Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Log-Analyse und Auswertung: Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 3 1 23
Alt 31.08.2013, 00:24   #1
Janimani
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Hallo Leute,

Wie ihr schon aus der Überschrift herauslesen konntet habe ich ein Problem mit einem Trojaner. Mein Antivirusprogramm "Microsoft Security Essentials" hat diesen erkannt und ich habe ihn entfernen und danach den PC neustarten lassen. Jedoch ist er nach jedem Löschvorgang und PC neustart wieder da.

Ich habe danach noch einmal versucht diesen Trojaner mit einem anderen Antivirusprogramm zu löschen (Malwarebytes). Dies habe ich danach auch im Abgesicherten Modus versucht, jedoch ohne Erfolg.

Nun stellt sich die Frage an euch ob ihr mir helfen könnt den Trojaner zu beseitgen.
Ich habe die Anleitung "Für alle Hilfesuchenden! Was muss ich vor der eröffnung eines Themas beachten?" durchgelesen und alle Aufgaben befolgt und werde alle Logfiles hochladen. Ich weiß ich sollte die Dateien nicht in einen "Zip-Ordner" packen wenn ich die Dateien auch einzeln hochladen könnte aber ich bin da ziemlich durcheinander gekommen. Und es wäre nett wenn ihr mir sagen könntet wann ich bei dem Programm "Defogger" meine CD Emulator Driver Re-enablen darf. Ich entschuldige mich für meine Ausdrucksweise, ich weiß nicht wie ich es genauer erklären soll.

Ich hoffe ihr könnt mir helfen

MfG Jan
Geändert von Janimani (31.08.2013 um 00:30 Uhr)

Alt 31.08.2013, 08:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


hi,

LOgs bitte aufteilen und in den Thread posten.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 31.08.2013, 12:20   #3
Janimani
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Defogger




Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:25 on 31/08/2013 (Jan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-


FRST





FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2013 01
Ran by Jan (administrator) on JAN-PC on 31-08-2013 00:29:04
Running from C:\Users\Jan\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Akamai Technologies, Inc.) C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
() C:\ProgramData\adob\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 60
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-24] (Valve Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [LocalSessionManager] - C:\Users\Jan\AppData\Roaming\lsm.exe [1692160 2013-08-22] ()
MountPoints2: J - J:\launcher.exe
MountPoints2: {97abb6e1-7284-11e1-9dd0-14dae971ccc3} - K:\launcher.exe
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe gamma load] - C:\ProgramData\adob\color.exe [21504 2012-09-01] ()
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Updater] - C:\ProgramData\temp\hide.vbs [129 2012-03-10] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\False ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\false.vbs ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phoenix.cfg ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\plugins ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Taskhost.exe ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.claro-search.com/?affID=114161&tt=3412_4&babsrc=HP_iclro&mntrId=6cae971d00000000000014dae971ccc3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114161&tt=3412_4&babsrc=SP_iclro&mntrId=6cae971d00000000000014dae971ccc3
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114161&tt=3412_4&babsrc=SP_iclro&mntrId=6cae971d00000000000014dae971ccc3
SearchScopes: HKCU - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default
FF user.js: detected! => C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\user.js
FF NewTab: hxxp://www.google.de/search?q=
FF DefaultSearchEngine: Claro Search
FF SearchEngineOrder.1: Claro Search
FF SelectedSearchEngine: Claro Search
FF Homepage: www.facebook.de
FF Keyword.URL: hxxp://www.google.de/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\battlefieldplay4free@ea.com
FF Extension: No Name - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://battlelog.battlefield.com/bf3/de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Battlefield Heroes) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0
CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Jan\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-12] ()
S3 Boonty Games; C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2012-03-30] (BOONTY)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-27] ()
S2 sfrem01; C:\Windows\system32\sfrem01.exe [601208 2006-07-05] (Protection Technology (StarForce))
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-21] (Tunngle.net GmbH)
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R3 CamSuiteVAC; C:\Windows\System32\DRIVERS\CamSuiteVAC.sys [56320 2008-09-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-18] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-31 00:25 - 2013-08-31 00:25 - 00000538 _____ C:\Users\Jan\Desktop\defogger_disable.log
2013-08-31 00:25 - 2013-08-31 00:25 - 00000168 _____ C:\Users\Jan\defogger_reenable
2013-08-31 00:19 - 2013-08-31 00:19 - 01587214 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe
2013-08-31 00:19 - 2013-08-31 00:19 - 00377856 _____ C:\Users\Jan\Downloads\gmer_2.1.19163.exe
2013-08-31 00:18 - 2013-08-31 00:18 - 00050477 _____ C:\Users\Jan\Downloads\Defogger.exe
2013-08-31 00:10 - 2013-08-31 00:10 - 00012983 _____ C:\Users\Jan\Downloads\hijackthis.log
2013-08-31 00:10 - 2013-08-31 00:10 - 00012983 _____ C:\Users\Jan\Desktop\hijackthis.log
2013-08-31 00:09 - 2013-08-31 00:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jan\Downloads\HijackThis.exe
2013-08-30 22:50 - 2013-08-30 22:50 - 00002064 _____ C:\Windows\PFRO.log
2013-08-30 17:02 - 2013-08-30 17:02 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-30 17:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-30 17:00 - 2013-08-30 17:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-30 14:13 - 2013-08-30 14:13 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2013-08-30 14:12 - 2013-08-30 17:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 14:07 - 2013-08-30 14:07 - 00214424 ___SH (Deposit Files) C:\Users\Jan\Downloads\{265D75E0-3FB2-4F4A-B980-B30F6D833DAC}.tmp
2013-08-30 13:53 - 2013-08-30 14:14 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-08-30 13:53 - 2013-08-30 13:53 - 00000000 ____D C:\Users\Jan\AppData\Roaming\ParetoLogic
2013-08-30 13:10 - 2013-08-30 13:10 - 00000000 _____ C:\autoexec.bat
2013-08-30 13:09 - 2013-08-30 13:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-26 14:31 - 2013-08-26 14:31 - 00000000 ____D C:\NvidiaLogging
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-08-26 14:24 - 2013-04-11 11:34 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-08-26 14:18 - 2013-08-26 14:18 - 00000000 ____D C:\NVIDIA
2013-08-26 14:09 - 2013-08-26 14:11 - 00000000 ____D C:\Users\Jan\Documents\Battlefield 3
2013-08-26 12:33 - 2013-08-26 12:33 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Jan\Downloads\SkypeSetup.exe
2013-08-26 00:46 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-08-26 00:46 - 2013-08-26 00:46 - 03820480 _____ C:\Users\Jan\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-08-25 21:59 - 2013-08-22 15:24 - 01692160 _____ C:\Users\Jan\AppData\Roaming\lsm.exe
2013-08-24 14:20 - 2013-08-24 14:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-22 13:23 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\SpecialForce2Beta
2013-08-22 13:23 - 2013-08-30 16:13 - 00000000 _____ C:\dfu.log
2013-08-20 14:08 - 2013-08-20 14:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-08-19 11:04 - 2013-08-19 11:04 - 00002220 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-18 20:08 - 2013-08-18 20:08 - 00000000 ____D C:\Users\Jan\AppData\Local\EMU
2013-08-18 20:05 - 2013-08-18 20:05 - 00018397 _____ C:\Windows\DirectX.log
2013-08-18 20:02 - 2013-08-18 20:04 - 00000000 ____D C:\Program Files (x86)\Worms Clan Wars
2013-08-17 14:06 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 19:30 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 19:30 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 19:30 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 19:30 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 19:30 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 19:30 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 19:30 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 19:30 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 19:30 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 19:30 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 19:30 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 19:30 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 19:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 19:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 17:32 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 17:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 17:32 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 17:32 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 17:32 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 17:32 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 17:32 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 17:32 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 17:32 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 17:32 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 17:32 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 17:32 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 17:32 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 17:32 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 17:32 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 17:32 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 17:32 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 17:32 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-12 13:14 - 2013-08-12 13:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-12 13:14 - 2013-08-12 13:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-07 15:35 - 2013-08-07 15:39 - 00000000 ____D C:\Users\Jan\AppData\Local\Black_Tree_Gaming
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\Documents\Nexus Mod Manager

==================== One Month Modified Files and Folders =======

2013-08-31 00:35 - 2012-02-05 10:40 - 00000000 ____D C:\Users\Gast
2013-08-31 00:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-31 00:28 - 2013-08-31 00:28 - 00000000 ____D C:\FRST
2013-08-31 00:25 - 2013-08-31 00:25 - 00000538 _____ C:\Users\Jan\Desktop\defogger_disable.log
2013-08-31 00:25 - 2013-08-31 00:25 - 00000168 _____ C:\Users\Jan\defogger_reenable
2013-08-31 00:25 - 2011-12-24 20:30 - 00000000 ____D C:\Users\Jan
2013-08-31 00:20 - 2011-12-24 21:19 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Skype
2013-08-31 00:19 - 2013-08-31 00:19 - 01587214 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe
2013-08-31 00:19 - 2013-08-31 00:19 - 00377856 _____ C:\Users\Jan\Downloads\gmer_2.1.19163.exe
2013-08-31 00:18 - 2013-08-31 00:18 - 00050477 _____ C:\Users\Jan\Downloads\Defogger.exe
2013-08-31 00:10 - 2013-08-31 00:10 - 00012983 _____ C:\Users\Jan\Downloads\hijackthis.log
2013-08-31 00:10 - 2013-08-31 00:10 - 00012983 _____ C:\Users\Jan\Desktop\hijackthis.log
2013-08-31 00:09 - 2013-08-31 00:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jan\Downloads\HijackThis.exe
2013-08-31 00:09 - 2011-12-24 20:32 - 00000000 ____D C:\Users\Jan\AppData\Local\VirtualStore
2013-08-31 00:04 - 2012-03-30 13:46 - 00000000 ___RD C:\Users\Jan\Desktop\Passwörter
2013-08-31 00:01 - 2012-04-11 11:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 23:44 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 23:44 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 23:42 - 2012-08-07 01:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-30 23:42 - 2011-05-07 01:46 - 01435235 _____ C:\Windows\WindowsUpdate.log
2013-08-30 23:41 - 2012-10-12 17:12 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 23:38 - 2011-12-24 20:32 - 00000000 ___RD C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-30 23:37 - 2012-09-12 17:22 - 00000000 ____D C:\Users\Jan\AppData\Local\LogMeIn Hamachi
2013-08-30 23:36 - 2013-07-29 17:35 - 00008003 _____ C:\Windows\setupact.log
2013-08-30 23:36 - 2012-10-12 17:12 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-30 23:36 - 2011-05-16 01:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-30 23:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 22:55 - 2012-10-04 21:17 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ED6B66A4-F80D-4D66-9A3E-58886B6F0745}
2013-08-30 22:50 - 2013-08-30 22:50 - 00002064 _____ C:\Windows\PFRO.log
2013-08-30 17:04 - 2013-04-09 15:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-30 17:04 - 2011-05-07 01:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-30 17:02 - 2013-08-30 17:02 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-30 17:02 - 2013-08-30 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 17:01 - 2013-08-30 17:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-30 16:41 - 2013-08-26 00:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-08-30 16:41 - 2013-08-22 13:23 - 00000000 ____D C:\Program Files (x86)\SpecialForce2Beta
2013-08-30 16:41 - 2013-08-17 14:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-30 16:41 - 2013-05-29 18:05 - 00000000 ____D C:\Users\Jan\AppData\Local\Akamai
2013-08-30 16:41 - 2013-03-29 17:44 - 00000000 ____D C:\BrickForce
2013-08-30 16:41 - 2012-10-22 20:29 - 00000000 ____D C:\Users\Jan\Documents\ArmA 2
2013-08-30 16:41 - 2012-07-16 13:03 - 00000000 ____D C:\Users\Gast\AppData\Local\LogMeIn Hamachi
2013-08-30 16:41 - 2012-07-09 13:32 - 00000000 ____D C:\Users\Jan\AppData\Roaming\uTorrent
2013-08-30 16:41 - 2012-05-19 13:12 - 00000000 ____D C:\IL-2 Sturmovik 1946
2013-08-30 16:41 - 2012-04-01 20:56 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-30 16:41 - 2011-12-24 21:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-30 16:41 - 2011-12-24 21:18 - 00000000 ____D C:\ProgramData\Skype
2013-08-30 16:41 - 2011-05-07 02:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-30 16:41 - 2011-05-07 02:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-30 16:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2013-08-30 16:39 - 2012-03-18 19:45 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2013-08-30 16:32 - 2012-02-10 21:28 - 00000000 ____D C:\Users\Jan\AppData\Local\CrashDumps
2013-08-30 16:13 - 2013-08-22 13:23 - 00000000 _____ C:\dfu.log
2013-08-30 14:14 - 2013-08-30 13:53 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-08-30 14:13 - 2013-08-30 14:13 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2013-08-30 14:07 - 2013-08-30 14:07 - 00214424 ___SH (Deposit Files) C:\Users\Jan\Downloads\{265D75E0-3FB2-4F4A-B980-B30F6D833DAC}.tmp
2013-08-30 13:53 - 2013-08-30 13:53 - 00000000 ____D C:\Users\Jan\AppData\Roaming\ParetoLogic
2013-08-30 13:10 - 2013-08-30 13:10 - 00000000 _____ C:\autoexec.bat
2013-08-30 13:09 - 2013-08-30 13:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-30 09:08 - 2013-07-11 21:52 - 00000000 ____D C:\Users\Gast\AppData\Local\CrashDumps
2013-08-26 14:31 - 2013-08-26 14:31 - 00000000 ____D C:\NvidiaLogging
2013-08-26 14:30 - 2013-06-07 13:17 - 00000000 ____D C:\Users\Jan\AppData\Local\NVIDIA
2013-08-26 14:29 - 2011-05-16 01:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-08-26 14:18 - 2013-08-26 14:18 - 00000000 ____D C:\NVIDIA
2013-08-26 14:11 - 2013-08-26 14:09 - 00000000 ____D C:\Users\Jan\Documents\Battlefield 3
2013-08-26 13:55 - 2011-05-07 02:43 - 00000000 ____D C:\Windows\Panther
2013-08-26 12:33 - 2013-08-26 12:33 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Jan\Downloads\SkypeSetup.exe
2013-08-26 01:30 - 2013-07-28 10:18 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Auslogics
2013-08-26 01:29 - 2012-12-09 00:38 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-08-26 00:47 - 2012-01-08 13:29 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-26 00:47 - 2012-01-08 13:28 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-26 00:46 - 2013-08-26 00:46 - 03820480 _____ C:\Users\Jan\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-08-26 00:38 - 2012-01-08 13:29 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-08-25 18:35 - 2013-01-01 22:32 - 00000000 ____D C:\Users\Jan\AppData\Roaming\TS3Client
2013-08-25 18:03 - 2012-10-22 20:29 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2 OA
2013-08-24 14:20 - 2013-08-24 14:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-23 16:18 - 2013-02-25 12:12 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Skype
2013-08-22 15:24 - 2013-08-25 21:59 - 01692160 _____ C:\Users\Jan\AppData\Roaming\lsm.exe
2013-08-21 13:54 - 2012-04-01 20:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Origin
2013-08-21 13:54 - 2012-04-01 20:56 - 00000000 ____D C:\Users\Jan\AppData\Local\Origin
2013-08-21 13:01 - 2012-04-11 11:33 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 13:01 - 2012-04-11 11:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 13:01 - 2011-12-24 20:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 14:08 - 2013-08-20 14:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-08-19 11:04 - 2013-08-19 11:04 - 00002220 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-19 11:04 - 2012-09-07 22:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-19 11:04 - 2011-12-24 21:12 - 00000000 ____D C:\Users\Jan\AppData\Local\Google
2013-08-18 20:08 - 2013-08-18 20:08 - 00000000 ____D C:\Users\Jan\AppData\Local\EMU
2013-08-18 20:05 - 2013-08-18 20:05 - 00018397 _____ C:\Windows\DirectX.log
2013-08-18 20:04 - 2013-08-18 20:02 - 00000000 ____D C:\Program Files (x86)\Worms Clan Wars
2013-08-18 17:26 - 2013-01-01 22:30 - 00000000 ____D C:\Users\Jan\AppData\Local\TeamSpeak 3 Client
2013-08-17 22:39 - 2013-02-08 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-14 19:28 - 2013-07-13 01:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 19:26 - 2011-12-29 16:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-12 13:14 - 2013-08-12 13:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-12 13:14 - 2012-03-06 19:43 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-12 13:14 - 2012-02-23 14:59 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-09 18:00 - 2010-11-21 08:50 - 00699884 _____ C:\Windows\system32\perfh007.dat
2013-08-09 18:00 - 2010-11-21 08:50 - 00149766 _____ C:\Windows\system32\perfc007.dat
2013-08-09 18:00 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-09 00:40 - 2013-02-18 19:04 - 00000000 ____D C:\Program Files (x86)\War Thunder
2013-08-08 01:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-07 16:21 - 2012-02-22 19:52 - 00000000 ____D C:\Users\Jan\Documents\my games
2013-08-07 16:20 - 2013-01-21 16:04 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-08-07 15:39 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\AppData\Local\Black_Tree_Gaming
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\Documents\Nexus Mod Manager
2013-08-07 14:40 - 2013-05-04 19:29 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2013-08-04 11:05 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Gast\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jan\AppData\Local\Temp\Uninstall.exe
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\libblkmaker-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\libblkmaker_jansson-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\libcurl-4.dll
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\libjansson-4.dll
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\libusb-1.0.dll
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\pdcurses.dll
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\pthreadGC2.dll
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\zlib1.dll
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\libblkmaker-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\libblkmaker_jansson-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\libcurl-4.dll
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\libjansson-4.dll
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\libusb-1.0.dll
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\pdcurses.dll
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\pthreadGC2.dll
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\zlib1.dll
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\CCC.exe
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\libblkmaker-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\libblkmaker_jansson-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\libcurl-4.dll
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\libjansson-4.dll
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\libusb-1.0.dll
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\pdcurses.dll
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\pthreadGC2.dll
C:\Users\Jan\AppData\Local\Temp\54C3.tmp\zlib1.dll
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\CCC.exe
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\libblkmaker-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\libblkmaker_jansson-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\libcurl-4.dll
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\libjansson-4.dll
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\libusb-1.0.dll
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\pdcurses.dll
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\pthreadGC2.dll
C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\zlib1.dll
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\libblkmaker-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\libblkmaker_jansson-0.1-0.dll
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\libcurl-4.dll
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\libjansson-4.dll
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\libusb-1.0.dll
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\pdcurses.dll
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\pthreadGC2.dll
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\zlib1.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 18:19

