| |
| |||||||
Log-Analyse und Auswertung: Virus: Win64/Patched.A in c:\windows\system32\services.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.07.2014, 08:16
| #1 |
 |  Virus: Win64/Patched.A in c:\windows\system32\services.exe Hi! Ich habe meinen Virenschutz (AVG free) deaktiviert und versehentlich erst ein paar Tage später (gestern) wieder aktiviert. Sofort nach der Aktivierung hat AVG den Virus festgestellt. Seitdem erkennt mein Antivirus auch ständig neue infizierte Dateien wie zB: Trojaner: Generic36.GFX Objektname: c:\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}\U\80000064.@ Prozessname: c:\Windows\System32\services.exe oder Trojaner: Generic35.ATTI Sogar wenn ich zum Beispiel das Programm "Raidcall" (ähnlich wie Teamspeak) starte, teilt mir AVG mit, dass der Virus "Luhe.Sirefef.A" im Prozess "\raidcall.exe" läuft. Bis auf die "services.exe" lassen sich die Infizierungen mit AVG beheben, werden aber immer wieder neu infiziert und alle paar Minuten wird mir eine neue Virusmeldung angezeigt. mfg Defendor Gmer.txt: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-22 08:04:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000077 ST3000DM rev.CC29 2794,52GB
Running: Gmer-19357.exe; Driver: C:\Users\Jinoru\AppData\Local\Temp\kfdiqpog.sys
---- User code sections - GMER 2.1 ----
.reloc C:\Windows\system32\services.exe [576] section is executable [0x4A8, 0xA0000020] 0000000100052000
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [576:944] 00000000001a1e58
Thread [1360:1424] 0000000075067587
Thread [1360:1436] 00000000749b79e0
Thread [1360:1440] 0000000074cc4e50
Thread [1360:1504] 0000000074cc4c30
Thread [1360:1508] 0000000074adb470
Thread [1360:1524] 0000000074ae0850
Thread [1360:1528] 0000000074adf810
Thread [1360:2800] 0000000077312e65
Thread [1360:4052] 000000006f1cef8b
Thread [1360:4036] 000000006f1cef8b
Thread [1360:6712] 00000000741c62ee
Thread [1360:5892] 0000000077313e85
Thread [1360:6124] 0000000077313e85
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [1008] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1188] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1312] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1548] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1856] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [2208] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2828] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 00000000741c0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2932] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [3564] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [3720] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 000007fefbd20000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\iSafe\ipcdl.exe [4056] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 00000000741c0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5012] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2014-06-05 01:50:31) 00000000741c0000
---- EOF - GMER 2.1 ----
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Jinoru at 2014-07-22 07:43:16
Running from C:\Users\Jinoru\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - )
AGEIA PhysX v7.03.21 (HKLM-x32\...\{85EBB283-65AF-4C53-9EBE-7C0A232762F7}) (Version: 7.03.21 - AGEIA Technologies, Inc.)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11109 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2011.1109.2212.39826 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.61109.2218 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1109.2212.39826 - Ihr Firmenname) Hidden
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1109.2211.39826 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CorsixTH 0.30 (HKLM-x32\...\CorsixTH) (Version: 0.30 - CorsixTH Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.6 - Echobit, LLC)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
HydraVision (x32 Version: 4.2.220.0 - Advanced Micro Devices, Inc.) Hidden
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.62.0 - JMicron Technology Corp.)
