rave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rave\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-22 27995640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Rave\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Rave\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Rave\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Rave\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 413720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Rave\AppData\Roaming\Mozilla\Firefox\Profiles\v86ins7n.default\
FF - ExtSQL: 2013-07-04 16:35; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rave\AppData\Roaming\Mozilla\Firefox\Profiles\v86ins7n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-04 20:07; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-04  20:49:44
ComboFix-quarantined-files.txt  2013-07-04 18:49
.
Vor Suchlauf: 8 Verzeichnis(se), 155.156.664.320 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 154.865.840.128 Bytes frei
.
- - End Of File - - 9F136A03009E5D9DCA967F95A3A829D5
         
--- --- ---
D41D8CD98F00B204E9800998ECF8427E
[/QUOTE]
__________________

Alt 04.07.2013, 20:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

und ein frisches FRST Log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.07.2013, 22:32   #5
stammuser
 
GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



so hier sind also die logs:
adw cleaner s1:
Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 04/07/2013 um 21:07:47 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Rave - RAVE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rave\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17267

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Rave\AppData\Roaming\Mozilla\Firefox\Profiles\v86ins7n.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [988 octets] - [04/07/2013 21:07:47]

########## EOF - C:\AdwCleaner[S1].txt - [1047 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Rave on 04.07.2013 at 21:10:40,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.07.2013 at 21:14:23,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=02f16814025faf46a7f9a9262a586dd0
# engine=14274
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-04 09:18:02
# local_time=2013-07-04 11:18:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776573 100 94 8642 124602532 0 0
# scanned=198448
# found=0
# cleaned=0
# scan_time=7140
         
und nochmal adw cleaner:

Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 04/07/2013 um 23:24:22 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Rave - RAVE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rave\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17267

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Rave\AppData\Roaming\Mozilla\Firefox\Profiles\v86ins7n.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1116 octets] - [04/07/2013 21:07:47]
AdwCleaner[S2].txt - [767 octets] - [04/07/2013 23:24:22]

########## EOF - C:\AdwCleaner[S2].txt - [826 octets] ##########
         
danke für deine mühe


Alt 05.07.2013, 09:08   #6
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



Frisches FRST log bitte. Noch probleme?
__________________
--> GVU Trojaner - System bereits wiederhergestellt!