==================== End Of Log ============================
--- --- ---






Addition




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2013 01
Ran by Jan at 2013-08-31 00:30:14
Running from C:\Users\Jan\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.2.0)
18 Wheels of Steel: Voll aufs Gas (x32 Version: 1.07)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Aeria Ignite (x32 Version: 1.12.2732)
Age of Empires II HD (c) Microsoft Studios version 1 (x32 Version: 1)
Akamai NetSession Interface (HKCU)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
APB Reloaded (x32)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
applicationupdater (HKCU)
Arctic Combat (x32)
Arma 2 Army of The Czech Republic (LITE) Uninstall (x32)
ARMA 2 Operation Arrowhead Uninstall (x32)
ArmA 2 Uninstall (x32)
ASUS nVidia Driver (x32 Version: 1.00.0000)
ATI Catalyst Install Manager (Version: 3.0.816.0)
Auslogics BoostSpeed (x32 Version: 5.5)
Auslogics Disk Defrag (x32 Version: 3.6)
Battlefield 2(TM) (x32)
Battlefield 2: Special Forces (x32)
Battlefield 3™ (x32 Version: 1.4.0.0)
Battlefield Heroes (HKCU)
Battlefield Play4Free (HKCU)
Battlelog Web Plugins (x32 Version: 2.1.7)
BattlEye for OA Uninstall (x32)
BF2SP64 (x32)
Blacklight: Retribution (x32)
Bluetooth Win7 Suite (64) (Version: 7.2.0.34)
Bonjour (Version: 3.0.0.10)
Brick-Force  (x32 Version: )
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Catalyst Control Center InstallProxy (x32 Version: 2011.0308.2325.42017)
Chivalry: Medieval Warfare (x32)
Chivalry: Medieval Warfare Beta (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Counter-Strike: Global Offensive (x32)
CPUID HWMonitor 1.21
DAEMON Tools Lite (x32 Version: 4.45.3.0297)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130)
DayZ Commander (x32 Version: 0.91.4)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
eaner (Version: 4.04)
ESN Sonar (x32 Version: 0.70.4)
Fallen Earth (x32)
Fallout New Vegas (x32)
Far Cry 3 (x32 Version: 1.02)
FlatOut2 (x32 Version: 1.00.0000)
FoxTab PDF Creator (HKCU)
Free YouTube to MP3 Converter version 3.12.8.717 (x32 Version: 3.12.8.717)
G DATA Logox4 Speechengine (x32)
Galaxy On Fire 2 (c) BitComposer games version 1 (x32 Version: 1)
gamelauncher-ps2-psg (HKCU)
Google Chrome (x32 Version: 29.0.1547.57)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
GrandFantasia-DE (x32)
GTA San Andreas (x32 Version: 1.00.00001)
IL-2 Sturmovik 1946 (x32 Version: 1.00.0000)
iLook 300 (x32 Version: 1.0.0.28)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2266)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Java(TM) SE Development Kit 6 Update 20 (x32 Version: 1.6.0.200)
Just Cause 2 (x32)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect 3 1.00 (x32 Version: 1.00)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Finnish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (Swedish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (Swedish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Nexon Game Manager (x32)
Notepad++ (x32 Version: 6.3.3)
NVIDIA 3D Vision Controller Driver (x32 Version: 267.67)
NVIDIA 3D Vision Controller-Treiber 320.18 (Version: 320.18)
NVIDIA 3D Vision Treiber 320.18 (Version: 320.18)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA ForceWare Network Access Manager (x32 Version: 1.00.7325.0)
NVIDIA Grafiktreiber 320.18 (Version: 320.18)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2018)
NVIDIA Systemsteuerung 320.18 (Version: 320.18)
OpenAL (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 8.5.0.4554)
PlanetSide 2 (HKCU Version: 1.0.3.183)
Platform (x32 Version: 1.34)
Port Royale 3 (x32 Version: 1.0.0.0)
PunkBuster Services (x32 Version: 0.993)
RaiderZ (x32 Version: 1.0.0.36787)
Rapture3D 2.4.11 Game (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010)
Red Orchestra 2: Heroes of Stalingrad (x32)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Risen 2 Dark Waters (x32)
S4 League_EU (x32 Version: 1.00.0000)
Samsung Kies (x32 Version: 2.5.1.12123_2)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Six Updater (x32 Version: 2.09.7038)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.6 (x32 Version: 6.6.106)
Sonic & All-Stars Racing Transformed (x32)
Special Force 2  1.0 (x32)
Star Wars: The Old Republic (x32 Version: 1.00)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (HKCU Version: 3.0.11.1)
TERA (x32 Version: 7)
The Elder Scrolls V - Skyrim Legendary AiO Special Mod Edition (x32 Version: 1.9.32)
TmNationsForever_Fix_2009_10_09 (x32)
Tomb Raider (x32)
TP-LINK-Clientinstallationsprogramm (x32 Version: 7.0)
True Crime® New York City (x32 Version: 1.00.0000)
Tunngle beta (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Uplay (x32 Version: 2.0)
VIA Plattform-Geräte-Manager (x32 Version: 1.34)
War Thunder Launcher 1.0.1.149 (x32)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.00 (64-Bit) (Version: 4.00.0)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
World of Tanks (x32)
Worms Clan Wars (x32)

==================== Restore Points  =========================

29-08-2013 14:13:37 Windows Update
29-08-2013 14:16:20 Windows Update
29-08-2013 18:18:51 Windows Update
30-08-2013 00:34:37 Windows Update
30-08-2013 07:24:33 Windows Update
30-08-2013 11:09:13 Installed SpyHunter
30-08-2013 12:11:06 Removed SpyHunter
30-08-2013 12:11:39 Removed SpyHunter
30-08-2013 12:13:10 Removed SpyHunter
30-08-2013 14:35:25 Wiederherstellungsvorgang
30-08-2013 14:47:24 Windows Update
30-08-2013 15:03:38 Windows Update
30-08-2013 21:05:52 Sicherheits-

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1017338F-FE6A-49F7-85DD-FFC39F8F62FF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {154C20D3-2E2C-4D91-A24C-FDDBA017E702} - System32\Tasks\User_Feed_Synchronization-{ED6B66A4-F80D-4D66-9A3E-58886B6F0745} => C:\Windows\system32\msfeedssync.exe [2013-04-20] (Microsoft Corporation)
Task: {15F8E291-E2F8-4126-9567-2BD6B5B1499B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {1BF0FE7D-D50F-478B-9952-F9BB705CE350} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {265A52A8-B7AD-4CF9-A1E5-FED0145417A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3932B815-8804-4E51-BFF5-E68FCE30781F} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe No File
Task: {52260503-F71F-4AC0-9603-8A2E665FD496} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {55D58B47-3183-4FC1-A739-9361FCAB1683} - System32\Tasks\{ABAE2434-30E0-45A0-AAE8-F41FA48354DC} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe [2012-07-26] (BioWare)
Task: {5C062FD5-DADE-4F77-8C45-0A82518B72C7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {6943073C-21E8-4B00-B45F-640274DD67B3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {823203F6-2C8D-4BC7-8ADC-792CA061FF42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12] (Google Inc.)
Task: {8482A04C-50A5-47D8-A4A0-37B3B4E4B977} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {85188EC4-C33E-4B66-B85D-ECA4CED3D75E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {ABF92ABF-E5D2-43E8-B709-2FA0AC873E5A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {B9843F1E-565E-4EEA-A831-015E92099110} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12] (Google Inc.)
Task: {C188E56C-28E8-4DE6-86CE-8AD169A20FB2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {C48E859D-4317-4968-9EB1-706A695A6F50} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation)
Task: {D387FF7E-B290-40BB-89AE-FFFE00C1E1C4} - System32\Tasks\{B20AB230-786B-48B8-8E2A-C6252F830A68} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-08-17] (Mozilla Corporation)
Task: {D5B40DBF-C09E-4A13-9D54-75DA3D89564F} - System32\Tasks\{26FF4339-E9D0-4DD6-B374-6A3DC25BD355} => J:\SETUP.EXE No File
Task: {E7BEC2E8-6C79-4701-8E07-3E487267BA6F} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {EB2E3EAD-1B5C-4BBE-9782-3E4AA0EE080B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {EC34CC06-AEA2-4C20-A0C3-45E8BF3EC6B5} - System32\Tasks\{FCADB1F6-B849-4769-BB09-64D3A44D94C2} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe [2013-02-25] (BioWare, A Division of Electronic Arts)
Task: {ECBF6043-6F05-4416-8D8C-3324F724E90C} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File
Task: {ECFEB052-1F10-4390-B087-8937DB4F4BBF} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-03 18:36 - 2013-05-12 23:42 - 15910736 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2012-08-16 05:51 - 2012-08-16 05:51 - 06670496 _____ (Microsoft Corporation) C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
2012-05-28 14:06 - 2012-05-28 14:06 - 00176456 _____ (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.DLL
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
2011-01-20 06:58 - 2011-01-20 06:58 - 08830368 _____ (Microsoft Corporation) C:\PROGRA~1\MICROS~2\Office14\1053\GrooveIntlResource.dll
2009-07-14 02:17 - 2009-07-14 03:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\drprov.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\ntlanman.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2009-07-14 01:23 - 2009-07-14 03:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\DAVHLPR.dll
2010-09-27 12:39 - 2010-09-27 12:39 - 00060576 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll
2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-05-24 01:59 - 2010-12-16 10:50 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2011-05-07 02:08 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-27 12:40 - 2010-09-27 12:40 - 00425632 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll
2010-09-27 12:39 - 2010-09-27 12:39 - 00180896 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll
2010-09-27 12:40 - 2010-09-27 12:40 - 02232992 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\OutLookLib.dll
2012-05-28 14:05 - 2012-05-28 14:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\MFC80DEU.DLL
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll
2009-07-14 01:46 - 2009-07-14 03:41 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2013-05-13 15:36 - 2013-05-13 15:36 - 00661448 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP110.dll
2013-05-13 15:36 - 2013-05-13 15:36 - 00828872 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR110.dll
2013-05-13 15:35 - 2013-05-13 15:35 - 01459920 _____ (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll
2013-05-13 15:35 - 2013-05-13 15:35 - 00617168 _____ (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\Components\Commands\dpghnt\dpghnt.dll
2010-02-28 02:24 - 2010-02-28 02:24 - 00056192 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2013-08-14 19:30 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2009-07-14 02:00 - 2009-07-14 03:41 - 00283648 _____ (Microsoft Corporation) C:\Windows\System32\LocationApi.dll
2009-07-14 02:00 - 2009-07-14 03:41 - 00174592 _____ (Microsoft Corporation) C:\Windows\System32\SensorsApi.dll
2009-07-14 01:28 - 2009-07-14 03:41 - 00271360 _____ (Microsoft Corporation) C:\Windows\System32\WDSCORE.dll
2013-02-27 16:12 - 2013-01-13 21:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2013-04-20 10:15 - 2013-04-20 10:15 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-04-20 10:15 - 2013-04-20 10:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\Dxtrans.dll
2009-07-14 01:41 - 2009-07-14 03:40 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\ddrawex.dll
2009-07-14 01:41 - 2009-07-14 03:40 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\DDRAW.dll
2009-07-14 01:38 - 2009-07-14 03:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\DCIMAN32.dll
2013-04-20 10:15 - 2013-04-20 10:15 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\Dxtmsft.dll
2009-07-14 01:58 - 2009-07-14 03:41 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2009-07-14 01:56 - 2009-07-14 03:41 - 00163328 _____ (Microsoft Corporation) C:\Program Files\Windows Sidebar\wlsrvc.dll
2012-02-13 10:05 - 2012-02-13 10:05 - 00367424 _____ (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTGadget64.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
2009-08-18 12:48 - 2009-08-18 12:48 - 00168304 _____ (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\Users\Jan\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2013 11:38:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 11:14:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 10:53:12 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/30/2013 10:52:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 05:14:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 05:04:07 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Professional Plus 2010 - Update "Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/30/2013 05:04:05 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Professional Plus 2010 -- Fel 25531.Det gick inte att öppna XML-filen C:\Program Files (x86)\Microsoft Office\Office14\BCSEvents.man, systemfel: -2147024786