Livestreamer 1.8.2 (HKLM-x32\...\Livestreamer) (Version: - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.222 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.222 - LogMeIn, Inc.) Hidden
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Microsoft .NET Framework 4.5.2 (DEU) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office15.Click2Run) (Version: 15.0.2621.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 15.0.2621.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.50.3 - Black Tree Gaming)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
PSPdisp v0.6 (HKLM-x32\...\PSPdisp) (Version: v0.6 - JJS)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version: - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steamless Half-Life 2 Stand-Alone (HKLM-x32\...\Steamless Half-Life 2 Stand-Alone) (Version: 1.0 - Steamless)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls V - Skyrim (HKLM-x32\...\The Elder Scrolls V - Skyrim_is1) (Version: - )
The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (HKLM-x32\...\VGhlIEVsZGVyIFNjcm9sbHMgViBTa3lyaW0gRHJhZ29uYm9y~2F14EC6B_is1) (Version: 1 - )
Tropico 5 (HKLM-x32\...\Tropico 5_is1) (Version: 1.0 - ENiGMA)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3020.2 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Vegas Pro 11.0 (64-bit) (HKLM\...\{44A79F1E-8DF7-11E1-80E3-F04DA23A5C58}) (Version: 11.0.683 - Sony)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xenonauts (HKLM-x32\...\GOGPACKXENONAUTS_is1) (Version: 2.0.0.5 - GOG.com)
Yet Another Cleaner! (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {78ED405F-7CFC-41B8-93C7-6AE270D17CA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {82330C32-C463-4E71-9BE7-01A85134ECD2} - System32\Tasks\Speedial => C:\Users\Jinoru\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9CD4E5A3-32E7-451F-B9A7-780A950B7BD0} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe
Task: {BD57F15A-C6F9-47A0-8BFF-DB2CB91AC60C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-05-09] (IObit)
Task: {E9AD3578-18C0-4A17-9007-30E48B2FE266} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-03-07] (IObit)
Task: {EB5FE1C0-B0B0-436D-B526-58627F26EEED} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-05-09] (IObit)
Task: C:\Windows\Tasks\Speedial.job => C:\Users\Jinoru\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-06-05 03:50 - 2014-06-05 03:50 - 00327168 _____ () C:\Windows\system32\mswsock.dll
2014-06-05 03:50 - 2014-06-05 03:50 - 00327168 _____ () C:\Windows\system32\MSWSOCK.dll
2011-11-09 22:09 - 2011-11-09 22:09 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-08-07 10:06 - 2011-08-07 10:06 - 00624128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-08-07 10:06 - 2011-08-07 10:06 - 03641344 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-07-22 05:34 - 2014-07-16 11:34 - 02228896 _____ () C:\Program Files (x86)\iSafe\ipcdl.exe
2014-07-22 05:34 - 2014-07-16 11:34 - 00065696 _____ () C:\Program Files (x86)\iSafe\zlib1.dll
2014-07-22 05:34 - 2014-07-16 11:34 - 00092320 _____ () C:\Program Files (x86)\iSafe\curlpp.dll
2014-07-22 05:34 - 2014-07-16 11:34 - 00427168 _____ () C:\Program Files (x86)\iSafe\ipcproxy.dll
2014-07-22 05:34 - 2014-07-09 14:48 - 00176976 _____ () C:\Program Files (x86)\iSafe\tws\unrar.dll
2014-07-22 05:34 - 2014-07-09 14:48 - 00068432 _____ () C:\Program Files (x86)\iSafe\tws\zlib1.dll
2014-07-22 05:34 - 2014-07-09 14:48 - 00087744 _____ () C:\Program Files (x86)\iSafe\tws\unacev2.dll
2014-07-22 05:34 - 2014-07-16 11:34 - 00185640 _____ () C:\Program Files (x86)\iSafe\libpng.dll
2014-07-22 03:44 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-07-22 03:44 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-07-22 03:44 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-07-22 03:44 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-07-22 03:44 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-07-22 03:44 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-07-22 03:44 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2014-06-18 10:10 - 2014-06-18 10:10 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-14 18:01 - 2014-07-14 18:01 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2013-03-05 16:30 - 2013-03-05 16:30 - 00090112 _____ () C:\Program Files (x86)\RaidCall\crashreport.dll
2014-05-27 16:46 - 2014-05-27 16:46 - 00221184 _____ () C:\Program Files (x86)\RaidCall\skin.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^Users^Jinoru^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PSPdisp.lnk => C:\Windows\pss\PSPdisp.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jinoru^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wecker für Windows 6.lnk => C:\Windows\pss\Wecker für Windows 6.lnk.Startup
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: EvolveClient => C:\Program Files\Echobit\Evolve\EvolveClient.exe -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/22/2014 07:43:17 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (07/22/2014 07:43:17 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (07/22/2014 07:01:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 05:39:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Files (x86)\IObit\Driver Booster\DriverBooster.exe"; Beschreibung = Driver Booster : AMD High Definition Audio Device; Fehler = 0x80042302).