Alt 05.07.2013, 17:48   #7
stammuser
 
GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Rave (administrator) on 05-07-2013 18:46:41
Running from C:\Users\Rave\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Rave\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Rave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Rave\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [17412200 2010-05-05] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKCU\...\Run: [Spotify] "C:\Users\Rave\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-07-04] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Rave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-04] (Spotify Ltd)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [95848 2010-05-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [90216 2010-05-06] (NVIDIA Corporation)
Startup: C:\Users\Rave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Rave\AppData\Roaming\Mozilla\Firefox\Profiles\v86ins7n.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: No Name - C:\Users\Rave\AppData\Roaming\Mozilla\Firefox\Profiles\v86ins7n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 23:33 - 2013-07-04 23:33 - 00000894 ____A C:\Users\Rave\Desktop\AdwCleaner[S2].txt
2013-07-04 23:24 - 2013-07-04 23:24 - 00000894 ____A C:\AdwCleaner[S2].txt
2013-07-04 21:14 - 2013-07-04 21:14 - 00000624 ____A C:\Users\Rave\Desktop\JRT.txt
2013-07-04 21:10 - 2013-07-04 21:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-04 21:10 - 2013-07-04 21:10 - 00000000 ____D C:\JRT
2013-07-04 21:09 - 2013-07-04 21:09 - 00001116 ____A C:\Users\Rave\Desktop\AdwCleaner[S1].txt
2013-07-04 21:07 - 2013-07-04 21:08 - 00001116 ____A C:\AdwCleaner[S1].txt
2013-07-04 21:05 - 2013-07-04 21:05 - 02347384 ____A (ESET) C:\Users\Rave\Downloads\esetsmartinstaller_enu.exe
2013-07-04 21:05 - 2013-07-04 21:05 - 00650027 ____A C:\Users\Rave\Downloads\adwcleaner.exe
2013-07-04 21:05 - 2013-07-04 21:05 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Rave\Downloads\JRT.exe
2013-07-04 20:53 - 2013-05-02 02:06 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-07-04 20:49 - 2013-07-04 20:49 - 00019255 ____A C:\ComboFix.txt
2013-07-04 20:41 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-04 20:41 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-04 20:41 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-04 20:41 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-04 20:41 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-04 20:41 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-04 20:41 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-04 20:41 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-04 20:20 - 2013-07-04 20:20 - 00000000 ____D C:\Users\Rave\AppData\Local\Macromedia
2013-07-04 20:19 - 2013-07-04 20:19 - 00000090 ____A C:\Users\Rave\Documents\Powers.log
2013-07-04 20:12 - 2013-07-04 20:12 - 00000027 ____A C:\Windows\SysWOW64\MPFServiceFailureCount.txt
2013-07-04 19:23 - 2010-09-14 08:45 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2013-07-04 19:23 - 2010-09-14 08:07 - 00276992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2013-07-04 18:27 - 2012-07-26 06:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-07-04 18:27 - 2012-07-26 06:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-07-04 18:27 - 2012-07-26 04:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-07-04 18:27 - 2012-06-02 16:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-04 18:03 - 2009-11-25 12:47 - 01942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-07-04 18:03 - 2009-11-25 12:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2013-07-04 18:03 - 2009-11-25 12:47 - 00444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-07-04 18:03 - 2009-11-25 12:47 - 00320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-07-04 18:03 - 2009-11-25 12:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-07-04 18:03 - 2009-11-25 12:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-07-04 18:03 - 2009-11-25 12:47 - 00109912 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-07-04 18:03 - 2009-11-25 12:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2013-07-04 18:03 - 2009-11-25 12:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2013-07-04 18:03 - 2009-11-25 12:47 - 00048960 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-07-04 18:01 - 2010-02-23 10:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2013-07-04 17:38 - 2013-06-02 17:11 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-04 17:36 - 2012-12-16 18:52 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-07-04 17:36 - 2012-12-16 16:40 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-07-04 17:36 - 2012-12-16 16:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-04 17:36 - 2012-12-16 16:25 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-04 17:34 - 2012-07-26 05:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-07-04 17:34 - 2012-07-26 05:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-07-04 17:34 - 2012-07-26 05:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-07-04 17:34 - 2012-07-26 05:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-07-04 17:34 - 2012-07-26 05:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-07-04 17:34 - 2012-07-26 04:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-07-04 17:34 - 2012-07-26 04:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-07-04 17:34 - 2012-06-02 16:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-04 17:32 - 2013-07-04 20:49 - 00000000 ____D C:\Qoobox
2013-07-04 17:31 - 2013-07-04 20:48 - 00000000 ____D C:\Windows\erdnt
2013-07-04 17:29 - 2013-07-04 17:29 - 05085494 ____R (Swearware) C:\Users\Rave\Desktop\ComboFix.exe
2013-07-04 17:27 - 2013-07-04 17:28 - 00000000 ____D C:\Users\Rave\AppData\Local\Spotify
2013-07-04 17:27 - 2013-07-04 17:27 - 00001799 ____A C:\Users\Rave\Desktop\Spotify.lnk
2013-07-04 17:26 - 2013-07-05 18:45 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Spotify
2013-07-04 17:26 - 2013-07-04 17:26 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-04 17:26 - 2013-07-04 17:26 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-04 17:26 - 2013-07-04 17:26 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-04 17:22 - 2012-03-01 08:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2013-07-04 17:22 - 2012-03-01 08:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-07-04 17:22 - 2012-03-01 08:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2013-07-04 17:22 - 2012-03-01 07:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-07-04 17:22 - 2012-03-01 07:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-07-04 17:20 - 2013-07-04 17:20 - 00092776 ____A (Spotify Ltd) C:\Users\Rave\Downloads\SpotifySetup.exe
2013-07-04 17:15 - 2010-03-04 06:40 - 00184832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-07-04 17:15 - 2010-03-04 06:32 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2013-07-04 17:08 - 2013-07-04 17:08 - 00008047 ____A C:\Users\Rave\Downloads\Addition.txt
2013-07-04 17:06 - 2012-04-07 14:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2013-07-04 17:06 - 2012-04-07 13:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-07-04 17:05 - 2013-07-04 17:05 - 00000000 ____D C:\FRST
2013-07-04 17:04 - 2013-07-04 17:04 - 01934636 ____A (Farbar) C:\Users\Rave\Downloads\FRST64.exe