Error: (08/30/2013 04:49:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Professional Plus 2010 - Update "Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/30/2013 04:48:58 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Professional Plus 2010 -- Fel 25531.Det gick inte att öppna XML-filen C:\Program Files (x86)\Microsoft Office\Office14\BCSEvents.man, systemfel: -2147024786

Error: (08/30/2013 04:44:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/31/2013 00:28:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:26:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:21:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:19:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:14:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:11:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:09:25 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:09:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:09:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/31/2013 00:09:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%2


Microsoft Office Sessions:
=========================
Error: (08/30/2013 11:38:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 11:14:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 10:53:12 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/30/2013 10:52:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 05:14:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 05:04:07 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office Professional Plus 2010Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (08/30/2013 05:04:05 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Professional Plus 2010 -- Fel 25531.Det gick inte att öppna XML-filen C:\Program Files (x86)\Microsoft Office\Office14\BCSEvents.man, systemfel: -2147024786(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/30/2013 04:49:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office Professional Plus 2010Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (08/30/2013 04:48:58 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Professional Plus 2010 -- Fel 25531.Det gick inte att öppna XML-filen C:\Program Files (x86)\Microsoft Office\Office14\BCSEvents.man, systemfel: -2147024786(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/30/2013 04:44:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-02-23 19:54:13.018
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:12.986
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:09.386
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:09.356
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:06.013
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:05.979
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:03.722
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:03.690
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:01.427
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 19:54:01.392
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8174.99 MB
Available physical RAM: 6102.85 MB
Total Pagefile: 16348.16 MB
Available Pagefile: 14113.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:482.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D6B86815)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



Gmer





Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-31 00:41:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD10EALS-002BA0 rev.05.01D05 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Jan\AppData\Local\Temp\ufldypob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                0000000073e21a22 2 bytes [E2, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                0000000073e21ad0 2 bytes [E2, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                0000000073e21b08 2 bytes [E2, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                0000000073e21bba 2 bytes [E2, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                0000000073e21bda 2 bytes [E2, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         00000000770a1465 2 bytes [0A, 77]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        00000000770a14bb 2 bytes [0A, 77]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000770a1465 2 bytes [0A, 77]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000770a14bb 2 bytes [0A, 77]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             00000000770a1465 2 bytes [0A, 77]
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000770a14bb 2 bytes [0A, 77]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4144] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                             0000000077de000c 1 byte [C3]
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4144] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                        0000000077e6f8ea 5 bytes JMP 0000000177e1d5c1
.text   C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     00000000770a1465 2 bytes [0A, 77]
.text   C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000770a14bb 2 bytes [0A, 77]
.text   ...                                                                                                                                                    * 2
.text   C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     00000000770a1465 2 bytes [0A, 77]
.text   C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000770a14bb 2 bytes [0A, 77]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000770a1465 2 bytes [0A, 77]
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000770a14bb 2 bytes [0A, 77]
.text   ...                                                                                                                                                    * 2
.text   C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000770a1465 2 bytes [0A, 77]
.text   C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000770a14bb 2 bytes [0A, 77]
.text   ...                                                                                                                                                    * 2
.text   C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\CCC.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         00000000770a1465 2 bytes [0A, 77]
.text   C:\Users\Jan\AppData\Local\Temp\3BC7.tmp\CCC.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000770a14bb 2 bytes [0A, 77]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2176:980]                                                                              000007fef3963e0c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2176:992]                                                                              000007fef3963e0c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2176:996]                                                                              000007fefbb2c680

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026832c1d2e (not active ControlSet)                                                        
Reg     HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\0026832c1d2e (not active ControlSet)                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832c1d2e                                                                            

---- EOF - GMER 2.1 ----



mbam-log-2013-08-30 (14-13-45)




Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.30.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jan :: JAN-PC [Administrator]

30.08.2013 14:13:45
mbam-log-2013-08-30 (14-13-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 612557
Laufzeit: 1 Stunde(n), 37 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 3
C:\Users\Jan\AppData\Local\Temp\8535.tmp\CCC.exe (Trojan.BCMiner) -> 3928 -> Löschen bei Neustart.
C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Backdoor.Bot) -> 4492 -> Löschen bei Neustart.
C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Backdoor.Bot) -> 4596 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{920FFCEE-98FF-E47A-C0FF-602F4B9205D7} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\WindowsName (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Backdoor.Bot) -> Daten: "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jan\AppData\Roaming\svchost-1785158054.jar" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysXboot (Backdoor.Bot) -> Daten: "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jan\AppData\Local\Temp\sysXboot8055164633198586741.jar" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0T1G1I1G1GtF1D1G -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 11111111 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 11111111 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 13
C:\Users\Jan\AppData\Local\Temp\8535.tmp\CCC.exe (Trojan.BCMiner) -> Löschen bei Neustart.
C:\ProgramData\InstallMate\{3755C118-C5D2-4BBC-A957-8DF0ECB6E3EE}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\InstallMate\{3755C118-C5D2-4BBC-A957-8DF0ECB6E3EE}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TEMP\svchost.exe (PUP.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\Server.exe (Trojan.MSIL.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\4D35.tmp\CCC.exe (Trojan.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\CCC.exe (Trojan.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\CCC.exe (Trojan.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\CE75.tmp\CCC.exe (Trojan.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\E243.tmp\CCC.exe (Trojan.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\Desktop\versionchecker.exe (Trojan.Dropper.SFX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\28949936.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Backdoor.Bot) -> Löschen bei Neustart.

(Ende)



mbam-log-2013-08-30 (16-12-02)




Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.30.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jan :: JAN-PC [Administrator]

30.08.2013 16:12:02
mbam-log-2013-08-30 (16-12-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 100905
Laufzeit: 18 Minute(n), 10 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 1
C:\Users\Jan\AppData\Local\Temp\9AB8.tmp\CCC.exe (Trojan.BCMiner) -> 2964 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Jan\AppData\Local\Temp\9AB8.tmp\CCC.exe (Trojan.BCMiner) -> Löschen bei Neustart.

(Ende)



mbam-log-2013-08-30 (18-27-12)



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.30.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 10.0.9200.16660
Jan :: JAN-PC [Administrator]

30.08.2013 18:27:12
mbam-log-2013-08-30 (18-27-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 585640
Laufzeit: 2 Stunde(n), 4 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{920FFCEE-98FF-E47A-C0FF-602F4B9205D7} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Backdoor.Bot) -> Daten: "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jan\AppData\Roaming\svchost-1785158054.jar" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysXboot (Backdoor.Bot) -> Daten: "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Jan\AppData\Local\Temp\sysXboot8055164633198586741.jar" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0T1G1I1G1GtF1D1G -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 11111111 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 11111111 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\ProgramData\InstallMate\{3755C118-C5D2-4BBC-A957-8DF0ECB6E3EE}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\InstallMate\{3755C118-C5D2-4BBC-A957-8DF0ECB6E3EE}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TEMP\svchost.exe (PUP.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\29BE.tmp\CCC.exe (Trojan.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\9B45.tmp\CCC.exe (Trojan.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\AppData\Local\Temp\CDE8.tmp\CCC.exe (Trojan.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\Desktop\versionchecker.exe (Trojan.Dropper.SFX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)




So jetzt habe ich wie Sie/du mir gesagt hast die Logs einzeln in den Beitrag reinkopiert. Ich hoffe dies macht es euch einfacher.
__________________
Alt 31.08.2013, 14:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Auf jeden Fall. Und bleib beim Du, wie sind hier nit so
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.08.2013, 16:11   #5
Janimani
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


OK ich habe alles gemacht was du geschrieben hast. Hier ist das Log.


Code:
ATTFilter
ComboFix 13-08-30.02 - Jan 31.08.2013  16:42:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8175.6062 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\adob
c:\programdata\adob\1.bat
c:\programdata\adob\123.reg
c:\programdata\adob\color.exe
c:\programdata\adob\stop.bat
c:\programdata\adob\svchost.exe
c:\programdata\ntuser.dat
c:\users\Jan\AppData\Roaming\lsm.exe
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskhost.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\launcher_20121128.log
c:\windows\SysWow64\tmp1766.tmp
c:\windows\SysWow64\tmp1777.tmp
c:\windows\SysWow64\tmpE045.tmp
c:\windows\SysWow64\tmpE055.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-28 bis 2013-08-31  ))))))))))))))))))))))))))))))
.
.
2013-08-31 14:51 . 2013-08-31 14:51	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-08-31 11:33 . 2013-08-31 12:48	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-08-31 11:33 . 2013-08-31 11:45	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-08-31 11:29 . 2013-08-31 11:30	--------	d-----w-	C:\Ordner auf Festplatte kopieren
2013-08-31 11:23 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CF4DD71-D5EB-4B22-B349-02563A8090C3}\mpengine.dll
2013-08-30 22:28 . 2013-08-30 22:28	--------	d-----w-	C:\FRST
2013-08-30 15:02 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-08-30 14:53 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-30 12:13 . 2013-08-30 12:13	--------	d-----w-	c:\users\Jan\AppData\Roaming\Malwarebytes
2013-08-30 12:12 . 2013-08-30 15:02	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-30 11:53 . 2013-08-30 11:53	--------	d-----w-	c:\users\Jan\AppData\Roaming\ParetoLogic
2013-08-30 11:53 . 2013-08-30 12:14	--------	d-----w-	c:\programdata\ParetoLogic
2013-08-30 11:09 . 2013-08-30 11:09	--------	d-----w-	c:\program files\Enigma Software Group
2013-08-26 12:31 . 2013-08-26 12:31	--------	d-----w-	C:\NvidiaLogging
2013-08-26 12:24 . 2013-08-30 22:35	--------	d-----w-	c:\users\UpdatusUser
2013-08-26 12:18 . 2013-08-26 12:18	--------	d-----w-	C:\NVIDIA
2013-08-25 22:46 . 2013-08-30 14:41	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
2013-08-23 16:01 . 2013-08-23 16:01	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D25A0-10FF-4023-BF5F-8EA31D88D389}\gapaengine.dll
2013-08-22 11:23 . 2013-08-30 14:41	--------	d-----w-	c:\program files (x86)\SpecialForce2Beta
2013-08-18 18:08 . 2013-08-18 18:08	--------	d-----w-	c:\users\Jan\AppData\Local\EMU
2013-08-18 18:02 . 2013-08-18 18:04	--------	d-----w-	c:\program files (x86)\Worms Clan Wars
2013-08-14 17:29 . 2013-07-26 05:12	19239424	----a-w-	c:\windows\system32\mshtml.dll
2013-08-12 11:14 . 2013-08-12 11:14	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-12 11:14 . 2013-08-12 11:14	--------	d-----w-	c:\program files (x86)\Java
2013-08-07 13:35 . 2013-08-07 13:39	--------	d-----w-	c:\users\Jan\AppData\Local\Black_Tree_Gaming
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-31 12:48 . 2012-01-08 11:28	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-08-31 11:45 . 2012-01-08 11:29	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-08-21 11:01 . 2012-04-11 09:33	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 11:01 . 2011-12-24 18:58	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-14 17:26 . 2011-12-29 14:56	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-08-12 11:14 . 2012-03-06 17:43	867240	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-08-12 11:14 . 2012-02-23 12:59	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-07-21 15:34 . 2013-03-12 08:50	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-14 15:32	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-06-22 19:41 . 2013-06-22 19:41	53248	----a-r-	c:\users\Jan\AppData\Roaming\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2013-06-22 19:41 . 2013-06-22 19:41	53248	----a-r-	c:\users\Jan\AppData\Roaming\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2013-06-21 00:07 . 2013-07-28 08:21	708168	----a-w-	c:\windows\system32\WinUSBCoInstaller.dll
2013-06-21 00:07 . 2013-07-28 08:21	203672	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-06-21 00:07 . 2013-07-28 08:21	1490656	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2013-06-21 00:07 . 2013-07-28 08:21	103448	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-06-18 19:50 . 2013-06-18 19:50	247216	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-08-30 21:03	139616	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-10 06:07	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 06:08	624128	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 06:08	509440	----a-w-	c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-08-24 1811880]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-07-26 1564016]
"Akamai NetSession Interface"="c:\users\Jan\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-07-26 311152]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
False [2013-8-31 6354495]
false.vbs [2013-6-7 118]
phoenix.cfg [2013-6-14 781]
user.exe [2012-4-7 5389566]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc\
cpu.py [2012-2-21 6847]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S1 aswKbd;aswKbd; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys;c:\windows\SYSNATIVE\DRIVERS\CamSuiteVAC.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-21 14:44	1177552	----a-w-	c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 11:01]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 15:12]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 15:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.claro-search.com/?affID=114161&tt=3412_4&babsrc=HP_iclro&mntrId=6cae971d00000000000014dae971ccc3
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Ski&cka till OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - www.facebook.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
FF - ExtSQL: 2013-07-12 17:00; battlefieldplay4free@ea.com; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\extensions\battlefieldplay4free@ea.com
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.id - 6cae971d00000000000000fff4c93732
FF - user.js: extensions.BabylonToolbar_i.hardId - 6cae971d00000000000000fff4c93732
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3212_4
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 6cae971d00000000000000fff4c93732
FF - user.js: extensions.BabylonToolbar.instlDay - 15558
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.618:32
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.claro.id - 6cae971d00000000000014dae971ccc3
FF - user.js: extensions.claro.instlDay - 15575
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.121:04
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-LocalSessionManager - c:\users\Jan\AppData\Roaming\lsm.exe
Wow6432Node-HKLM-Run-Adobe gamma load - c:\programdata\adob\color.exe
Wow6432Node-HKLM-Run-Adobe Updater - c:\programdata\temp\hide.vbs
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
   89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:94,9e,1d,59,37,26,cd,01
.
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\SecuROM\License information*]
"datasecu"=hex:d9,6e,3d,0f,e5,e5,8f,b2,b8,d1,fd,51,95,fe,04,b7,0e,1a,80,52,cb,
   a2,c5,c4,47,b8,70,1f,4a,30,c9,52,3b,3a,59,95,84,7b,8f,0c,2f,d7,d6,16,7c,a6,\
"rkeysecu"=hex:e6,9b,5b,6e,6a,49,e6,51,76,49,c0,79,21,23,e0,4e
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-31  17:05:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-31 15:05
.
Vor Suchlauf: 13 Verzeichnis(se), 521.518.862.336 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 520.618.049.536 Bytes frei
.
- - End Of File - - 87F54C638AC48F3E13DEDCCB99ACE3D5
A36C5E4F47E84449FF07ED3517B43A31


Alt 31.08.2013, 20:27   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da

Alt 31.08.2013, 23:32   #7
Janimani
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Hier sind die Logs die du verlangt hast...