Error: (07/22/2014 05:39:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.
Error: (07/22/2014 05:39:15 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (07/22/2014 05:39:15 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (07/22/2014 05:26:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 04:15:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 03:40:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/22/2014 07:02:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UrlFilter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1753
Error: (07/22/2014 07:01:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (07/22/2014 07:01:29 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (07/22/2014 07:01:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (07/22/2014 07:01:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (07/22/2014 07:01:24 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (07/22/2014 07:01:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (07/22/2014 07:01:17 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (07/22/2014 05:42:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (07/22/2014 05:42:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (07/22/2014 07:43:17 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (07/22/2014 07:43:17 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (07/22/2014 07:01:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 05:39:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Files (x86)\IObit\Driver Booster\DriverBooster.exe"Driver Booster : AMD High Definition Audio Device0x80042302
Error: (07/22/2014 05:39:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
Error: (07/22/2014 05:39:15 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (07/22/2014 05:39:15 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (07/22/2014 05:26:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 04:15:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 03:40:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-07-22 07:00:56.957
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 07:00:56.926
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 05:25:33.631
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 05:25:33.600
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 04:14:26.240
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 04:14:26.208
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 03:39:26.678
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 03:39:26.647
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 02:59:30.594
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-22 02:59:30.547
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\pspdisp_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 8138.44 MB
Available physical RAM: 5047.89 MB
Total Pagefile: 16275.05 MB
Available Pagefile: 12935.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:2047.9 GB) (Free:1792.38 GB) NTFS
Drive f: () (Fixed) (Total:931.06 GB) (Free:173.08 GB) FAT32
Drive h: () (Removable) (Total:3.73 GB) (Free:1 GB) FAT32
Drive q: (App Virt) (Fixed) (Total:6 GB) (Free:6 GB) App Virt AppFS
==================== MBR & Partition Table ==================
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 03BD3C37)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-105906176) - (Type=07 NTFS)
==================== End Of Log ============================
defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:41 on 22/07/2014 (Jinoru)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Jinoru (administrator) on JINORU-PC on 22-07-2014 07:42:37
Running from C:\Users\Jinoru\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\iSafe\ipcdl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adblock) C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(RAIDCALL.COM) C:\Program Files (x86)\RaidCall\raidcall.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-06-23] (IObit)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-578131232-4241386587-3927081175-1000\...\MountPoints2: {dbee3c66-eb46-11e3-8fe8-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93B16629587FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
FireFox:
========
FF ProfilePath: C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default
FF NewTab: google.at
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Jinoru\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\user.js
FF SearchPlugin: C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\searchplugins\Speedial.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\adremoveext@adremoveext.net [2014-07-22]
FF Extension: DownloadHelper - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-15]
FF Extension: Adblock Plus - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [345984 2014-07-07] ()
R2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1132032 2011-02-24] (Microsoft Corporation) [File not signed]