2013-07-04 17:04 - 2013-03-02 07:43 - 09377280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-04 17:04 - 2013-03-02 07:02 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-04 17:03 - 2013-03-02 07:49 - 01499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-04 17:03 - 2013-03-02 07:49 - 01198080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-04 17:03 - 2013-03-02 07:49 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-04 17:03 - 2013-03-02 07:44 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-07-04 17:03 - 2013-03-02 07:43 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-04 17:03 - 2013-03-02 07:43 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-04 17:03 - 2013-03-02 07:43 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-04 17:03 - 2013-03-02 07:43 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-04 17:03 - 2013-03-02 07:43 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-04 17:03 - 2013-03-02 07:42 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-04 17:03 - 2013-03-02 07:42 - 02463744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-04 17:03 - 2013-03-02 07:42 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-04 17:03 - 2013-03-02 07:42 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-04 17:03 - 2013-03-02 07:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-04 17:03 - 2013-03-02 07:06 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-04 17:03 - 2013-03-02 07:05 - 01230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-04 17:03 - 2013-03-02 07:05 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-04 17:03 - 2013-03-02 07:02 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-04 17:03 - 2013-03-02 07:02 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-07-04 17:03 - 2013-03-02 07:02 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-04 17:03 - 2013-03-02 07:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-04 17:03 - 2013-03-02 07:01 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-04 17:03 - 2013-03-02 07:01 - 02077184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-04 17:03 - 2013-03-02 07:01 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-04 17:03 - 2013-03-02 07:01 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-04 17:03 - 2013-03-02 07:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-04 17:03 - 2013-03-02 07:01 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-04 17:03 - 2013-03-02 06:38 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-04 17:03 - 2013-03-02 06:03 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-04 17:03 - 2013-03-02 05:56 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-04 17:03 - 2013-03-02 05:56 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-04 17:03 - 2013-03-02 05:30 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-04 17:03 - 2013-03-02 05:29 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-04 17:03 - 2013-03-02 05:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-04 17:03 - 2011-05-04 07:30 - 02326016 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-07-04 17:03 - 2011-05-04 07:28 - 02228224 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-07-04 17:03 - 2011-05-04 07:28 - 00779264 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-07-04 17:03 - 2011-05-04 07:28 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-07-04 17:03 - 2011-05-04 07:28 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2013-07-04 17:03 - 2011-05-04 07:28 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-07-04 17:03 - 2011-05-04 07:24 - 00593408 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-07-04 17:03 - 2011-05-04 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-07-04 17:03 - 2011-05-04 07:24 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-07-04 17:03 - 2011-05-04 06:53 - 01553920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-07-04 17:03 - 2011-05-04 06:52 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-07-04 17:03 - 2011-05-04 06:52 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-07-04 17:03 - 2011-05-04 06:52 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-07-04 17:03 - 2011-05-04 06:52 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-07-04 17:03 - 2011-05-04 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-07-04 17:03 - 2011-05-04 06:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-07-04 17:03 - 2011-05-04 06:52 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-07-04 17:03 - 2011-05-04 06:52 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-07-04 17:03 - 2010-12-21 08:16 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2013-07-04 17:03 - 2010-12-21 08:16 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-07-04 17:03 - 2010-12-21 08:16 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-07-04 17:03 - 2010-12-21 08:16 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2013-07-04 17:03 - 2010-12-21 08:15 - 00264192 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2013-07-04 17:03 - 2010-12-21 08:15 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll
2013-07-04 17:03 - 2010-12-21 08:10 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-07-04 17:03 - 2010-12-21 07:38 - 00350720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2013-07-04 17:03 - 2010-12-21 07:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-07-04 17:03 - 2010-12-21 07:38 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2013-07-04 17:03 - 2010-12-21 07:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-07-04 17:03 - 2010-12-21 07:38 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2013-07-04 17:03 - 2010-12-21 07:34 - 00080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-07-04 17:02 - 2013-03-19 08:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-07-04 17:02 - 2013-03-19 07:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-07-04 17:02 - 2013-03-19 07:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-04 17:02 - 2013-03-19 07:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-04 17:02 - 2013-03-19 06:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-04 17:02 - 2013-03-19 05:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-07-04 17:02 - 2012-12-07 07:41 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-07-04 17:02 - 2012-12-07 07:35 - 02745856 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-07-04 17:02 - 2012-12-07 07:04 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-07-04 17:02 - 2012-12-07 06:57 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-04 17:02 - 2012-12-07 05:45 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-07-04 17:02 - 2012-12-07 05:45 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-07-04 17:02 - 2012-12-07 05:21 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-07-04 17:01 - 2012-12-07 05:45 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-07-04 17:01 - 2012-12-07 05:45 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-07-04 17:01 - 2012-12-07 05:45 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-07-04 17:01 - 2012-12-07 05:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-07-04 17:01 - 2012-12-07 05:21 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-07-04 17:01 - 2012-12-07 05:21 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-07-04 17:01 - 2012-12-07 05:21 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-07-04 17:01 - 2012-12-07 05:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-07-04 17:00 - 2013-04-12 16:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-07-04 17:00 - 2013-03-01 05:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-04 17:00 - 2011-04-09 08:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2013-07-04 17:00 - 2011-04-09 07:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-07-04 16:59 - 2012-11-30 01:21 - 00420032 ____A C:\Windows\SysWOW64\locale.nls
2013-07-04 16:59 - 2012-11-30 01:19 - 00420032 ____A C:\Windows\System32\locale.nls
2013-07-04 16:56 - 2013-07-05 18:44 - 00000000 ___RD C:\Users\Rave\Dropbox
2013-07-04 16:56 - 2013-07-04 16:56 - 00001037 ____A C:\Users\Rave\Desktop\Dropbox.lnk