Quickscann Malwarebytes



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jan :: JAN-PC [Administrator]

31.08.2013 22:31:41
mbam-log-2013-08-31 (22-31-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 276125
Laufzeit: 3 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Vollscan Malwarebytes



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jan :: JAN-PC [Administrator]

31.08.2013 22:35:58
mbam-log-2013-08-31 (22-35-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 590973
Laufzeit: 1 Stunde(n), 28 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)




AdwCleaner[SO]





AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.001 - Report created 01/09/2013 at 00:06:58
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jan - JAN-PC
# Running from : C:\Users\Jan\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Users\Jan\AppData\Local\Wajam
Folder Deleted : C:\Users\Jan\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Jan\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Jan\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Jan\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Gast\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\jetpack
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ship-simulator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ship-simulator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_age-of-empires(1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_age-of-empires(1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bus-cable-car-simulator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bus-cable-car-simulator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_java-se-development-kit-jdk_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_java-se-development-kit-jdk_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_simple-port-forwarding_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_simple-port-forwarding_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\YourFileDownloader

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Claro Search");
Line Deleted : user_pref("browser.search.order.1", "Claro Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Claro Search");
Line Deleted : user_pref("extensions.5037e2406dd0e.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "6cae971d00000000000000fff4c93732");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15558");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=3212_4");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "6cae971d00000000000000fff4c93732");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "6cae971d00000000000000fff4c93732");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15533");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://isearch.claro-search.com/?affID=114161&tt=3412_4&babsrc=NT_iclro&mntrId=6cae971d00000000000014dae971ccc3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.618:32:41");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "6cae971d00000000000014dae971ccc3");
Line Deleted : user_pref("extensions.claro.instlDay", "15575");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrId", "iclaro");
Line Deleted : user_pref("extensions.claro.vrsn", "1.6.4.1");
Line Deleted : user_pref("extensions.claro.vrsni", "1.6.4.1");
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.6.4.121:04:02");
Line Deleted : user_pref("extensions.wajam.affiliate_id", "1401");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Line Deleted : user_pref("extensions.wajam.trace_log", "1340640410450 - processInstallationUpgrade - version set to : 1.25\n1340640410450 - processBrowserLoad - Bad mappingListJsonString: null\n1340640410910 - onFla[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "83555E1AC91DAB1B5C20BEB303F7D8EE");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.25");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12448 octets] - [01/09/2013 00:05:45]
AdwCleaner[S0].txt - [12263 octets] - [01/09/2013 00:06:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12324 octets] ##########
--- --- ---






AdwCleaner[RO]




AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.001 - Report created 01/09/2013 at 00:05:45
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jan - JAN-PC
# Running from : C:\Users\Jan\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\user.js
Folder Found C:\ProgramData\AlawarWrapper
Folder Found C:\ProgramData\InstallMate
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\ProgramData\StarApp
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Gast\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Jan\AppData\Local\Wajam
Folder Found C:\Users\Jan\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Jan\AppData\Roaming\DriverCure
Folder Found C:\Users\Jan\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\jetpack
Folder Found C:\Users\Jan\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\OCS
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\OCS
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ship-simulator_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ship-simulator_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_age-of-empires(1)_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_age-of-empires(1)_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bus-cable-car-simulator_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bus-cable-car-simulator_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_java-se-development-kit-jdk_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_java-se-development-kit-jdk_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_simple-port-forwarding_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_simple-port-forwarding_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\YourFileDownloader
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.claro-search.com/?affID=114161&tt=3412_4&babsrc=HP_iclro&mntrId=6cae971d00000000000014dae971ccc3

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Claro Search");
Line Found : user_pref("browser.search.order.1", "Claro Search");
Line Found : user_pref("browser.search.selectedEngine", "Claro Search");
Line Found : user_pref("extensions.5037e2406dd0e.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.id", "6cae971d00000000000000fff4c93732");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15558");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=3212_4");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "6cae971d00000000000000fff4c93732");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "6cae971d00000000000000fff4c93732");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15533");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://isearch.claro-search.com/?affID=114161&tt=3412_4&babsrc=NT_iclro&mntrId=6cae971d00000000000014dae971ccc3");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.618:32:41");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.claro.admin", false);
Line Found : user_pref("extensions.claro.aflt", "babsst");
Line Found : user_pref("extensions.claro.dfltLng", "en");
Line Found : user_pref("extensions.claro.excTlbr", false);
Line Found : user_pref("extensions.claro.id", "6cae971d00000000000014dae971ccc3");
Line Found : user_pref("extensions.claro.instlDay", "15575");
Line Found : user_pref("extensions.claro.instlRef", "sst");
Line Found : user_pref("extensions.claro.prdct", "claro");
Line Found : user_pref("extensions.claro.prtnrId", "claro");
Line Found : user_pref("extensions.claro.tlbrId", "iclaro");
Line Found : user_pref("extensions.claro.vrsn", "1.6.4.1");
Line Found : user_pref("extensions.claro.vrsni", "1.6.4.1");
Line Found : user_pref("extensions.claro_i.smplGrp", "none");
Line Found : user_pref("extensions.claro_i.vrsnTs", "1.6.4.121:04:02");
Line Found : user_pref("extensions.wajam.affiliate_id", "1401");
Line Found : user_pref("extensions.wajam.firstrun", "false");
Line Found : user_pref("extensions.wajam.log_send_info", "false");
Line Found : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Found : user_pref("extensions.wajam.no_trace", "false");
Line Found : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Line Found : user_pref("extensions.wajam.trace_log", "1340640410450 - processInstallationUpgrade - version set to : 1.25\n1340640410450 - processBrowserLoad - Bad mappingListJsonString: null\n1340640410910 - onFla[...]
Line Found : user_pref("extensions.wajam.unique_id", "83555E1AC91DAB1B5C20BEB303F7D8EE");
Line Found : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Found : user_pref("extensions.wajam.version", "1.25");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12274 octets] - [01/09/2013 00:05:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12335 octets] ##########
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.001 - Report created 01/09/2013 at 00:05:45
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jan - JAN-PC
# Running from : C:\Users\Jan\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\user.js
Folder Found C:\ProgramData\AlawarWrapper
Folder Found C:\ProgramData\InstallMate
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\ProgramData\StarApp
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Gast\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Jan\AppData\Local\Wajam
Folder Found C:\Users\Jan\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Jan\AppData\Roaming\DriverCure
Folder Found C:\Users\Jan\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\jetpack
Folder Found C:\Users\Jan\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\OCS
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\OCS
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ship-simulator_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ship-simulator_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_age-of-empires(1)_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_age-of-empires(1)_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bus-cable-car-simulator_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bus-cable-car-simulator_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_java-se-development-kit-jdk_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_java-se-development-kit-jdk_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_simple-port-forwarding_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_simple-port-forwarding_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\YourFileDownloader
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.claro-search.com/?affID=114161&tt=3412_4&babsrc=HP_iclro&mntrId=6cae971d00000000000014dae971ccc3

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Claro Search");
Line Found : user_pref("browser.search.order.1", "Claro Search");
Line Found : user_pref("browser.search.selectedEngine", "Claro Search");
Line Found : user_pref("extensions.5037e2406dd0e.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.id", "6cae971d00000000000000fff4c93732");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15558");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=3212_4");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "6cae971d00000000000000fff4c93732");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "6cae971d00000000000000fff4c93732");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15533");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://isearch.claro-search.com/?affID=114161&tt=3412_4&babsrc=NT_iclro&mntrId=6cae971d00000000000014dae971ccc3");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.618:32:41");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.claro.admin", false);
Line Found : user_pref("extensions.claro.aflt", "babsst");
Line Found : user_pref("extensions.claro.dfltLng", "en");
Line Found : user_pref("extensions.claro.excTlbr", false);
Line Found : user_pref("extensions.claro.id", "6cae971d00000000000014dae971ccc3");
Line Found : user_pref("extensions.claro.instlDay", "15575");
Line Found : user_pref("extensions.claro.instlRef", "sst");
Line Found : user_pref("extensions.claro.prdct", "claro");
Line Found : user_pref("extensions.claro.prtnrId", "claro");
Line Found : user_pref("extensions.claro.tlbrId", "iclaro");
Line Found : user_pref("extensions.claro.vrsn", "1.6.4.1");
Line Found : user_pref("extensions.claro.vrsni", "1.6.4.1");
Line Found : user_pref("extensions.claro_i.smplGrp", "none");
Line Found : user_pref("extensions.claro_i.vrsnTs", "1.6.4.121:04:02");
Line Found : user_pref("extensions.wajam.affiliate_id", "1401");
Line Found : user_pref("extensions.wajam.firstrun", "false");
Line Found : user_pref("extensions.wajam.log_send_info", "false");
Line Found : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Found : user_pref("extensions.wajam.no_trace", "false");
Line Found : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Line Found : user_pref("extensions.wajam.trace_log", "1340640410450 - processInstallationUpgrade - version set to : 1.25\n1340640410450 - processBrowserLoad - Bad mappingListJsonString: null\n1340640410910 - onFla[...]
Line Found : user_pref("extensions.wajam.unique_id", "83555E1AC91DAB1B5C20BEB303F7D8EE");
Line Found : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Found : user_pref("extensions.wajam.version", "1.25");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12274 octets] - [01/09/2013 00:05:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12335 octets] ##########
--- --- ---






Jrt





Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jan on 01.09.2013 at  0:11:32,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\RENA9EC.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENA9ED.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENADDF.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENADE0.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENAF42.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENAF52.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jan\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\qumo8dlc.default\minidumps [76 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.09.2013 at  0:16:55,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




FRST






FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 04
Ran by Jan (administrator) on JAN-PC on 01-09-2013 00:20:15
Running from C:\Users\Jan\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Akamai Technologies, Inc.) C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 60
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-24] (Valve Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\False ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\false.vbs ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phoenix.cfg ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\plugins ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default
FF NewTab: hxxp://www.google.de/search?q=
FF Homepage: www.facebook.de
FF Keyword.URL: hxxp://www.google.de/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\battlefieldplay4free@ea.com
FF Extension: No Name - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://battlelog.battlefield.com/bf3/de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR Plugin: (Unity Player) - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Battlefield Heroes) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0
CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-12] ()
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-31] ()
S2 sfrem01; C:\Windows\system32\sfrem01.exe [601208 2006-07-05] (Protection Technology (StarForce))
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-21] (Tunngle.net GmbH)
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R3 CamSuiteVAC; C:\Windows\System32\DRIVERS\CamSuiteVAC.sys [56320 2008-09-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-18] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 00:19 - 2013-09-01 00:19 - 01589860 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe
2013-09-01 00:16 - 2013-09-01 00:16 - 00001385 _____ C:\Users\Jan\Desktop\JRT.txt
2013-09-01 00:11 - 2013-09-01 00:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 00:05 - 2013-09-01 00:07 - 00000000 ____D C:\AdwCleaner
2013-09-01 00:03 - 2013-09-01 00:03 - 00000000 ____D C:\ProgramData\RELOADED
2013-08-31 22:25 - 2013-08-31 22:25 - 01027511 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe
2013-08-31 22:25 - 2013-08-31 22:25 - 00994642 _____ C:\Users\Jan\Downloads\adwcleaner.exe
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Jan\Desktop\Combofix
2013-08-31 16:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-31 16:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-31 16:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-31 16:37 - 2013-08-31 17:02 - 00000000 ____D C:\Windows\erdnt
2013-08-31 13:33 - 2013-08-31 14:48 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-31 13:33 - 2013-08-31 13:45 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-31 00:25 - 2013-08-31 00:25 - 00000168 _____ C:\Users\Jan\defogger_reenable
2013-08-30 22:50 - 2013-08-31 16:52 - 00002616 _____ C:\Windows\PFRO.log
2013-08-30 17:02 - 2013-08-30 17:02 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-30 17:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-30 14:13 - 2013-08-30 14:13 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2013-08-30 14:12 - 2013-08-30 17:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 14:07 - 2013-08-30 14:07 - 00214424 ___SH (Deposit Files) C:\Users\Jan\Downloads\{265D75E0-3FB2-4F4A-B980-B30F6D833DAC}.tmp
2013-08-30 13:10 - 2013-08-30 13:10 - 00000000 _____ C:\autoexec.bat
2013-08-30 13:09 - 2013-08-30 13:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-08-26 14:24 - 2013-04-11 11:34 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-08-26 14:18 - 2013-08-26 14:18 - 00000000 ____D C:\NVIDIA
2013-08-26 14:09 - 2013-08-26 14:11 - 00000000 ____D C:\Users\Jan\Documents\Battlefield 3
2013-08-26 00:46 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-08-24 14:20 - 2013-08-24 14:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-22 13:23 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\SpecialForce2Beta
2013-08-20 14:08 - 2013-08-20 14:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-08-19 11:04 - 2013-08-19 11:04 - 00002220 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-18 20:08 - 2013-08-18 20:08 - 00000000 ____D C:\Users\Jan\AppData\Local\EMU
2013-08-18 20:05 - 2013-08-18 20:05 - 00018397 _____ C:\Windows\DirectX.log
2013-08-18 20:02 - 2013-08-18 20:04 - 00000000 ____D C:\Program Files (x86)\Worms Clan Wars
2013-08-17 14:06 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 19:30 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 19:30 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 19:30 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 19:30 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 19:30 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 19:30 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 19:30 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 19:30 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 19:30 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 19:30 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 19:30 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 19:30 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 19:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 19:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 17:32 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 17:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 17:32 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 17:32 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 17:32 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 17:32 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 17:32 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 17:32 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 17:32 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 17:32 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 17:32 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 17:32 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 17:32 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 17:32 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 17:32 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 17:32 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 17:32 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 17:32 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-12 13:14 - 2013-08-12 13:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-12 13:14 - 2013-08-12 13:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-07 15:35 - 2013-08-07 15:39 - 00000000 ____D C:\Users\Jan\AppData\Local\Black_Tree_Gaming
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\Documents\Nexus Mod Manager