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-21] (Echobit LLC)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-07-16] (Elex do Brasil Participações Ltda)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-14] (LogMeIn, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-03] (Echobit, LLC)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [247488 2014-07-16] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45248 2014-07-16] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [78016 2014-07-16] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [65216 2014-07-16] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48640 2014-07-09] (Elex do Brasil Participações Ltda)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2010-10-02] (hxxp://libusb-win32.sourceforge.net)
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS) [File not signed]
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [760168 2011-02-23] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2011-02-23] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-02-23] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2011-02-23] (Microsoft Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 07:42 - 2014-07-22 07:42 - 00015644 _____ () C:\Users\Jinoru\Downloads\FRST.txt
2014-07-22 07:42 - 2014-07-22 07:42 - 00000000 ____D () C:\FRST
2014-07-22 07:41 - 2014-07-22 07:42 - 02090496 _____ (Farbar) C:\Users\Jinoru\Downloads\FRST64.exe
2014-07-22 07:41 - 2014-07-22 07:41 - 00000474 _____ () C:\Users\Jinoru\Downloads\defogger_disable.log
2014-07-22 07:41 - 2014-07-22 07:41 - 00000000 _____ () C:\Users\Jinoru\defogger_reenable
2014-07-22 07:40 - 2014-07-22 07:40 - 00050477 _____ () C:\Users\Jinoru\Downloads\Defogger.exe
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieUserList
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieSiteList
2014-07-22 07:01 - 2014-07-22 07:01 - 00000344 _____ () C:\Windows\PFRO.log
2014-07-22 06:01 - 2014-07-22 06:01 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-07-22 05:41 - 2014-07-22 05:41 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-22 05:40 - 2014-07-22 05:40 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-07-22 05:40 - 2014-07-22 05:40 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02117424 _____ () C:\Windows\system32\SStudio.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-07-22 05:40 - 2014-07-22 05:40 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-07-22 05:40 - 2014-07-22 05:40 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-07-22 05:39 - 2014-07-22 07:01 - 00000374 _____ () C:\Windows\setupact.log
2014-07-22 05:39 - 2014-07-22 05:39 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-07-22 05:39 - 2014-07-22 05:39 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-07-22 05:39 - 2014-07-22 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-22 05:38 - 2014-07-22 05:38 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-07-22 05:38 - 2014-07-22 05:38 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-07-22 05:38 - 2014-07-22 05:38 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-07-22 05:38 - 2014-07-22 05:38 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-07-22 05:38 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-07-22 05:34 - 2014-07-22 07:07 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-07-22 05:34 - 2014-07-22 05:34 - 00001780 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Windows\system32\log
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\eCyber
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-07-22 05:34 - 2014-07-16 11:39 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-22 05:33 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\iSafe
2014-07-22 05:33 - 2014-07-22 05:33 - 12787224 _____ (Elex do Brasil Participações Ltda) C:\Users\Jinoru\Downloads\yet_another_cleaner_sk.exe
2014-07-22 05:22 - 2014-07-22 05:22 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-22 05:22 - 2014-07-22 05:22 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 05:21 - 2014-07-22 05:21 - 03736040 _____ (Piriform Ltd) C:\Users\Jinoru\Downloads\ccsetup415_slim.exe
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\IObit
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\IObit
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-22 03:44 - 2014-07-22 03:44 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-07-22 03:44 - 2014-07-22 03:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-07-22 03:42 - 2014-07-22 03:43 - 26163624 _____ (IObit ) C:\Users\Jinoru\Downloads\IObit-Malware-Figher-Setup2.4.1.16.exe
2014-07-22 03:42 - 2014-07-22 03:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Jinoru\Downloads\IObit Malware Fighter - CHIP-Installer.exe
2014-07-22 03:35 - 2009-07-13 18:39 - 00328704 _____ (Microsoft Corporation) C:\Users\Jinoru\Downloads\services.exe
2014-07-22 03:25 - 2014-07-22 03:25 - 00158058 _____ () C:\Users\Jinoru\Downloads\services64.zip
2014-07-21 09:50 - 2014-07-21 09:50 - 00042003 _____ () C:\Users\Jinoru\Downloads\TwitchTV App.zip
2014-07-21 09:31 - 2014-07-21 09:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\livestreamer
2014-07-21 09:31 - 2014-07-21 09:42 - 00000000 ____D () C:\Program Files (x86)\Livestreamer
2014-07-21 09:30 - 2014-07-21 09:31 - 04071155 _____ () C:\Users\Jinoru\Downloads\livestreamer-v1.8.2-win32-setup.exe