2013-07-04 16:56 - 2013-01-04 07:41 - 01893224 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-07-04 16:56 - 2013-01-04 07:40 - 00287576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-07-04 16:56 - 2012-11-09 07:34 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-07-04 16:56 - 2012-11-09 06:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-04 16:56 - 2012-06-09 07:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-07-04 16:56 - 2012-06-09 06:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-04 16:56 - 2012-03-03 08:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-04 16:56 - 2012-03-03 08:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-04 16:56 - 2012-03-03 08:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-04 16:56 - 2012-03-03 08:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-04 16:56 - 2012-03-03 08:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-04 16:56 - 2012-03-03 07:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-04 16:56 - 2012-03-03 07:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-04 16:56 - 2012-03-03 07:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-04 16:56 - 2012-03-03 07:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-04 16:56 - 2012-03-03 07:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-04 16:56 - 2011-03-12 14:03 - 00662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-04 16:56 - 2011-03-12 13:31 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-04 16:56 - 2010-09-01 07:21 - 14627840 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-07-04 16:56 - 2010-09-01 07:12 - 12625920 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-07-04 16:56 - 2010-09-01 06:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-07-04 16:56 - 2010-09-01 06:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __RSD C:\Users\Rave\Documents\My Stationery
2013-07-04 16:55 - 2013-02-12 17:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-04 16:55 - 2013-02-12 17:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-04 16:55 - 2013-02-12 17:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-04 16:55 - 2013-02-12 17:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-04 16:55 - 2013-02-12 17:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-04 16:55 - 2013-02-12 15:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-04 16:54 - 2013-01-04 07:37 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-07-04 16:54 - 2013-01-04 07:37 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-07-04 16:54 - 2013-01-04 07:37 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-07-04 16:54 - 2013-01-04 07:36 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-07-04 16:54 - 2013-01-04 07:33 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-07-04 16:54 - 2013-01-04 07:30 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-07-04 16:54 - 2013-01-04 07:30 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 07:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:51 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-04 16:54 - 2013-01-04 06:51 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-04 16:54 - 2013-01-04 06:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 06:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 05:19 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-07-04 16:54 - 2013-01-04 04:48 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-04 16:54 - 2013-01-04 04:48 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-04 16:54 - 2013-01-04 04:48 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-04 16:54 - 2013-01-04 04:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-04 16:54 - 2013-01-04 04:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 04:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 04:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-07-04 16:54 - 2013-01-04 04:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-07-04 16:54 - 2012-11-02 07:30 - 02001408 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-07-04 16:54 - 2012-11-02 07:30 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-07-04 16:54 - 2012-11-02 06:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-04 16:54 - 2012-11-02 06:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-04 16:54 - 2012-02-11 08:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2013-07-04 16:54 - 2012-02-11 08:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2013-07-04 16:54 - 2010-08-04 09:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\msdri.dll
2013-07-04 16:53 - 2013-07-05 18:45 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Dropbox
2013-07-04 16:53 - 2012-06-16 07:25 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-04 16:53 - 2012-06-16 07:25 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-04 16:53 - 2012-06-16 06:37 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-04 16:53 - 2012-06-16 06:36 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-04 16:53 - 2012-01-04 11:58 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2013-07-04 16:53 - 2012-01-04 11:03 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-07-04 16:53 - 2011-06-15 11:58 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2013-07-04 16:53 - 2011-06-15 11:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2013-07-04 16:53 - 2011-06-15 11:58 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2013-07-04 16:53 - 2011-06-15 11:58 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2013-07-04 16:53 - 2011-06-15 11:04 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2013-07-04 16:53 - 2011-06-15 11:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2013-07-04 16:53 - 2011-06-15 11:04 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2013-07-04 16:53 - 2011-06-15 11:04 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2013-07-04 16:53 - 2011-06-15 11:04 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2013-07-04 16:53 - 2011-02-26 08:23 - 02870272 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-04 16:53 - 2011-02-26 07:33 - 02614784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-04 16:53 - 2010-08-31 06:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2013-07-04 16:53 - 2010-08-31 06:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2013-07-04 16:52 - 2012-11-09 07:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-07-04 16:52 - 2012-11-09 06:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-04 16:52 - 2012-06-02 07:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-07-04 16:52 - 2012-06-02 07:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-07-04 16:52 - 2012-06-02 07:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-07-04 16:52 - 2012-06-02 07:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-07-04 16:52 - 2012-06-02 06:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-04 16:52 - 2012-06-02 06:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-04 16:52 - 2012-06-02 06:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-04 16:52 - 2011-11-17 09:11 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-07-04 16:52 - 2011-11-17 09:11 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-07-04 16:52 - 2011-11-17 09:11 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-07-04 16:52 - 2011-11-17 09:08 - 01446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-07-04 16:52 - 2011-11-17 09:05 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-07-04 16:52 - 2011-10-26 07:22 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-07-04 16:52 - 2011-10-26 07:22 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-07-04 16:52 - 2011-10-26 06:28 - 01328640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2013-07-04 16:52 - 2011-10-26 06:28 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-07-04 16:52 - 2011-04-29 05:13 - 00461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2013-07-04 16:52 - 2011-04-29 05:12 - 00399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-07-04 16:52 - 2011-04-29 05:12 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-07-04 16:52 - 2011-03-11 08:19 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2013-07-04 16:52 - 2011-03-11 08:19 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2013-07-04 16:52 - 2011-03-11 07:40 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2013-07-04 16:52 - 2011-03-11 07:40 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2013-07-04 16:52 - 2010-12-23 08:07 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2013-07-04 16:52 - 2010-12-23 08:07 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2013-07-04 16:52 - 2010-12-23 08:02 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2013-07-04 16:52 - 2010-12-23 07:28 - 00850432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2013-07-04 16:52 - 2010-12-23 07:28 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2013-07-04 16:52 - 2010-12-23 07:24 