==================== One Month Modified Files and Folders =======

2013-09-01 00:20 - 2013-09-01 00:20 - 00000000 ____D C:\FRST
2013-09-01 00:19 - 2013-09-01 00:19 - 01589860 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe
2013-09-01 00:16 - 2013-09-01 00:16 - 00001385 _____ C:\Users\Jan\Desktop\JRT.txt
2013-09-01 00:15 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 00:15 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 00:11 - 2013-09-01 00:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 00:11 - 2011-05-07 01:46 - 01673971 _____ C:\Windows\WindowsUpdate.log
2013-09-01 00:10 - 2012-08-07 01:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-01 00:10 - 2011-12-24 21:19 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Skype
2013-09-01 00:09 - 2012-09-12 17:22 - 00000000 ____D C:\Users\Jan\AppData\Local\LogMeIn Hamachi
2013-09-01 00:08 - 2013-07-29 17:35 - 00008283 _____ C:\Windows\setupact.log
2013-09-01 00:08 - 2012-10-12 17:12 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 00:08 - 2011-05-16 01:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-01 00:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 00:07 - 2013-09-01 00:05 - 00000000 ____D C:\AdwCleaner
2013-09-01 00:03 - 2013-09-01 00:03 - 00000000 ____D C:\ProgramData\RELOADED
2013-09-01 00:01 - 2012-04-11 11:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-31 23:41 - 2012-10-12 17:12 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-31 23:36 - 2012-10-04 21:17 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ED6B66A4-F80D-4D66-9A3E-58886B6F0745}
2013-08-31 22:31 - 2012-07-09 13:32 - 00000000 ____D C:\Users\Jan\AppData\Roaming\uTorrent
2013-08-31 22:25 - 2013-08-31 22:25 - 01027511 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe
2013-08-31 22:25 - 2013-08-31 22:25 - 00994642 _____ C:\Users\Jan\Downloads\adwcleaner.exe
2013-08-31 22:24 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Jan\Desktop\Combofix
2013-08-31 22:19 - 2012-10-22 20:29 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2 OA
2013-08-31 17:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-31 17:02 - 2013-08-31 16:37 - 00000000 ____D C:\Windows\erdnt
2013-08-31 16:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-31 16:52 - 2013-08-30 22:50 - 00002616 _____ C:\Windows\PFRO.log
2013-08-31 16:52 - 2009-07-14 04:34 - 74186752 _____ C:\Windows\system32\config\software.bak
2013-08-31 16:52 - 2009-07-14 04:34 - 46137344 _____ C:\Windows\system32\config\system.bak
2013-08-31 16:52 - 2009-07-14 04:34 - 01048576 _____ C:\Windows\system32\config\default.bak
2013-08-31 16:52 - 2009-07-14 04:34 - 00061440 _____ C:\Windows\system32\config\sam.bak
2013-08-31 16:52 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\security.bak
2013-08-31 16:48 - 2011-12-24 20:32 - 00000000 ___RD C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-31 14:48 - 2013-08-31 13:33 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-31 14:48 - 2012-01-08 13:28 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-31 13:45 - 2013-08-31 13:33 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-31 13:45 - 2012-01-08 13:29 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-08-31 13:44 - 2012-04-01 20:56 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-31 01:32 - 2013-04-09 15:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 01:32 - 2011-05-07 01:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-31 00:35 - 2012-02-05 10:40 - 00000000 ____D C:\Users\Gast
2013-08-31 00:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-31 00:25 - 2013-08-31 00:25 - 00000168 _____ C:\Users\Jan\defogger_reenable
2013-08-31 00:25 - 2011-12-24 20:30 - 00000000 ____D C:\Users\Jan
2013-08-31 00:09 - 2011-12-24 20:32 - 00000000 ____D C:\Users\Jan\AppData\Local\VirtualStore
2013-08-31 00:04 - 2012-03-30 13:46 - 00000000 ___RD C:\Users\Jan\Desktop\Passwörter
2013-08-30 17:02 - 2013-08-30 17:02 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-30 17:02 - 2013-08-30 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 16:41 - 2013-08-26 00:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-08-30 16:41 - 2013-08-22 13:23 - 00000000 ____D C:\Program Files (x86)\SpecialForce2Beta
2013-08-30 16:41 - 2013-08-17 14:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-30 16:41 - 2013-05-29 18:05 - 00000000 ____D C:\Users\Jan\AppData\Local\Akamai
2013-08-30 16:41 - 2013-03-29 17:44 - 00000000 ____D C:\BrickForce
2013-08-30 16:41 - 2012-10-22 20:29 - 00000000 ____D C:\Users\Jan\Documents\ArmA 2
2013-08-30 16:41 - 2012-07-16 13:03 - 00000000 ____D C:\Users\Gast\AppData\Local\LogMeIn Hamachi
2013-08-30 16:41 - 2012-05-19 13:12 - 00000000 ____D C:\IL-2 Sturmovik 1946
2013-08-30 16:41 - 2011-12-24 21:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-30 16:41 - 2011-12-24 21:18 - 00000000 ____D C:\ProgramData\Skype
2013-08-30 16:41 - 2011-05-07 02:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-30 16:41 - 2011-05-07 02:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-30 16:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2013-08-30 16:39 - 2012-03-18 19:45 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2013-08-30 16:32 - 2012-02-10 21:28 - 00000000 ____D C:\Users\Jan\AppData\Local\CrashDumps
2013-08-30 14:13 - 2013-08-30 14:13 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2013-08-30 14:07 - 2013-08-30 14:07 - 00214424 ___SH (Deposit Files) C:\Users\Jan\Downloads\{265D75E0-3FB2-4F4A-B980-B30F6D833DAC}.tmp
2013-08-30 13:10 - 2013-08-30 13:10 - 00000000 _____ C:\autoexec.bat
2013-08-30 13:09 - 2013-08-30 13:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-30 09:08 - 2013-07-11 21:52 - 00000000 ____D C:\Users\Gast\AppData\Local\CrashDumps
2013-08-26 14:30 - 2013-06-07 13:17 - 00000000 ____D C:\Users\Jan\AppData\Local\NVIDIA
2013-08-26 14:29 - 2011-05-16 01:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-08-26 14:18 - 2013-08-26 14:18 - 00000000 ____D C:\NVIDIA
2013-08-26 14:11 - 2013-08-26 14:09 - 00000000 ____D C:\Users\Jan\Documents\Battlefield 3
2013-08-26 13:55 - 2011-05-07 02:43 - 00000000 ____D C:\Windows\Panther
2013-08-26 01:30 - 2013-07-28 10:18 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Auslogics
2013-08-26 01:29 - 2012-12-09 00:38 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-08-25 18:35 - 2013-01-01 22:32 - 00000000 ____D C:\Users\Jan\AppData\Roaming\TS3Client
2013-08-24 14:20 - 2013-08-24 14:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-23 16:18 - 2013-02-25 12:12 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Skype
2013-08-21 13:54 - 2012-04-01 20:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Origin
2013-08-21 13:54 - 2012-04-01 20:56 - 00000000 ____D C:\Users\Jan\AppData\Local\Origin
2013-08-21 13:01 - 2012-04-11 11:33 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 13:01 - 2012-04-11 11:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 13:01 - 2011-12-24 20:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 14:08 - 2013-08-20 14:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-08-19 11:04 - 2013-08-19 11:04 - 00002220 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-19 11:04 - 2012-09-07 22:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-19 11:04 - 2011-12-24 21:12 - 00000000 ____D C:\Users\Jan\AppData\Local\Google
2013-08-18 20:08 - 2013-08-18 20:08 - 00000000 ____D C:\Users\Jan\AppData\Local\EMU
2013-08-18 20:05 - 2013-08-18 20:05 - 00018397 _____ C:\Windows\DirectX.log
2013-08-18 20:04 - 2013-08-18 20:02 - 00000000 ____D C:\Program Files (x86)\Worms Clan Wars
2013-08-18 17:26 - 2013-01-01 22:30 - 00000000 ____D C:\Users\Jan\AppData\Local\TeamSpeak 3 Client
2013-08-17 22:39 - 2013-02-08 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-14 19:28 - 2013-07-13 01:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 19:26 - 2011-12-29 16:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-12 13:14 - 2013-08-12 13:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-12 13:14 - 2012-03-06 19:43 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-12 13:14 - 2012-02-23 14:59 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-09 18:00 - 2010-11-21 08:50 - 00699884 _____ C:\Windows\system32\perfh007.dat
2013-08-09 18:00 - 2010-11-21 08:50 - 00149766 _____ C:\Windows\system32\perfc007.dat
2013-08-09 18:00 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-09 00:40 - 2013-02-18 19:04 - 00000000 ____D C:\Program Files (x86)\War Thunder
2013-08-08 01:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-07 16:21 - 2012-02-22 19:52 - 00000000 ____D C:\Users\Jan\Documents\my games
2013-08-07 16:20 - 2013-01-21 16:04 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-08-07 15:39 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\AppData\Local\Black_Tree_Gaming
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\Documents\Nexus Mod Manager
2013-08-07 14:40 - 2013-05-04 19:29 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2013-08-04 11:05 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 18:19

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 01.09.2013, 10:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.09.2013, 20:48   #9
Janimani
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


OK hab wieder alles erledigt . Eset hat 4 Infektionen entdeckt aber ich weiß nicht ob diese gelöscht wurden. Kannst du vielleicht schauen ob diese noch da sind ? Danke dir schon mal für alles .


Eset



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6e168c2b0faed2479dd4b1559f700be7
# engine=14974
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-01 07:22:28
# local_time=2013-09-01 09:22:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 26548019 26548019 0 0
# compatibility_mode=5893 16776574 100 94 4608380 129693198 0 0
# scanned=328794
# found=4
# cleaned=0
# scan_time=9890
sh=80FED4B111D357D67CA6FC59A1EE5AFE215AC0FB ft=0 fh=0000000000000000 vn="Java/Jacksbot.O trojan" ac=I fn="C:\Users\Jan\AppData\Roaming\svchost-1785158054.jar"
sh=5E9BDCF91D8C2A5485E4CBA2D7E95870488A211A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Jan\AppData\Roaming\Auslogics\Rescue\Boost Speed\130728173357068.rsc"
sh=397FE64027322E9A6720EF37361D789DDB39B89B ft=0 fh=0000000000000000 vn="a variant of Win32/CoinMiner.CI trojan" ac=I fn="C:\Users\Jan\AppData\Roaming\Auslogics\Rescue\Boost Speed\130826012828706.rsc"
sh=41B69B8B38A2A174401427D01DE8B5515F860269 ft=1 fh=b5d8450c7c6a1610 vn="a variant of Win32/CoinMiner.CI trojan" ac=I fn="C:\Users\Jan\Desktop\Combofix\Qoobox\Quarantine\C\Users\Jan\AppData\Roaming\lsm.exe.vir"


checkup




Code:
ATTFilter
 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 31  
 Java 7 Update 25  
 Java(TM) SE Development Kit 6 Update 20 
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1) 
 Google Chrome 28.0.1500.95  
 Google Chrome 29.0.1547.57  
 Google Chrome 29.0.1547.62  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````




FRST





FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013 01
Ran by Jan (administrator) on JAN-PC on 01-09-2013 21:42:16
Running from C:\Users\Jan\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Akamai Technologies, Inc.) C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bohemia Interactive) C:\Program files\Bohemia Interactive\ArmA 2\Expansion\beta\arma2oa.exe
() C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 60
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-24] (Valve Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\False ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\false.vbs ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phoenix.cfg ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\plugins ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 - {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKCU - {438CB363-A94D-4AE3-8F99-E93393D46036} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default
FF NewTab: hxxp://www.google.de/search?q=
FF Homepage: www.facebook.de
FF Keyword.URL: hxxp://www.google.de/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\battlefieldplay4free@ea.com
FF Extension: No Name - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\qumo8dlc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://battlelog.battlefield.com/bf3/de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR Plugin: (Unity Player) - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Battlefield Heroes) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0
CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-12] ()
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-31] ()
S2 sfrem01; C:\Windows\system32\sfrem01.exe [601208 2006-07-05] (Protection Technology (StarForce))
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-21] (Tunngle.net GmbH)
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R3 CamSuiteVAC; C:\Windows\System32\DRIVERS\CamSuiteVAC.sys [56320 2008-09-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-18] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 21:40 - 2013-09-01 21:40 - 00001079 _____ C:\Users\Jan\Desktop\checkup.txt
2013-09-01 18:34 - 2013-09-01 18:34 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_enu.exe
2013-09-01 18:34 - 2013-09-01 18:34 - 00891115 _____ C:\Users\Jan\Downloads\SecurityCheck.exe
2013-09-01 00:20 - 2013-09-01 00:20 - 00000000 ____D C:\FRST
2013-09-01 00:11 - 2013-09-01 00:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 00:05 - 2013-09-01 00:23 - 00000000 ____D C:\AdwCleaner
2013-09-01 00:03 - 2013-09-01 00:03 - 00000000 ____D C:\ProgramData\RELOADED
2013-08-31 22:25 - 2013-08-31 22:25 - 01027511 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe
2013-08-31 22:25 - 2013-08-31 22:25 - 00994642 _____ C:\Users\Jan\Downloads\adwcleaner.exe
2013-08-31 22:24 - 2013-09-01 18:38 - 00000000 ____D C:\Users\Jan\Desktop\Combofix
2013-08-31 16:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-31 16:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-31 16:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-31 16:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-31 16:37 - 2013-08-31 17:02 - 00000000 ____D C:\Windows\erdnt
2013-08-31 13:33 - 2013-09-01 01:25 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-31 13:33 - 2013-08-31 13:45 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-31 00:25 - 2013-08-31 00:25 - 00000168 _____ C:\Users\Jan\defogger_reenable
2013-08-30 22:50 - 2013-09-01 14:11 - 00002974 _____ C:\Windows\PFRO.log
2013-08-30 17:02 - 2013-08-30 17:02 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-30 17:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-30 14:13 - 2013-08-30 14:13 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2013-08-30 14:12 - 2013-08-30 17:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 14:07 - 2013-08-30 14:07 - 00214424 ___SH (Deposit Files) C:\Users\Jan\Downloads\{265D75E0-3FB2-4F4A-B980-B30F6D833DAC}.tmp
2013-08-30 13:10 - 2013-08-30 13:10 - 00000000 _____ C:\autoexec.bat
2013-08-30 13:09 - 2013-08-30 13:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-08-26 14:24 - 2013-04-11 11:34 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-08-26 14:18 - 2013-08-26 14:18 - 00000000 ____D C:\NVIDIA
2013-08-26 14:09 - 2013-08-26 14:11 - 00000000 ____D C:\Users\Jan\Documents\Battlefield 3
2013-08-26 00:46 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-08-24 14:20 - 2013-08-24 14:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-22 13:23 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\SpecialForce2Beta
2013-08-20 14:08 - 2013-08-20 14:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-08-19 11:04 - 2013-08-19 11:04 - 00002220 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-18 20:08 - 2013-08-18 20:08 - 00000000 ____D C:\Users\Jan\AppData\Local\EMU
2013-08-18 20:05 - 2013-08-18 20:05 - 00018397 _____ C:\Windows\DirectX.log
2013-08-18 20:02 - 2013-08-18 20:04 - 00000000 ____D C:\Program Files (x86)\Worms Clan Wars
2013-08-17 14:06 - 2013-08-30 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 19:30 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 19:30 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 19:30 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 19:30 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 19:30 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 19:30 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 19:30 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 19:30 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 19:30 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 19:30 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 19:30 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 19:30 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 19:30 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 19:30 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 19:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 19:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 17:32 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 17:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 17:32 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 17:32 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 17:32 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 17:32 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 17:32 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 17:32 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 17:32 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 17:32 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 17:32 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 17:32 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 17:32 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 17:32 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 17:32 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 17:32 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 17:32 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 17:32 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 17:32 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 17:32 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 17:32 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-12 13:14 - 2013-08-12 13:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-12 13:14 - 2013-08-12 13:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-07 15:35 - 2013-08-07 15:39 - 00000000 ____D C:\Users\Jan\AppData\Local\Black_Tree_Gaming
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\Documents\Nexus Mod Manager