2014-07-21 09:13 - 2014-07-21 09:13 - 24677393 _____ () C:\Users\Jinoru\Downloads\vlc-2.1.3-win32.exe
2014-07-21 08:59 - 2014-07-22 06:54 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\vlc
2014-07-21 08:58 - 2014-07-21 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 08:57 - 2014-07-21 08:57 - 19985265 _____ () C:\Users\Jinoru\Downloads\vlc-1.1.5-win32.exe
2014-07-21 08:05 - 2014-07-21 08:05 - 00000000 ____D () C:\Windows\pss
2014-07-21 08:00 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-07-21 07:59 - 2014-07-21 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-21 07:59 - 2014-07-21 07:59 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\Documents\Rockstar Games
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Chromium
2014-07-21 06:01 - 2014-07-21 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-21 05:33 - 2014-07-21 06:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-21 05:33 - 2014-07-21 05:33 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-07-21 04:55 - 2014-07-21 04:56 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Program Files\CorsixTH
2014-07-19 03:46 - 2014-07-19 03:46 - 00000956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk
2014-07-19 03:43 - 2014-07-19 03:52 - 00000000 ____D () C:\Program Files (x86)\Age of Mythology Extended Edition
2014-07-16 16:23 - 2014-07-16 16:23 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 16:23 - 2014-07-16 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 16:23 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-16 16:23 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-16 16:23 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-16 16:23 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-07 17:44 - 2014-07-17 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2 OA
2014-07-07 17:44 - 2014-07-07 17:44 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio
2014-07-07 16:49 - 2014-07-07 18:02 - 00000000 ____D () C:\Users\Jinoru\Documents\ArmA 2
2014-07-07 16:49 - 2014-07-07 17:43 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 16:49 - 2014-07-07 16:50 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2
2014-07-07 16:49 - 2014-07-07 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 14:30 - 2014-07-07 14:31 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Sniper3
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\DayZCommander
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-07-06 21:12 - 2014-07-08 14:58 - 00000000 ____D () C:\Users\Jinoru\Documents\Xenonauts
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-06 21:08 - 2014-07-06 21:08 - 00000000 ____D () C:\GOG Games
2014-07-06 19:59 - 2014-07-06 20:09 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\BetterDS3
2014-07-05 15:47 - 2014-07-22 07:03 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn Hamachi
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\MotioninJoy
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-07-04 15:10 - 2011-12-07 19:42 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-07-04 15:10 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-07-04 15:10 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2014-07-04 15:09 - 2014-07-04 15:09 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-07-04 15:09 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-07-03 20:50 - 2014-07-03 20:50 - 00001000 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
2014-07-03 20:23 - 2014-07-03 20:53 - 00000000 ____D () C:\Program Files (x86)\Sniper Elite 3
2014-07-03 19:57 - 2014-07-03 19:57 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-07-03 19:18 - 2014-07-03 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-03 18:18 - 2014-07-03 18:18 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-03 18:18 - 2014-07-03 18:18 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-03 18:18 - 2014-07-03 18:18 - 00000000 ____D () C:\Program Files\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-03 17:53 - 2014-07-06 17:32 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Tunngle
2014-07-03 17:53 - 2014-07-06 17:32 - 00000000 ____D () C:\ProgramData\Tunngle
2014-07-03 17:53 - 2014-07-03 17:54 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-07-03 17:53 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-06-30 19:18 - 2014-06-30 19:24 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TeamViewer
2014-06-30 12:28 - 2014-06-30 12:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-06-30 12:16 - 2014-06-30 12:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PSPdispSideShow_x64_01_00_00.Wdf
2014-06-30 12:15 - 2014-06-30 12:18 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PSPdisp
2014-06-30 12:15 - 2014-06-30 12:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSPdisp
2014-06-30 12:15 - 2014-06-30 12:17 - 00000000 ____D () C:\Program Files (x86)\PSPdisp
2014-06-27 16:52 - 2014-06-28 12:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-23 10:58 - 2014-07-22 05:28 - 00000000 ____D () C:\Windows\Minidump
==================== One Month Modified Files and Folders =======
2014-07-22 07:42 - 2014-07-22 07:42 - 00015644 _____ () C:\Users\Jinoru\Downloads\FRST.txt