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2013-07-04 16:51 - 2012-11-20 07:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-07-04 16:51 - 2012-11-20 07:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-07-04 16:51 - 2012-08-11 02:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-07-04 16:51 - 2012-08-11 01:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-04 16:51 - 2012-06-02 07:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-07-04 16:51 - 2012-06-02 07:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-07-04 16:51 - 2012-06-02 07:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-07-04 16:51 - 2012-06-02 06:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-04 16:51 - 2012-06-02 06:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-04 16:51 - 2012-06-02 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-04 16:51 - 2012-01-03 08:24 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2013-07-04 16:51 - 2012-01-03 07:44 - 00478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-07-04 16:51 - 2011-11-17 09:14 - 01739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-07-04 16:51 - 2011-11-17 09:12 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2013-07-04 16:51 - 2011-11-17 07:41 - 01292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-07-04 16:51 - 2011-11-17 07:39 - 00314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-07-04 16:51 - 2011-08-17 07:32 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2013-07-04 16:51 - 2011-08-17 07:27 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2013-07-04 16:51 - 2011-08-17 07:27 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2013-07-04 16:51 - 2011-08-17 07:27 - 00104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2013-07-04 16:51 - 2011-08-17 07:27 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2013-07-04 16:51 - 2011-08-17 06:26 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2013-07-04 16:51 - 2011-08-17 06:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2013-07-04 16:51 - 2011-08-17 06:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2013-07-04 16:51 - 2011-08-17 06:22 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2013-07-04 16:51 - 2011-08-17 06:22 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2013-07-04 16:51 - 2011-07-09 04:44 - 00287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2013-07-04 16:51 - 2011-05-04 04:51 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-07-04 16:51 - 2011-05-04 04:51 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-07-04 16:51 - 2011-02-05 14:41 - 00640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-07-04 16:51 - 2011-02-05 14:41 - 00556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-07-04 16:51 - 2011-02-05 14:41 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2013-07-04 16:51 - 2011-02-05 14:41 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2013-07-04 16:51 - 2011-02-05 14:41 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2013-07-04 16:51 - 2011-02-05 14:39 - 00603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-07-04 16:51 - 2011-02-05 14:39 - 00518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-07-04 16:51 - 2010-11-02 07:18 - 00524288 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2013-07-04 16:51 - 2010-11-02 07:17 - 01169408 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2013-07-04 16:51 - 2010-11-02 07:17 - 00473600 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2013-07-04 16:51 - 2010-11-02 07:16 - 01114624 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-07-04 16:51 - 2010-11-02 07:10 - 00464384 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2013-07-04 16:51 - 2010-11-02 07:10 - 00285696 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2013-07-04 16:51 - 2010-11-02 06:40 - 00496128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2013-07-04 16:51 - 2010-11-02 06:40 - 00305152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2013-07-04 16:51 - 2010-11-02 06:34 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2013-07-04 16:51 - 2010-11-02 06:34 - 00179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2013-07-04 16:51 - 2010-10-16 07:17 - 00720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2013-07-04 16:51 - 2010-10-16 06:34 - 00573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2013-07-04 16:51 - 2010-06-29 07:39 - 02085376 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2013-07-04 16:51 - 2010-06-29 07:02 - 01413632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2013-07-04 16:50 - 2013-07-04 16:51 - 33578320 ____A (Dropbox, Inc.) C:\Users\Rave\Downloads\Dropbox 2.2.8.exe
2013-07-04 16:50 - 2012-08-02 19:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-04 16:50 - 2012-08-02 19:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-04 16:50 - 2012-05-05 10:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-07-04 16:50 - 2012-05-05 09:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-07-04 16:50 - 2011-12-28 05:59 - 00499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-07-04 16:50 - 2011-10-15 08:25 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2013-07-04 16:50 - 2011-10-15 07:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2013-07-04 16:50 - 2011-03-03 08:17 - 00356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2013-07-04 16:50 - 2011-03-03 08:17 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2013-07-04 16:50 - 2011-03-03 08:14 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2013-07-04 16:50 - 2011-03-03 07:29 - 00269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2013-07-04 16:50 - 2011-03-03 07:27 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2013-07-04 16:50 - 2011-02-24 08:30 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-04 16:50 - 2011-02-24 07:32 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-04 16:50 - 2010-12-18 08:08 - 01097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-07-04 16:50 - 2010-12-18 07:26 - 01034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-04 16:49 - 2013-02-12 16:02 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-07-04 16:49 - 2012-11-22 12:32 - 00801280 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-07-04 16:49 - 2012-11-22 11:33 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-04 16:49 - 2012-11-02 07:27 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-07-04 16:49 - 2012-11-02 06:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-04 16:49 - 2012-08-24 20:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-07-04 16:49 - 2012-08-24 19:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-07-04 16:49 - 2012-05-14 07:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-07-04 16:49 - 2012-05-02 07:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2013-07-04 16:49 - 2012-04-28 05:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-07-04 16:49 - 2012-04-26 07:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2013-07-04 16:49 - 2012-04-26 07:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2013-07-04 16:49 - 2012-04-26 07:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2013-07-04 16:49 - 2011-08-27 07:40 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-07-04 16:49 - 2011-08-27 07:40 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2013-07-04 16:49 - 2011-08-27 06:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-07-04 16:49 - 2011-08-27 06:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2013-07-04 16:49 - 2011-06-16 07:31 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2013-07-04 16:49 - 2011-06-16 06:35 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2013-07-04 16:49 - 2011-05-24 13:21 - 00404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2013-07-04 16:49 - 2011-05-24 12:34 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2013-07-04 16:49 - 2011-05-24 12:34 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2013-07-04 16:49 - 2011-05-24 12:34 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2013-07-04 16:49 - 2011-05-24 12:32 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2013-07-04 16:49 - 