==================== One Month Modified Files and Folders =======

2013-09-01 21:42 - 2013-09-01 21:42 - 01950894 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe
2013-09-01 21:41 - 2012-10-12 17:12 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 21:40 - 2013-09-01 21:40 - 00001079 _____ C:\Users\Jan\Desktop\checkup.txt
2013-09-01 21:01 - 2012-04-11 11:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 20:45 - 2012-10-22 20:29 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2 OA
2013-09-01 20:35 - 2012-08-07 01:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-01 20:02 - 2011-05-07 01:46 - 01738897 _____ C:\Windows\WindowsUpdate.log
2013-09-01 18:38 - 2013-08-31 22:24 - 00000000 ____D C:\Users\Jan\Desktop\Combofix
2013-09-01 18:36 - 2010-11-21 08:50 - 00699884 _____ C:\Windows\system32\perfh007.dat
2013-09-01 18:36 - 2010-11-21 08:50 - 00149766 _____ C:\Windows\system32\perfc007.dat
2013-09-01 18:36 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-01 18:34 - 2013-09-01 18:34 - 02347384 _____ (ESET) C:\Users\Jan\Downloads\esetsmartinstaller_enu.exe
2013-09-01 18:34 - 2013-09-01 18:34 - 00891115 _____ C:\Users\Jan\Downloads\SecurityCheck.exe
2013-09-01 14:38 - 2012-09-12 17:22 - 00000000 ____D C:\Users\Jan\AppData\Local\LogMeIn Hamachi
2013-09-01 14:19 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 14:19 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 14:15 - 2012-10-12 17:12 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 14:14 - 2011-12-25 12:28 - 00114432 _____ C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 14:12 - 2013-07-29 17:35 - 00008339 _____ C:\Windows\setupact.log
2013-09-01 14:12 - 2011-05-16 01:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-01 14:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 14:12 - 2009-07-14 06:45 - 00433728 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-01 14:11 - 2013-08-30 22:50 - 00002974 _____ C:\Windows\PFRO.log
2013-09-01 01:25 - 2013-08-31 13:33 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-01 01:25 - 2012-01-08 13:28 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-01 01:15 - 2012-01-08 13:29 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-01 00:44 - 2012-04-01 20:56 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-01 00:41 - 2013-04-09 15:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-01 00:39 - 2010-11-21 09:00 - 00000000 ____D C:\Windows\ShellNew
2013-09-01 00:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-09-01 00:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-01 00:39 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2013-09-01 00:37 - 2013-03-16 19:53 - 00000000 ____D C:\Users\Jan\AppData\Roaming\SoftGrid Client
2013-09-01 00:23 - 2013-09-01 00:05 - 00000000 ____D C:\AdwCleaner
2013-09-01 00:20 - 2013-09-01 00:20 - 00000000 ____D C:\FRST
2013-09-01 00:11 - 2013-09-01 00:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 00:03 - 2013-09-01 00:03 - 00000000 ____D C:\ProgramData\RELOADED
2013-08-31 23:36 - 2012-10-04 21:17 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ED6B66A4-F80D-4D66-9A3E-58886B6F0745}
2013-08-31 22:31 - 2012-07-09 13:32 - 00000000 ____D C:\Users\Jan\AppData\Roaming\uTorrent
2013-08-31 22:25 - 2013-08-31 22:25 - 01027511 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe
2013-08-31 22:25 - 2013-08-31 22:25 - 00994642 _____ C:\Users\Jan\Downloads\adwcleaner.exe
2013-08-31 17:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-31 17:02 - 2013-08-31 16:37 - 00000000 ____D C:\Windows\erdnt
2013-08-31 16:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-31 16:52 - 2009-07-14 04:34 - 74186752 _____ C:\Windows\system32\config\software.bak
2013-08-31 16:52 - 2009-07-14 04:34 - 46137344 _____ C:\Windows\system32\config\system.bak
2013-08-31 16:52 - 2009-07-14 04:34 - 01048576 _____ C:\Windows\system32\config\default.bak
2013-08-31 16:52 - 2009-07-14 04:34 - 00061440 _____ C:\Windows\system32\config\sam.bak
2013-08-31 16:52 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\security.bak
2013-08-31 16:48 - 2011-12-24 20:32 - 00000000 ___RD C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-31 13:45 - 2013-08-31 13:33 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-31 01:32 - 2011-05-07 01:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-31 00:35 - 2012-02-05 10:40 - 00000000 ____D C:\Users\Gast
2013-08-31 00:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-31 00:25 - 2013-08-31 00:25 - 00000168 _____ C:\Users\Jan\defogger_reenable
2013-08-31 00:25 - 2011-12-24 20:30 - 00000000 ____D C:\Users\Jan
2013-08-31 00:09 - 2011-12-24 20:32 - 00000000 ____D C:\Users\Jan\AppData\Local\VirtualStore
2013-08-31 00:04 - 2012-03-30 13:46 - 00000000 ___RD C:\Users\Jan\Desktop\Passwörter
2013-08-30 17:02 - 2013-08-30 17:02 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-30 17:02 - 2013-08-30 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 16:41 - 2013-08-26 00:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-08-30 16:41 - 2013-08-22 13:23 - 00000000 ____D C:\Program Files (x86)\SpecialForce2Beta
2013-08-30 16:41 - 2013-08-17 14:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-30 16:41 - 2013-05-29 18:05 - 00000000 ____D C:\Users\Jan\AppData\Local\Akamai
2013-08-30 16:41 - 2013-03-29 17:44 - 00000000 ____D C:\BrickForce
2013-08-30 16:41 - 2012-10-22 20:29 - 00000000 ____D C:\Users\Jan\Documents\ArmA 2
2013-08-30 16:41 - 2012-07-16 13:03 - 00000000 ____D C:\Users\Gast\AppData\Local\LogMeIn Hamachi
2013-08-30 16:41 - 2012-05-19 13:12 - 00000000 ____D C:\IL-2 Sturmovik 1946
2013-08-30 16:41 - 2011-12-24 21:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-30 16:41 - 2011-12-24 21:18 - 00000000 ____D C:\ProgramData\Skype
2013-08-30 16:41 - 2011-05-07 02:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-30 16:41 - 2011-05-07 02:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-30 16:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2013-08-30 16:39 - 2012-03-18 19:45 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2013-08-30 16:32 - 2012-02-10 21:28 - 00000000 ____D C:\Users\Jan\AppData\Local\CrashDumps
2013-08-30 14:13 - 2013-08-30 14:13 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2013-08-30 14:07 - 2013-08-30 14:07 - 00214424 ___SH (Deposit Files) C:\Users\Jan\Downloads\{265D75E0-3FB2-4F4A-B980-B30F6D833DAC}.tmp
2013-08-30 13:10 - 2013-08-30 13:10 - 00000000 _____ C:\autoexec.bat
2013-08-30 13:09 - 2013-08-30 13:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-30 09:08 - 2013-07-11 21:52 - 00000000 ____D C:\Users\Gast\AppData\Local\CrashDumps
2013-08-26 14:30 - 2013-06-07 13:17 - 00000000 ____D C:\Users\Jan\AppData\Local\NVIDIA
2013-08-26 14:29 - 2011-05-16 01:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-08-26 14:24 - 2013-08-26 14:24 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-08-26 14:18 - 2013-08-26 14:18 - 00000000 ____D C:\NVIDIA
2013-08-26 14:11 - 2013-08-26 14:09 - 00000000 ____D C:\Users\Jan\Documents\Battlefield 3
2013-08-26 13:55 - 2011-05-07 02:43 - 00000000 ____D C:\Windows\Panther
2013-08-26 01:30 - 2013-07-28 10:18 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Auslogics
2013-08-26 01:29 - 2012-12-09 00:38 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-08-25 18:35 - 2013-01-01 22:32 - 00000000 ____D C:\Users\Jan\AppData\Roaming\TS3Client
2013-08-24 14:20 - 2013-08-24 14:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-23 16:18 - 2013-02-25 12:12 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Skype
2013-08-21 13:54 - 2012-04-01 20:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Origin
2013-08-21 13:54 - 2012-04-01 20:56 - 00000000 ____D C:\Users\Jan\AppData\Local\Origin
2013-08-21 13:01 - 2012-04-11 11:33 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 13:01 - 2012-04-11 11:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 13:01 - 2011-12-24 20:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 14:08 - 2013-08-20 14:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-08-19 11:04 - 2013-08-19 11:04 - 00002220 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-19 11:04 - 2012-09-07 22:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-19 11:04 - 2011-12-24 21:12 - 00000000 ____D C:\Users\Jan\AppData\Local\Google
2013-08-18 20:08 - 2013-08-18 20:08 - 00000000 ____D C:\Users\Jan\AppData\Local\EMU
2013-08-18 20:05 - 2013-08-18 20:05 - 00018397 _____ C:\Windows\DirectX.log
2013-08-18 20:04 - 2013-08-18 20:02 - 00000000 ____D C:\Program Files (x86)\Worms Clan Wars
2013-08-18 17:26 - 2013-01-01 22:30 - 00000000 ____D C:\Users\Jan\AppData\Local\TeamSpeak 3 Client
2013-08-17 22:39 - 2013-02-08 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-14 19:28 - 2013-07-13 01:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 19:26 - 2011-12-29 16:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-12 13:14 - 2013-08-12 13:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-12 13:14 - 2013-08-12 13:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-12 13:14 - 2012-03-06 19:43 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-12 13:14 - 2012-02-23 14:59 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-09 00:40 - 2013-02-18 19:04 - 00000000 ____D C:\Program Files (x86)\War Thunder
2013-08-08 01:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-07 16:21 - 2012-02-22 19:52 - 00000000 ____D C:\Users\Jan\Documents\my games
2013-08-07 16:20 - 2013-01-21 16:04 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-08-07 15:39 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\AppData\Local\Black_Tree_Gaming
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\Users\Jan\Documents\Nexus Mod Manager
2013-08-07 14:40 - 2013-05-04 19:29 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2013-08-04 11:05 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 18:19

==================== End Of Log ============================
--- --- ---
Alt 02.09.2013, 08:06   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Adobe updaten. Die Funde löschen wir jetzt:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Jan\AppData\Roaming\svchost-1785158054.jar
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\False ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\false.vbs ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phoenix.cfg ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\plugins ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe ()
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /600
C:\Windows\SysNative\*.dll /600
C:\Windows\SysWOW64\*.dll /600
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.09.2013, 12:46   #11
Janimani
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Bitte sehr... Ich muss aber die Extras.txt und OTL.txt zippen und hier anhängen.




Fixlog





Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-09-2013 04
Ran by Jan at 2013-09-02 13:23:24 Run:1
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Jan\AppData\Roaming\svchost-1785158054.jar
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\False ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\false.vbs ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phoenix.cfg ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\plugins ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe ()
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
*****************

C:\Users\Jan\AppData\Roaming\svchost-1785158054.jar => Moved successfully.
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc => Moved successfully.
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\False => Moved successfully.
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\false.vbs => Moved successfully.
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phoenix.cfg => Moved successfully.
"C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\plugins" => Could not move.
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe => Moved successfully.
"C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe" => File/Directory not found.
X6va008 => Service deleted successfully.
X6va010 => Service deleted successfully.
X6va011 => Service deleted successfully.
X6va012 => Service deleted successfully.
xhunter1 => Service deleted successfully.