2014-07-22 07:42 - 2014-07-22 07:42 - 00000000 ____D () C:\FRST
2014-07-22 07:42 - 2014-07-22 07:41 - 02090496 _____ (Farbar) C:\Users\Jinoru\Downloads\FRST64.exe
2014-07-22 07:41 - 2014-07-22 07:41 - 00000474 _____ () C:\Users\Jinoru\Downloads\defogger_disable.log
2014-07-22 07:41 - 2014-07-22 07:41 - 00000000 _____ () C:\Users\Jinoru\defogger_reenable
2014-07-22 07:41 - 2014-06-03 19:52 - 00000000 ____D () C:\Users\Jinoru
2014-07-22 07:40 - 2014-07-22 07:40 - 00050477 _____ () C:\Users\Jinoru\Downloads\Defogger.exe
2014-07-22 07:29 - 2014-06-07 05:15 - 00000000 ____D () C:\Netzwrk
2014-07-22 07:08 - 2014-06-03 20:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-22 07:08 - 2014-06-03 20:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-22 07:08 - 2009-07-14 06:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 07:08 - 2009-07-14 06:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 07:07 - 2014-07-22 05:34 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieUserList
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieSiteList
2014-07-22 07:05 - 2011-04-12 09:43 - 00699230 _____ () C:\Windows\system32\perfh007.dat
2014-07-22 07:05 - 2011-04-12 09:43 - 00149112 _____ () C:\Windows\system32\perfc007.dat
2014-07-22 07:05 - 2009-07-14 07:13 - 01619832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 07:04 - 2014-06-03 19:51 - 01876137 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 07:03 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn Hamachi
2014-07-22 07:01 - 2014-07-22 07:01 - 00000344 _____ () C:\Windows\PFRO.log
2014-07-22 07:01 - 2014-07-22 05:39 - 00000374 _____ () C:\Windows\setupact.log
2014-07-22 07:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 06:58 - 2014-06-05 16:40 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-22 06:54 - 2014-07-21 08:59 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\vlc
2014-07-22 06:52 - 2014-06-20 10:52 - 00000296 _____ () C:\Windows\Tasks\Speedial.job
2014-07-22 06:01 - 2014-07-22 06:01 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-07-22 05:41 - 2014-07-22 05:41 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-22 05:41 - 2014-06-03 20:02 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-07-22 05:40 - 2014-07-22 05:40 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02117424 _____ () C:\Windows\system32\SStudio.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-07-22 05:40 - 2014-07-22 05:40 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-07-22 05:40 - 2014-07-22 05:40 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-07-22 05:40 - 2014-06-03 19:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-07-22 05:39 - 2014-07-22 05:39 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-07-22 05:39 - 2014-07-22 05:39 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-07-22 05:39 - 2014-07-22 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-22 05:38 - 2014-07-22 05:38 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-07-22 05:38 - 2014-07-22 05:38 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-07-22 05:38 - 2014-07-22 05:38 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-07-22 05:38 - 2014-07-22 05:38 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-07-22 05:38 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\IObit
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\ProgramData\IObit
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-22 05:34 - 2014-07-22 05:34 - 00001780 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Windows\system32\log
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\eCyber
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-07-22 05:34 - 2014-07-22 05:33 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\iSafe
2014-07-22 05:33 - 2014-07-22 05:33 - 12787224 _____ (Elex do Brasil Participações Ltda) C:\Users\Jinoru\Downloads\yet_another_cleaner_sk.exe
2014-07-22 05:28 - 2014-06-23 10:58 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 05:28 - 2014-06-19 13:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-22 05:28 - 2014-06-05 16:40 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TS3Client
2014-07-22 05:28 - 2012-05-09 12:46 - 00000000 ____D () C:\Windows\Panther
2014-07-22 05:22 - 2014-07-22 05:22 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-22 05:22 - 2014-07-22 05:22 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 05:21 - 2014-07-22 05:21 - 03736040 _____ (Piriform Ltd) C:\Users\Jinoru\Downloads\ccsetup415_slim.exe
2014-07-22 04:08 - 2014-06-03 22:07 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Avg2014
2014-07-22 03:58 - 2014-06-03 22:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-22 03:44 - 2014-07-22 03:44 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-07-22 03:44 - 2014-07-22 03:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-07-22 03:43 - 2014-07-22 03:42 - 26163624 _____ (IObit ) C:\Users\Jinoru\Downloads\IObit-Malware-Figher-Setup2.4.1.16.exe
2014-07-22 03:42 - 2014-07-22 03:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Jinoru\Downloads\IObit Malware Fighter - CHIP-Installer.exe