2011-05-03 07:21 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2013-07-04 16:49 - 2011-05-03 06:50 - 00740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2013-07-04 16:49 - 2011-02-23 07:15 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-07-04 16:49 - 2010-10-16 07:23 - 00112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-07-04 16:49 - 2010-08-27 08:14 - 00236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2013-07-04 16:49 - 2010-08-27 07:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2013-07-04 16:49 - 2010-08-26 07:27 - 00148992 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2013-07-04 16:49 - 2010-08-26 06:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2013-07-04 16:49 - 2010-08-21 08:38 - 01024512 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2013-07-04 16:49 - 2010-08-21 08:31 - 00633856 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-07-04 16:49 - 2010-08-21 07:36 - 00738816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2013-07-04 16:49 - 2010-08-21 07:33 - 00530432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-07-04 16:49 - 2010-05-19 21:48 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-07-04 16:49 - 2010-03-05 09:52 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2013-07-04 16:49 - 2010-03-05 09:42 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2013-07-04 16:48 - 2013-01-24 07:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-07-04 16:48 - 2012-09-26 00:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-07-04 16:48 - 2012-09-25 23:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-04 16:48 - 2012-09-06 19:38 - 00295792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-07-04 16:48 - 2012-07-05 00:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-07-04 16:48 - 2012-07-05 00:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-07-04 16:48 - 2012-07-05 00:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-07-04 16:48 - 2012-07-04 23:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-07-04 16:48 - 2012-07-04 23:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-07-04 16:48 - 2012-03-17 09:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-07-04 16:48 - 2011-12-16 10:42 - 00634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2013-07-04 16:48 - 2011-12-16 09:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-07-04 16:48 - 2011-04-27 04:57 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2013-07-04 16:48 - 2011-04-22 22:18 - 00027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2013-07-04 16:48 - 2011-02-18 08:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2013-07-04 16:48 - 2011-02-18 07:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-07-04 16:48 - 2011-02-12 08:14 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2013-07-04 16:48 - 2010-07-29 08:30 - 00082944 ____A (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2013-07-04 16:48 - 2010-06-19 08:53 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2013-07-04 16:48 - 2010-06-19 08:23 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2013-07-04 16:48 - 2010-05-05 09:37 - 00483840 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2013-07-04 16:48 - 2010-05-05 08:46 - 00363520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Users\Rave\AppData\Local\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 16:31 - 2013-07-04 16:32 - 00000000 ____D C:\Users\Rave\Documents\Youcam
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Rave\AppData\Local\Microsoft Help
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Public\CyberLink
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-04 16:29 - 2013-07-04 16:29 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Macromedia
2013-07-04 16:29 - 2011-11-19 17:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2013-07-04 16:29 - 2011-11-19 16:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-07-04 16:25 - 2013-07-04 21:20 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Adobe
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Google
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Local\Google
2013-07-04 16:21 - 2013-07-04 16:21 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 16:16 - 2013-07-04 16:16 - 00000000 ____D C:\Users\Rave\AppData\Local\Power2Go
2013-07-04 16:15 - 2013-07-04 16:16 - 00000000 ____D C:\Users\Rave\AppData\Local\VirtualStore
2013-07-04 16:14 - 2013-07-04 16:14 - 00000882 ____A C:\Users\Public\Desktop\MultimediaPOP.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\UpdatusUser\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\Default\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\Default User\Desktop\CyberLink YouCam.lnk
2013-07-04 16:12 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files\Windows Live
2013-07-04 16:12 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-04 16:12 - 2009-08-05 23:24 - 00061280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2013-07-04 16:11 - 2013-07-04 16:11 - 00031343 ____A C:\Windows\DirectX.log
2013-07-04 16:11 - 2012-02-15 08:27 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2013-07-04 16:11 - 2012-02-15 07:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-07-04 16:11 - 2012-02-15 06:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2013-07-04 16:11 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-07-04 16:11 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-07-04 16:10 - 2013-07-04 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-04 16:09 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-04 16:09 - 2013-07-04 16:09 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-04 16:09 - 2013-07-04 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-07-04 16:07 - 2013-07-04 20:19 - 00063104 ____A C:\Users\Rave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 16:07 - 2013-07-04 16:12 - 00138093 ____A C:\Windows\2013-07-04_16-07_378-97hcv2tg.log
2013-07-04 16:07 - 2013-07-04 16:07 - 00000033 ____A C:\Windows\0
2013-07-04 16:07 - 2013-07-04 16:07 - 00000000 ____D C:\ProgramData\OberonGameConsole
2013-07-04 16:04 - 2012-06-03 00:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-07-04 16:04 - 2012-06-03 00:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-07-04 16:04 - 2012-06-03 00:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-07-04 16:04 - 2012-06-03 00:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-07-04 16:04 - 2012-06-03 00:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-07-04 16:04 - 2012-06-03 00:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-07-04 16:04 - 2012-06-03 00:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-07-04 16:04 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-07-04 16:04 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-07-04 16:01 - 2013-07-04 21:21 - 00000000 ____D C:\Users\Rave\AppData\Local\Adobe
2013-07-04 16:01 - 2013-07-04 16:07 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-07-04 16:01 - 2013-07-04 16:01 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 16:00 - 2013-07-04 16:56 - 00000000 ____D C:\users\Rave
2013-07-04 16:00 - 2013-07-04 16:00 - 00000020 ___SH C:\Users\Rave\ntuser.ini
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Vorlagen
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Startmenü
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Netzwerkumgebung
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Lokale Einstellungen
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Eigene Dateien
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Druckumgebung
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Documents\Eigene Musik
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Documents\Eigene Bilder
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\AppData\Local\Verlauf
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\AppData\Local\Anwendungsdaten
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Anwendungsdaten
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 ____A C:\Windows\System32\Drivers\144D_SAMSUNG_N_Q330_03UU.mrk
2013-07-04 15:58 - 2013-07-04 15:58 - 00000000 ____D C:\Recovery