==== End of Fixlog ====

Alt 02.09.2013, 17:21   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Nein, Logs bitte aufteilen und in Stücken posten wenn nötig, die Extras brauch ich nit, nur die OTL.txt. ich will noch was kontrollieren.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.09.2013, 19:46   #13
Janimani
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Alles klar



OTL Part 1




Code:
ATTFilter
OTL logfile created on: 02.09.2013 13:26:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,15% Memory free
15,97 Gb Paging File | 14,41 Gb Available in Paging File | 90,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 488,48 Gb Free Space | 52,45% Space Free | Partition Type: NTFS
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.09.02 13:25:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
PRC - [2013.08.31 13:45:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.07.26 14:43:46 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.07.26 14:43:44 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.07.12 13:35:51 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.02.13 10:06:52 | 002,602,304 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2007.12.10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.08.14 19:29:44 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\775d60de39c6f0b49f1640c4e6c8de09\PresentationFramework.ni.dll
MOD - [2013.08.14 19:29:37 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\639cec73538f6ad7130372259464cc57\System.Runtime.Remoting.ni.dll
MOD - [2013.08.14 19:29:32 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f4fff5d6e716c439b944025d3994170d\System.Xaml.ni.dll
MOD - [2013.08.14 19:29:31 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8e3d6080e8eaaaf28389f3742ff9acdd\PresentationCore.ni.dll
MOD - [2013.08.14 19:29:27 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll
MOD - [2013.08.14 19:29:26 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a35e871c52b7a7aee64c969c02acfaa0\System.Core.ni.dll
MOD - [2013.08.14 19:29:23 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\782db4c31adf3046c62e43b8f11453c1\WindowsBase.ni.dll
MOD - [2013.08.14 19:29:21 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll
MOD - [2013.08.14 19:29:21 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2fd755147672c80dd4b13978933f8a3d\System.Configuration.ni.dll
MOD - [2013.07.14 20:00:40 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1c2c7074f15ce2472a1dac64931cbfcc\System.ServiceProcess.ni.dll
MOD - [2013.07.14 19:59:04 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.20 04:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (Dnscache)
SRV:64bit: - [2006.07.05 15:04:06 | 000,601,208 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\Windows\SysNative\sfrem01.exe -- (sfrem01)
SRV - [2013.08.31 13:45:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.08.28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.08.21 13:01:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.08.17 14:06:50 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.06.21 18:16:52 | 000,754,584 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.06.20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.06.20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.06.12 15:25:21 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011.12.25 12:54:58 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.09.27 12:39:44 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.01.21 01:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 01:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.21 02:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.06.21 02:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.06.18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 11:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.03.18 19:46:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.27 04:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 04:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 11:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.27 12:13:42 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.09.27 12:13:42 | 000,278,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.09.27 12:13:42 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.09.27 12:13:42 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.09.27 12:13:42 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.09.27 12:13:42 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.09.27 12:13:42 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.09.27 12:13:42 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.05.27 05:50:56 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.15 13:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.03.04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.01.05 04:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.28 11:07:52 | 000,532,480 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2008.09.18 21:54:48 | 000,056,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamSuiteVAC.sys -- (CamSuiteVAC)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 8C F5 1B 6D C2 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.facebook.de"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.145.0
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.96.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.26 14:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2013.08.07 14:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\qumo8dlc.default\extensions
[2012.08.14 12:16:51 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\qumo8dlc.default\extensions\battlefieldheroespatcher@ea.com
[2013.07.12 17:00:58 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\qumo8dlc.default\extensions\battlefieldplay4free@ea.com
[2013.08.07 14:52:31 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\qumo8dlc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.08 20:21:52 | 000,002,057 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\qumo8dlc.default\searchplugins\youtube-videosuche.xml
[2013.08.30 16:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.08.30 16:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.08.17 14:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.08.17 14:06:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Plugins\npitunes.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Battlefield Heroes = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.08.31 16:53:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc [2013.09.02 13:23:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\plugins [2013.05.22 20:58:01 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Ski&cka till OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Ski&cka till OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C205EB0-1A37-4578-81D2-0CC2FB3F1C0F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E717D52-E349-4682-929A-1004C01AF6F1}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.08.30 13:10:19 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.02 13:25:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2013.09.02 13:22:50 | 000,000,000 | ---D | C] -- C:\FRST
[2013.09.01 00:37:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.09.01 00:11:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.09.01 00:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013.08.31 22:24:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Combofix
[2013.08.31 17:14:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.08.31 17:05:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.08.31 16:40:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.08.31 16:40:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.08.31 16:40:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.08.31 16:37:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.08.30 17:02:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.08.30 14:13:08 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2013.08.30 14:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.08.30 14:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.08.30 13:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.08.26 14:18:33 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.08.26 14:09:23 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Battlefield 3
[2013.08.26 00:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013.08.24 14:20:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.08.22 13:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Special Force 2 Beta
[2013.08.22 13:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpecialForce2Beta
[2013.08.19 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.08.18 20:08:31 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\EMU
[2013.08.18 20:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Worms Clan Wars
[2013.08.17 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.08.12 13:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.08.07 15:35:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Nexus Mod Manager
[2013.08.07 15:35:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Black_Tree_Gaming
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[22 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.02 13:25:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2013.09.02 13:15:56 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.02 13:15:56 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.02 13:10:40 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.02 13:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.02 13:08:05 | 2134,102,015 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.02 06:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.02 05:42:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.09.02 04:58:39 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.09.02 04:58:39 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.09.02 04:57:10 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.09.01 18:36:25 | 001,622,236 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.09.01 18:36:25 | 000,699,884 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.09.01 18:36:25 | 000,654,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.09.01 18:36:25 | 000,149,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.09.01 18:36:25 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.01 14:12:06 | 000,433,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.08.31 16:53:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.08.31 13:45:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.08.31 00:25:12 | 000,000,168 | ---- | M] () -- C:\Users\Jan\defogger_reenable
[2013.08.30 17:02:32 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.08.30 13:10:19 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.08.20 14:08:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.08.19 11:04:13 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[22 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.08.31 16:40:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.08.31 16:40:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.08.31 16:40:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.08.31 16:40:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.08.31 16:40:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.08.31 13:33:28 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.08.31 13:33:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.08.31 00:25:12 | 000,000,168 | ---- | C] () -- C:\Users\Jan\defogger_reenable
[2013.08.30 17:02:32 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.08.30 13:10:19 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.08.20 14:08:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.08.19 11:04:13 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.02 01:59:10 | 000,291,000 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Fallen Earth_2.57.1.7_2013-03-01-23-59.dmp
[2013.02.23 20:53:47 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.02.23 20:53:47 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.11.22 15:20:59 | 000,000,017 | ---- | C] () -- C:\Users\Jan\AppData\Local\resmon.resmoncfg
[2012.09.30 14:08:57 | 000,355,834 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Fallen Earth_2.57.1.7_2012-09-30-12-08.dmp
[2012.08.15 23:52:04 | 000,068,283 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\icarus-dxdiag.xml
[2012.07.28 19:02:40 | 000,045,270 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\room_v3.dat
[2012.07.12 21:47:19 | 000,005,120 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.11 18:54:01 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.06.25 18:45:24 | 001,595,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.15 18:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.03.28 18:31:31 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.03.27 14:09:37 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.03.18 21:32:19 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.03.12 16:38:32 | 000,000,885 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini
[2012.02.22 15:28:59 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.22 15:28:59 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.12.25 12:50:18 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.08.07 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.minecraft
[2013.05.17 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Aeria Games & Entertainment
[2013.02.12 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Audacity
[2013.08.26 01:30:40 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Auslogics
[2013.08.30 16:39:42 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
[2013.07.28 10:30:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft
[2013.05.04 19:00:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ftblauncher
[2013.05.09 01:36:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Galaxy on Fire 2 Full HD
[2012.02.24 00:04:32 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Infinity
[2013.05.30 17:24:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Kalypso Media
[2012.12.20 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Kongregate
[2013.05.30 19:49:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Notepad++
[2013.05.31 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org
[2013.08.21 13:54:58 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Origin
[2013.02.23 20:51:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Samsung
[2013.06.17 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Sandswept Studios
[2013.07.09 15:13:33 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\six-updater
[2012.10.15 21:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\six-zsync
[2013.09.01 00:37:14 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\SoftGrid Client
[2012.11.22 16:56:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Sony Online Entertainment
[2013.01.25 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TechSmith
[2013.07.05 13:55:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TERA
[2013.04.09 15:40:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TP
[2013.08.25 18:35:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TS3Client
[2012.01.08 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ts3overlay
[2013.01.01 22:34:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ts3overlay_hook_win64
[2012.11.07 16:15:39 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TuneUp Software
[2013.06.22 22:42:00 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Tunngle
[2012.02.09 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Unity
[2013.08.31 22:31:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\uTorrent
[2012.07.02 17:01:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{3E717D52-E349-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{3E717D52-E349-4682 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.21 05:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.21 05:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.21 05:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[22 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp
[2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp
[2010.11.21 05:24:28 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
 
< C:\Windows\system32\*.dll /600 >
[2012.08.23 13:15:57 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apisetschema.dll
[2012.07.09 00:40:10 | 000,028,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aspnet_counters.dll
[2012.11.06 02:20:50 | 000,168,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll
[2012.12.18 11:06:06 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll
[2013.07.09 06:46:31 | 001,166,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll
[2013.07.09 06:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2013.08.12 13:14:27 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.12.18 11:06:00 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2013.04.20 10:15:35 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2013.04.20 10:15:35 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.04.20 10:15:37 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\elshyph.dll
[2012.12.18 11:08:34 | 000,110,592 | ---- | M] () -- C:\Windows\system32\FsUsbExDevice.Dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2013.04.20 10:15:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2013.04.20 10:15:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2013.04.20 10:15:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2013.04.20 10:15:35 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.07.26 05:11:59 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.04.20 10:15:36 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2013.07.26 05:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.07.26 05:12:00 | 002,048,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.07.26 05:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2013.07.26 05:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2013.07.26 05:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2013.04.20 10:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2013.04.20 10:15:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll
[2013.07.26 05:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.07.26 05:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.07.26 05:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2013.04.20 10:15:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2012.12.18 11:06:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll
[2012.12.18 11:06:06 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll
[2012.12.18 11:06:06 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll
[2012.12.18 11:06:06 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\system32\MAMACExtract.dll
[2012.12.18 11:06:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll
[2012.11.06 02:20:52 | 004,421,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110.dll
[2012.11.06 02:20:52 | 000,046,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110chs.dll
[2012.11.06 02:20:52 | 000,046,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110cht.dll
[2012.11.06 02:20:52 | 000,074,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110deu.dll
[2012.11.06 02:20:52 | 000,064,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110enu.dll
[2012.11.06 02:20:52 | 000,073,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110esn.dll
[2012.11.06 02:20:52 | 000,074,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110fra.dll
[2012.11.06 02:20:52 | 000,072,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110ita.dll
[2012.11.06 02:20:52 | 000,053,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110jpn.dll
[2012.11.06 02:20:52 | 000,053,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110kor.dll
[2012.11.06 02:20:52 | 000,070,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110rus.dll
[2012.11.06 02:20:52 | 004,456,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110u.dll
[2012.11.06 02:20:52 | 000,092,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110.dll
[2012.11.06 02:20:52 | 000,092,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110u.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll
[2012.12.18 11:06:06 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll
[2013.07.26 05:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.04.20 10:15:36 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2012.12.18 11:06:06 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll
[2013.07.26 05:12:23 | 014,329,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.04.20 10:15:36 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2013.04.20 10:15:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2013.04.20 10:15:37 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.04.20 10:15:37 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2012.12.18 11:06:06 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2013.04.20 10:15:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2012.08.23 15:47:20 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MsRdpWebAccess.dll
[2012.08.23 10:19:01 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2012.11.06 02:20:52 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll
[2012.07.09 00:40:10 | 000,501,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110_clr0400.dll
[2012.07.09 00:40:10 | 000,017,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100_clr0400.dll
[2012.11.06 02:20:52 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll
[2012.07.09 00:40:10 | 000,864,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110_clr0400.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.12.18 11:06:06 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll
[2012.12.18 11:06:06 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll
[2012.12.18 11:06:06 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll
[2012.12.18 11:06:06 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2013.08.12 13:14:27 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npdeployJava1.dll
[2013.07.09 06:53:47 | 001,292,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2013.07.09 04:49:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2013.05.12 23:42:27 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll
[2013.05.12 23:42:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll
[2013.05.12 23:42:27 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll
[2013.05.12 23:42:27 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll
[2013.05.12 23:42:27 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll
[2013.05.12 23:42:27 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll
[2012.03.01 02:02:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdecodemft.dll
[2013.05.12 23:42:27 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\NvFBC.dll
[2013.05.12 23:42:27 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\NvIFR.dll
[2013.05.12 23:42:27 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvinit.dll
[2013.05.12 23:42:27 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglshim32.dll
[2013.05.12 23:42:27 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll
[2013.05.12 23:42:27 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvopencl.dll
[2013.05.12 23:42:27 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvumdshim.dll
[2013.05.12 23:42:27 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll
[2013.04.20 10:15:36 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2012.08.07 00:54:27 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\system32\OpenAL32.dll
[2012.03.01 02:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll
[2013.04.20 10:15:36 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2012.05.04 11:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2013.06.04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.08.23 13:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpendp_winip.dll
[2012.12.18 11:06:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll
[2013.07.09 06:52:33 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll
[2012.08.24 18:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.08.24 18:57:40 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll
[2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.08.24 18:53:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2012.11.26 19:20:50 | 000,234,496 | ---- | M] (TechSmith Corporation) -- C:\Windows\system32\tsc2_codec32.dll
[2012.11.26 19:20:50 | 000,270,848 | ---- | M] (TechSmith Corporation) -- C:\Windows\system32\tsc2_codec64.dll
[2012.11.27 09:52:58 | 000,571,392 | ---- | M] (TechSmith Corporation) -- C:\Windows\system32\tsccvid.dll
[2012.11.27 09:52:58 | 000,595,456 | ---- | M] (TechSmith Corporation) -- C:\Windows\system32\tsccvid64.dll
[2012.08.23 15:18:14 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2013.07.19 03:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2013.04.20 10:15:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.07.26 05:13:14 | 001,141,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.04.20 10:15:36 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.11.06 02:20:52 | 000,320,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcamp110.dll
[2012.11.06 02:20:52 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll
[2012.11.06 02:20:52 | 000,125,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll
[2013.04.20 10:15:36 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.08.12 13:14:30 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge-32.dll
[2013.04.17 09:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2013.07.26 05:13:24 | 001,767,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.07.09 06:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.08.23 15:46:20 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wksprtPS.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2013.07.09 06:52:33 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2012.08.06 15:44:14 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\system32\wrap_oal.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
[22 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.11 11:33:57 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.12 17:12:12 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.10.12 17:12:12 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

Alt 02.09.2013, 19:47   #14
Janimani
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Und hier Part 2






Code:
ATTFilter
< C:\Windows\SysNative\*.dll /600 >
[2012.08.23 12:54:24 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 07:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 22:35:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 22:32:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 22:35:31 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 22:31:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 22:35:31 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 22:31:40 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 22:31:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 07:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appinfo.dll
[2012.07.08 23:24:30 | 000,030,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aspnet_counters.dll
[2012.12.16 16:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 19:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.02.27 07:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.05.13 07:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2012.05.28 07:09:04 | 002,168,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\coin91.dll
[2012.09.28 22:42:04 | 002,177,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\coin92.dll
[2013.01.21 11:12:12 | 002,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\coin93.dll
[2013.05.02 10:32:04 | 002,274,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\coin94.dll
[2013.07.09 07:46:20 | 001,472,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.05.10 07:49:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.07.09 07:46:20 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.01.13 21:10:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.01.13 21:20:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.01.13 21:38:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.01.13 21:24:33 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.01.13 21:51:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.01.13 21:20:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.01.13 21:38:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.01 00:52:16 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2012.09.12 17:19:52 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.09 20:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.10.09 20:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.02 07:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.04.03 00:51:57 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.01.13 21:49:17 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.04.20 10:15:34 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.20 10:15:34 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.20 10:15:37 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.01.13 21:58:28 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2012.12.07 15:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.04.20 10:15:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.20 10:15:32 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.20 10:15:34 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.20 10:15:34 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2013.07.26 07:12:03 | 015,405,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2013.04.20 10:15:32 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.07.26 07:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.26 07:12:03 | 002,647,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2013.07.26 07:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.26 07:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.26 07:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.04.20 10:15:32 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.20 10:15:33 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.03 19:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll
[2013.07.26 07:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.26 07:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.26 07:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.08.11 02:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2012.11.30 07:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.30 07:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.04.20 10:15:33 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.24 20:03:09 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.07.26 07:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.20 10:15:32 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2013.07.26 07:12:31 | 019,239,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2013.04.20 10:15:33 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.20 10:15:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.20 10:15:34 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.04.20 10:15:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.01.04 08:11:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.04.20 10:15:35 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.08.23 15:20:40 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.08.23 10:13:07 | 005,773,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.05.13 15:36:10 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012.07.08 23:24:30 | 000,613,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110_clr0400.dll
[2012.09.19 16:57:40 | 000,017,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll
[2013.05.13 15:36:10 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012.07.08 23:24:30 | 000,856,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110_clr0400.dll
[2012.11.01 07:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.11.01 07:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.11.20 07:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.03 19:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.10.03 19:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.10.03 19:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.10.03 19:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlaapi.dll
[2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlasvc.dll
[2012.09.12 17:19:52 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2013.07.09 07:54:22 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.11.30 07:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.05.12 23:42:27 | 002,935,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.05.12 23:42:27 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.05.12 22:34:14 | 006,491,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.05.12 23:42:27 | 009,233,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.05.12 23:42:27 | 002,363,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.05.12 23:42:27 | 002,942,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.05.12 23:42:27 | 015,143,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.03.01 02:02:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.12.29 12:34:47 | 001,813,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013.02.10 05:25:27 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.05.12 23:42:27 | 001,832,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2012.12.29 12:34:47 | 001,504,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013.02.10 05:25:27 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.05.12 23:42:27 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.05.12 23:42:27 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2012.03.01 02:02:00 | 001,466,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2013.01.29 10:35:33 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2013.02.25 07:27:52 | 000,031,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.05.12 23:42:27 | 000,518,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.05.12 23:42:27 | 000,266,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.05.12 22:34:11 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.05.12 23:42:27 | 000,218,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.05.12 23:42:27 | 027,775,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.05.12 23:42:27 | 007,641,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.05.12 22:34:12 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.05.12 22:34:14 | 003,514,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.05.12 22:34:12 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.05.12 23:42:27 | 001,059,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.05.12 23:42:27 | 015,910,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.04.20 10:15:33 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.08.07 00:54:27 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.03.01 02:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.04.20 10:15:33 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2012.05.04 13:00:43 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.06.04 08:00:13 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.08.23 11:51:57 | 003,174,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.08.23 12:51:14 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.08.23 15:24:57 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.08.23 16:13:11 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013.07.09 07:51:16 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2012.08.24 20:05:03 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2013.02.27 07:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.26 00:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.08.23 14:52:53 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.08.23 15:06:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.08.23 15:40:56 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.07.19 03:58:42 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2013.01.13 21:24:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.04.20 10:15:34 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.07.26 07:13:28 | 001,365,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.11.22 07:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.04.20 10:15:33 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.13 15:36:10 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2013.06.21 02:07:52 | 001,490,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012.07.26 04:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.04.20 10:15:33 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webcheck.dll
[2013.04.26 07:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.09.12 17:19:53 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.17 08:24:46 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.01.13 21:25:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.07.26 07:13:37 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2013.01.04 07:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.07.09 07:52:52 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.06.21 02:07:52 | 000,708,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller.dll
[2012.08.23 15:17:54 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll
[2013.01.13 20:32:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.07.25 11:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.09 07:53:12 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.30 07:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.30 07:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.07 15:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012.08.06 15:44:15 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.26 05:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.07.26 05:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.07.26 05:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFSvc.dll
[2012.07.26 05:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.03.19 07:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.03.19 07:53:58 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll
[2013.01.13 20:09:52 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.01.13 19:05:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
 
< C:\Windows\SysWOW64\*.dll /600 >
[2012.08.23 13:15:57 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\aaclient.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apisetschema.dll
[2012.07.09 00:40:10 | 000,028,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\aspnet_counters.dll
[2012.11.06 02:20:50 | 000,168,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl110.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWOW64\atmlib.dll
[2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\certenc.dll
[2012.12.18 11:06:06 | 000,974,848 | ---- | M] () -- C:\Windows\SysWOW64\cis-2.4.dll
[2013.07.09 06:46:31 | 001,166,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptdlg.dll
[2013.07.09 06:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll
[2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll
[2013.08.12 13:14:27 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.12.18 11:06:00 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgderapi.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
[2013.04.20 10:15:35 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll
[2013.04.20 10:15:35 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll
[2013.04.20 10:15:37 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\elshyph.dll
[2012.12.18 11:08:34 | 000,110,592 | ---- | M] () -- C:\Windows\SysWOW64\FsUsbExDevice.Dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll
[2013.04.20 10:15:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icardie.dll
[2013.04.20 10:15:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IEAdvpack.dll
[2013.04.20 10:15:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll
[2013.04.20 10:15:35 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iedkcs32.dll
[2013.07.26 05:11:59 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2013.04.20 10:15:36 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll
[2013.07.26 05:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iernonce.dll
[2013.07.26 05:12:00 | 002,048,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2013.07.26 05:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesetup.dll
[2013.07.26 05:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesysprep.dll
[2013.07.26 05:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
[2013.04.20 10:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll
[2013.04.20 10:15:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inseng.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | M] () -- C:\Windows\SysWOW64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysWOW64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | M] () -- C:\Windows\SysWOW64\issacapi_se-2.3.dll
[2013.07.26 05:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2013.07.26 05:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll
[2013.07.26 05:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
[2013.04.20 10:15:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\licmgr10.dll
[2012.12.18 11:06:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWOW64\MACXMLProto.dll
[2012.12.18 11:06:06 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\SysWOW64\MaDRM.dll
[2012.12.18 11:06:06 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWOW64\MaJGUILib.dll
[2012.12.18 11:06:06 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWOW64\MAMACExtract.dll
[2012.12.18 11:06:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWOW64\MaXMLProto.dll
[2012.11.06 02:20:52 | 004,421,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110.dll
[2012.11.06 02:20:52 | 000,046,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110chs.dll
[2012.11.06 02:20:52 | 000,046,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110cht.dll
[2012.11.06 02:20:52 | 000,074,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110deu.dll
[2012.11.06 02:20:52 | 000,064,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110enu.dll
[2012.11.06 02:20:52 | 000,073,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110esn.dll
[2012.11.06 02:20:52 | 000,074,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110fra.dll
[2012.11.06 02:20:52 | 000,072,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110ita.dll
[2012.11.06 02:20:52 | 000,053,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110jpn.dll
[2012.11.06 02:20:52 | 000,053,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110kor.dll
[2012.11.06 02:20:52 | 000,070,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110rus.dll
[2012.11.06 02:20:52 | 004,456,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc110u.dll
[2012.11.06 02:20:52 | 000,092,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfcm110.dll
[2012.11.06 02:20:52 | 000,092,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfcm110u.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\SysWOW64\MK_Lyric.dll
[2012.12.18 11:06:06 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWOW64\MSCLib.dll
[2013.07.26 05:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2013.04.20 10:15:36 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeedsbs.dll
[2012.12.18 11:06:06 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWOW64\MSFLib.dll
[2013.07.26 05:12:23 | 014,329,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2013.04.20 10:15:36 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2013.04.20 10:15:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmler.dll
[2013.04.20 10:15:37 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2013.04.20 10:15:37 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
[2012.12.18 11:06:06 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\SysWOW64\MSLUR71.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
[2013.04.20 10:15:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll
[2012.08.23 15:47:20 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MsRdpWebAccess.dll
[2012.08.23 10:19:01 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mstscax.dll
[2012.11.06 02:20:52 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp110.dll
[2012.07.09 00:40:10 | 000,501,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp110_clr0400.dll
[2012.07.09 00:40:10 | 000,017,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr100_clr0400.dll
[2012.11.06 02:20:52 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr110.dll
[2012.07.09 00:40:10 | 000,864,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr110_clr0400.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.12.18 11:06:06 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\SysWOW64\MTTELECHIP.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\SysWOW64\MTXSYNCICON.dll
[2012.12.18 11:06:06 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWOW64\muzaf1.dll
[2012.12.18 11:06:06 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWOW64\muzapp.dll
[2012.12.18 11:06:06 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\SysWOW64\muzwmts.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netevent.dll
[2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
[2013.08.12 13:14:27 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npdeployJava1.dll
[2013.07.09 06:53:47 | 001,292,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
[2013.07.09 04:49:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll
[2013.05.12 23:42:27 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll
[2013.05.12 23:42:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcompiler.dll
[2013.05.12 23:42:27 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuda.dll
[2013.05.12 23:42:27 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvenc.dll
[2013.05.12 23:42:27 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvid.dll
[2013.05.12 23:42:27 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll
[2012.03.01 02:02:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvdecodemft.dll
[2013.05.12 23:42:27 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\NvFBC.dll
[2013.05.12 23:42:27 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\NvIFR.dll
[2013.05.12 23:42:27 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvinit.dll
[2013.05.12 23:42:27 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoglshim32.dll
[2013.05.12 23:42:27 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoglv32.dll
[2013.05.12 23:42:27 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvopencl.dll
[2013.05.12 23:42:27 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvumdshim.dll
[2013.05.12 23:42:27 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvwgf2um.dll
[2013.04.20 10:15:36 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\occache.dll
[2012.08.07 00:54:27 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWOW64\OpenAL32.dll
[2012.03.01 02:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWOW64\OpenCL.dll
[2013.04.20 10:15:36 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll
[2012.05.04 11:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll
[2013.06.04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qedit.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll
[2012.08.23 13:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpendp_winip.dll
[2012.12.18 11:06:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWOW64\Redemption.dll
[2013.07.09 06:52:33 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
[2012.08.24 18:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.08.24 18:57:40 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
[2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.08.24 18:53:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll
[2012.11.26 19:20:50 | 000,234,496 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWOW64\tsc2_codec32.dll
[2012.11.26 19:20:50 | 000,270,848 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWOW64\tsc2_codec64.dll
[2012.11.27 09:52:58 | 000,571,392 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWOW64\tsccvid.dll
[2012.11.27 09:52:58 | 000,595,456 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWOW64\tsccvid64.dll
[2012.08.23 15:18:14 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tsgqec.dll
[2013.07.19 03:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll
[2013.04.20 10:15:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2013.07.26 05:13:14 | 001,141,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
[2013.04.20 10:15:36 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2012.11.06 02:20:52 | 000,320,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vcamp110.dll
[2012.11.06 02:20:52 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vccorlib110.dll
[2012.11.06 02:20:52 | 000,125,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vcomp110.dll
[2013.04.20 10:15:36 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webcheck.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2013.08.12 13:14:30 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
[2013.04.17 09:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll
[2013.07.26 05:13:24 | 001,767,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2013.07.09 06:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2012.08.23 15:46:20 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wksprtPS.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll
[2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMPhoto.dll
[2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMVDECOD.DLL
[2013.07.09 06:52:33 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
[2012.08.06 15:44:14 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWOW64\wrap_oal.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsPrint.dll
[22 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

Alt 02.09.2013, 19:56   #15
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Standard

Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


Supi, noch Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 1 von 3 1 23

Themen zu Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da
abgesicherten, backdoor.bot, beachten, java/jacksbot.o, malware.trace, malwarebytes, problem, pup.bitminer, pup.optional.1clickdownload.a, pup.optional.babylon.a, pup.optional.installcore.a, pup.optional.sweetim.a, pup.optional.tarma.a, spyhunter, spyhunter entfernen, trojan.agent.gen, trojan.bcminer, trojan.dropper.sfx, trojan.msil.s, versucht, win32/coinminer.ci


« Firefox öffnet verschiedene seiten in unregelmäsigen abständen. | GVU BKA Trojaner Win 7 startet nicht mehr im abgesicherten Modus »


Ähnliche Themen: Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da


  1. SysWOW64\Update_.exe trotz löschen bei Neustart wieder da und Autorun ebenfalls
    Plagegeister aller Art und deren Bekämpfung - 05.03.2015 (3)
  2. Mailwarebytes hat Trojan.DNSChanger entdeckt, nach Neustart wieder da
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (3)
  3. Mailwarebytes hat Trojan.DNSChanger entdeckt. Kommt nach Neustart immer wieder
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (9)
  4. Trojan:Win32/Obfuscator , wie bekomme ich diesen Trojaner wieder weg?
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (3)
  5. fbdownloader nach PC-Neustart wieder aktiv!
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (22)
  6. Softwareupdater.UI.exe möchte sich bei jedem Neustart des Computers installieren
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (13)
  7. Malwarebytes findet "Trojan.Agent" - dieser ist aber nach löschen jedesmal wieder da
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (14)
  8. win32/CoinMiner Virus!
    Log-Analyse und Auswertung - 07.01.2012 (1)
  9. Regelmäßiger plötzlicher Neustart des Computers - Highjack This
    Log-Analyse und Auswertung - 07.01.2011 (67)
  10. XP Prof Datei löschen nach Neustart immerweider da auf dem Desktop
    Log-Analyse und Auswertung - 21.09.2010 (1)
  11. Trojaner gefunden Trojan.PR.Ranky.YU veruscht zu löschen aber kommt immer wieder
    Log-Analyse und Auswertung - 12.04.2010 (39)
  12. Trojaner TR/Agent.375992.B erscheint nach dem löschen wieder.
    Plagegeister aller Art und deren Bekämpfung - 20.02.2009 (5)
  13. Nach jedem Neustart wieder spyware
    Log-Analyse und Auswertung - 27.07.2008 (4)
  14. NOAdware meldet Trojaner.Skintrim kommt nach Neustart immer wieder
    Log-Analyse und Auswertung - 30.08.2007 (1)
  15. Nach jedem Neustart sind sie wieder da !?!
    Log-Analyse und Auswertung - 16.03.2006 (7)
  16. Trojaner verursacht sofortigen Neustart des Computers bei Einwahl ins Internet
    Mülltonne - 02.07.2005 (1)
  17. Trojaner verursacht sofortigen Neustart des Computers bei Einwahl ins Internet
    Log-Analyse und Auswertung - 02.07.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da - Hallo Leute, Wie ihr schon aus der Überschrift herauslesen konntet habe ich ein Problem mit einem Trojaner. Mein Antivirusprogramm "Microsoft Security Essentials" hat diesen erkannt und ich habe ihn entfernen - Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da...
Archiv
Du betrachtest: Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129