==================== One Month Modified Files and Folders =======

2013-07-05 18:45 - 2013-07-04 17:26 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Spotify
2013-07-05 18:45 - 2013-07-04 16:53 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Dropbox
2013-07-05 18:44 - 2013-07-04 16:56 - 00000000 ___RD C:\Users\Rave\Dropbox
2013-07-05 18:43 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-05 18:43 - 2009-07-14 06:51 - 00038215 ____A C:\Windows\setupact.log
2013-07-05 10:08 - 2010-06-28 04:57 - 01531019 ____A C:\Windows\WindowsUpdate.log
2013-07-05 09:21 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-05 09:21 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-05 01:53 - 2010-06-28 05:14 - 00000000 ____D C:\ProgramData\WinClon
2013-07-04 23:33 - 2013-07-04 23:33 - 00000894 ____A C:\Users\Rave\Desktop\AdwCleaner[S2].txt
2013-07-04 23:32 - 2010-07-06 21:25 - 00654166 ____A C:\Windows\System32\perfh007.dat
2013-07-04 23:32 - 2010-07-06 21:25 - 00130006 ____A C:\Windows\System32\perfc007.dat
2013-07-04 23:32 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-04 23:25 - 2010-06-28 05:56 - 00663288 ____A C:\Windows\PFRO.log
2013-07-04 23:24 - 2013-07-04 23:24 - 00000894 ____A C:\AdwCleaner[S2].txt
2013-07-04 21:21 - 2013-07-04 16:01 - 00000000 ____D C:\Users\Rave\AppData\Local\Adobe
2013-07-04 21:20 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Adobe
2013-07-04 21:14 - 2013-07-04 21:14 - 00000624 ____A C:\Users\Rave\Desktop\JRT.txt
2013-07-04 21:10 - 2013-07-04 21:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-04 21:10 - 2013-07-04 21:10 - 00000000 ____D C:\JRT
2013-07-04 21:09 - 2013-07-04 21:09 - 00001116 ____A C:\Users\Rave\Desktop\AdwCleaner[S1].txt
2013-07-04 21:08 - 2013-07-04 21:07 - 00001116 ____A C:\AdwCleaner[S1].txt
2013-07-04 21:05 - 2013-07-04 21:05 - 02347384 ____A (ESET) C:\Users\Rave\Downloads\esetsmartinstaller_enu.exe
2013-07-04 21:05 - 2013-07-04 21:05 - 00650027 ____A C:\Users\Rave\Downloads\adwcleaner.exe
2013-07-04 21:05 - 2013-07-04 21:05 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Rave\Downloads\JRT.exe
2013-07-04 20:49 - 2013-07-04 20:49 - 00019255 ____A C:\ComboFix.txt
2013-07-04 20:49 - 2013-07-04 17:32 - 00000000 ____D C:\Qoobox
2013-07-04 20:48 - 2013-07-04 17:31 - 00000000 ____D C:\Windows\erdnt
2013-07-04 20:47 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-04 20:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:37 - 2010-06-28 05:16 - 00000000 ____D C:\ProgramData\McAfee
2013-07-04 20:20 - 2013-07-04 20:20 - 00000000 ____D C:\Users\Rave\AppData\Local\Macromedia
2013-07-04 20:19 - 2013-07-04 20:19 - 00000090 ____A C:\Users\Rave\Documents\Powers.log
2013-07-04 20:19 - 2013-07-04 16:07 - 00063104 ____A C:\Users\Rave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 20:13 - 2009-07-14 06:45 - 00277680 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-04 20:12 - 2013-07-04 20:12 - 00000027 ____A C:\Windows\SysWOW64\MPFServiceFailureCount.txt
2013-07-04 20:10 - 2010-07-06 21:18 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-04 20:10 - 2010-07-06 21:12 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-04 20:10 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-07-04 20:10 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-07-04 20:10 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-07-04 20:10 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-07-04 20:10 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-07-04 20:10 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\System32\winrm
2013-07-04 20:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-04 20:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-04 20:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-04 20:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-04 20:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-04 20:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\oobe
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2013-07-04 20:10 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-04 20:09 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\System32\WCN
2013-07-04 20:09 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\System32\slmgr
2013-07-04 20:09 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-07-04 20:09 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-04 20:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-07-04 20:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\Setup
2013-07-04 20:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\MUI
2013-07-04 20:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-04 20:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\com
2013-07-04 20:04 - 2010-06-28 05:31 - 00000000 ____D C:\Program Files\Google
2013-07-04 17:29 - 2013-07-04 17:29 - 05085494 ____R (Swearware) C:\Users\Rave\Desktop\ComboFix.exe
2013-07-04 17:28 - 2013-07-04 17:27 - 00000000 ____D C:\Users\Rave\AppData\Local\Spotify
2013-07-04 17:27 - 2013-07-04 17:27 - 00001799 ____A C:\Users\Rave\Desktop\Spotify.lnk
2013-07-04 17:26 - 2013-07-04 17:26 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-04 17:26 - 2013-07-04 17:26 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-04 17:26 - 2013-07-04 17:26 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-04 17:20 - 2013-07-04 17:20 - 00092776 ____A (Spotify Ltd) C:\Users\Rave\Downloads\SpotifySetup.exe
2013-07-04 17:08 - 2013-07-04 17:08 - 00008047 ____A C:\Users\Rave\Downloads\Addition.txt
2013-07-04 17:05 - 2013-07-04 17:05 - 00000000 ____D C:\FRST
2013-07-04 17:04 - 2013-07-04 17:04 - 01934636 ____A (Farbar) C:\Users\Rave\Downloads\FRST64.exe
2013-07-04 16:56 - 2013-07-04 16:56 - 00001037 ____A C:\Users\Rave\Desktop\Dropbox.lnk
2013-07-04 16:56 - 2013-07-04 16:00 - 00000000 ____D C:\users\Rave
2013-07-04 16:55 - 2013-07-04 16:55 - 00000000 __RSD C:\Users\Rave\Documents\My Stationery
2013-07-04 16:51 - 2013-07-04 16:50 - 33578320 ____A (Dropbox, Inc.) C:\Users\Rave\Downloads\Dropbox 2.2.8.exe
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Users\Rave\AppData\Local\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 16:34 - 2013-07-04 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 16:32 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Rave\Documents\Youcam
2013-07-04 16:32 - 2010-06-28 05:05 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Rave\AppData\Local\Microsoft Help
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\Users\Public\CyberLink
2013-07-04 16:31 - 2013-07-04 16:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-04 16:29 - 2013-07-04 16:29 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Macromedia
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Roaming\Google
2013-07-04 16:25 - 2013-07-04 16:25 - 00000000 ____D C:\Users\Rave\AppData\Local\Google
2013-07-04 16:21 - 2013-07-04 16:21 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 16:16 - 2013-07-04 16:16 - 00000000 ____D C:\Users\Rave\AppData\Local\Power2Go
2013-07-04 16:16 - 2013-07-04 16:15 - 00000000 ____D C:\Users\Rave\AppData\Local\VirtualStore
2013-07-04 16:14 - 2013-07-04 16:14 - 00000882 ____A C:\Users\Public\Desktop\MultimediaPOP.lnk
2013-07-04 16:14 - 2010-07-06 21:10 - 00000000 ____D C:\Windows\MSetup
2013-07-04 16:14 - 2010-06-28 05:03 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-04 16:14 - 2010-06-28 04:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 16:14 - 2010-06-28 04:53 - 00000162 ____A C:\setup.log
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\UpdatusUser\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\Default\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2013-07-04 16:13 - 00001139 ____A C:\Users\Default User\Desktop\CyberLink YouCam.lnk
2013-07-04 16:13 - 2010-06-28 05:05 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-07-04 16:13 - 2010-06-28 04:56 - 00000157 ____A C:\Windows\setup.log
2013-07-04 16:12 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files\Windows Live
2013-07-04 16:12 - 2013-07-04 16:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-04 16:12 - 2013-07-04 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-04 16:12 - 2013-07-04 16:07 - 00138093 ____A C:\Windows\2013-07-04_16-07_378-97hcv2tg.log
2013-07-04 16:11 - 2013-07-04 16:11 - 00031343 ____A C:\Windows\DirectX.log
2013-07-04 16:10 - 2013-07-04 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-04 16:09 - 2013-07-04 16:09 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-04 16:09 - 2013-07-04 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-07-04 16:09 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-04 16:07 - 2013-07-04 16:07 - 00000033 ____A C:\Windows\0
2013-07-04 16:07 - 2013-07-04 16:07 - 00000000 ____D C:\ProgramData\OberonGameConsole
2013-07-04 16:07 - 2013-07-04 16:01 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-07-04 16:02 - 2010-06-28 06:00 - 00014897 ____A C:\Windows\SetDisplayResolution.log
2013-07-04 16:01 - 2013-07-04 16:01 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\ProgramData\Adobe
2013-07-04 16:01 - 2013-07-04 16:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-04 16:00 - 2013-07-04 16:00 - 00000020 ___SH C:\Users\Rave\ntuser.ini
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Vorlagen
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Startmenü
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Netzwerkumgebung
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Lokale Einstellungen
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Eigene Dateien
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Druckumgebung
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Documents\Eigene Musik
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Documents\Eigene Bilder
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\AppData\Local\Verlauf
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\AppData\Local\Anwendungsdaten
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 __SHD C:\Users\Rave\Anwendungsdaten
2013-07-04 16:00 - 2013-07-04 16:00 - 00000000 ____A C:\Windows\System32\Drivers\144D_SAMSUNG_N_Q330_03UU.mrk
2013-07-04 16:00 - 2010-06-28 05:59 - 00001336 ____A C:\Windows\LCDStretchMode.log
2013-07-04 15:58 - 2013-07-04 15:58 - 00000000 ____D C:\Recovery
2013-07-04 15:58 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 17:44

==================== End Of Log ============================
         
--- --- ---

Alt 05.07.2013, 17:57   #8
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



Meine Frage?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.07.2013, 18:45   #9
stammuser
 
GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



achso, sorry

also das system läuft wieder rund!

..isser wieder gesund?^^

Alt 06.07.2013, 08:39   #10
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



Isser

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2013, 09:57   #11
stammuser
 
GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



so, hab nun auch die letzten schritte erfolgreich durchgeführt.

nochmals vielen lieben dank für deine mühe

eine letzte frage bleibt: welches antiviren programm (freeware) kannst du empfehlen?
..mcafee?

du kannst den thread jetzt aus deinen abos löschen

Alt 06.07.2013, 10:31   #12
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - System bereits wiederhergestellt! - Standard

GVU Trojaner - System bereits wiederhergestellt!



avast. Und Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU Trojaner - System bereits wiederhergestellt!
adobe, browser, desktop, device driver, error, farbar, farbar recovery scan tool, festplatte, firefox, flash player, fotogalerie, frst.txt, home, installation, mozilla, phishing, realtek, registry, rundll, scan, services.exe, siteadvisor, software, svchost.exe, symantec, system, temp, trojaner, virus, windows



Ähnliche Themen: GVU Trojaner - System bereits wiederhergestellt!


  1. Windows 7 Trojaner - System bereits clean?
    Log-Analyse und Auswertung - 13.12.2013 (11)
  2. Grafiktreiber nach Fehler wiederhergestellt und allgemeine Trojanersuche
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (11)
  3. GVU Trojaner, OTL Logfiles bereits erstellt
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (1)
  4. Google, FB startet nicht, Delta Search vor einer Woche bereits deinstalliert, ungewollte Werbeeinblendungen ebenfalls bereits deinstalliert
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (7)
  5. GVU-Trojaner- WindowsUnlocker bereits erfolgreich
    Log-Analyse und Auswertung - 04.02.2013 (40)
  6. GVU-Trojaner befallen/Win7- System wiederhergestellt und nun?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2013 (3)
  7. GVU Trojaner mit Webcam (Wiederhergestellt, Windows 7 x64)
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (15)
  8. Win64/Sirefef.M eingefangen vermutlich System bereits befallen
    Log-Analyse und Auswertung - 04.09.2012 (3)
  9. Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter?
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (1)
  10. Bundespolizei Trojaner (Otl bereits heruntergeladen)
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (7)
  11. Verschlüsselungstrojaner: System auf früheren Zeitpunkt wiederhergestellt, aber Dateien weg!
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  12. Der Anzeigetreiber wurde wiederhergestellt ?
    Netzwerk und Hardware - 25.04.2012 (12)
  13. 50 Euro Trojaner, OTL bereits
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (9)
  14. "Aus Sicherheitsgründen wurde ihr System (...)" Trojaner & mehr - Logfiles bereits vorhanden
    Log-Analyse und Auswertung - 12.01.2012 (21)
  15. System blockierung bei Firefox, OTL scan und .txt Dateien bereits gemacht, jetzt?
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (14)
  16. SYSTEM SECURITY ANTIVIRUS-Downloadmeldung *Bereits infiziert?
    Mülltonne - 26.03.2011 (1)
  17. Startseite gekapert, Trojaner werden wiederhergestellt
    Plagegeister aller Art und deren Bekämpfung - 17.11.2004 (4)

Zum Thema GVU Trojaner - System bereits wiederhergestellt! - Hallo alle zusammen, heute habe ich mir leider auch den GUV Trojaner eingefangen. Konnte mein System über "Samsung Recovery" wiederherstellen (quasi auf Werkseinstellung zurücksetzen). Meine Festplatte hat zwei Partitionen: die - GVU Trojaner - System bereits wiederhergestellt!...
Archiv
Du betrachtest: GVU Trojaner - System bereits wiederhergestellt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.