2014-07-22 03:25 - 2014-07-22 03:25 - 00158058 _____ () C:\Users\Jinoru\Downloads\services64.zip
2014-07-22 01:58 - 2014-06-04 17:13 - 00000000 ____D () C:\Users\Jinoru\Desktop\GAMES
2014-07-21 18:14 - 2014-06-03 22:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-21 10:24 - 2014-06-03 21:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Battle.net
2014-07-21 09:52 - 2014-06-04 17:13 - 00000000 ___RD () C:\Users\Jinoru\Desktop\Programme
2014-07-21 09:50 - 2014-07-21 09:50 - 00042003 _____ () C:\Users\Jinoru\Downloads\TwitchTV App.zip
2014-07-21 09:49 - 2014-07-21 09:31 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\livestreamer
2014-07-21 09:42 - 2014-07-21 09:31 - 00000000 ____D () C:\Program Files (x86)\Livestreamer
2014-07-21 09:31 - 2014-07-21 09:30 - 04071155 _____ () C:\Users\Jinoru\Downloads\livestreamer-v1.8.2-win32-setup.exe
2014-07-21 09:14 - 2014-07-21 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 09:13 - 2014-07-21 09:13 - 24677393 _____ () C:\Users\Jinoru\Downloads\vlc-2.1.3-win32.exe
2014-07-21 08:57 - 2014-07-21 08:57 - 19985265 _____ () C:\Users\Jinoru\Downloads\vlc-1.1.5-win32.exe
2014-07-21 08:05 - 2014-07-21 08:05 - 00000000 ____D () C:\Windows\pss
2014-07-21 07:59 - 2014-07-21 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-21 07:59 - 2014-07-21 07:59 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\Documents\Rockstar Games
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Chromium
2014-07-21 06:07 - 2014-07-21 05:33 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-21 06:01 - 2014-07-21 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-21 06:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-21 05:33 - 2014-07-21 05:33 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-07-21 05:33 - 2014-06-03 19:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-21 04:56 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Program Files\CorsixTH
2014-07-19 03:52 - 2014-07-19 03:43 - 00000000 ____D () C:\Program Files (x86)\Age of Mythology Extended Edition
2014-07-19 03:46 - 2014-07-19 03:46 - 00000956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk
2014-07-19 00:53 - 2014-06-20 11:52 - 00000094 _____ () C:\Users\Jinoru\AppData\Roaming\WB.CFG
2014-07-17 18:17 - 2014-07-07 17:44 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2 OA
2014-07-16 16:23 - 2014-07-16 16:23 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 16:23 - 2014-07-16 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 16:23 - 2014-06-20 10:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 16:23 - 2014-06-20 10:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 11:39 - 2014-07-22 05:34 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-14 15:29 - 2014-06-15 02:19 - 00000000 ____D () C:\Users\Jinoru\dwhelper
2014-07-11 03:02 - 2014-07-16 16:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-16 16:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-16 16:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-16 16:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 10:26 - 2014-06-03 21:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-09 11:18 - 2014-06-03 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-08 14:58 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\Documents\Xenonauts
2014-07-07 18:02 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\Documents\ArmA 2
2014-07-07 17:44 - 2014-07-07 17:44 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio
2014-07-07 17:43 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 16:50 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2
2014-07-07 16:49 - 2014-07-07 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 14:31 - 2014-07-07 14:30 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Sniper3
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\DayZCommander
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-07-06 23:19 - 2014-06-20 13:52 - 01645874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-06 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-06 21:08 - 2014-07-06 21:08 - 00000000 ____D () C:\GOG Games
2014-07-06 20:09 - 2014-07-06 19:59 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\BetterDS3
2014-07-06 17:32 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Tunngle
2014-07-06 17:32 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Tunngle
2014-07-05 21:40 - 2014-06-17 11:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Diablo III
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\MotioninJoy
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-07-04 15:09 - 2014-07-04 15:09 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-07-03 21:00 - 2014-06-03 20:15 - 00058336 _____ () C:\Users\Jinoru\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 20:53 - 2014-07-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Sniper Elite 3
2014-07-03 20:50 - 2014-07-03 20:50 - 00001000 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
2014-07-03 19:57 - 2014-07-03 19:57 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-07-03 19:18 - 2014-07-03 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-03 19:17 - 2009-07-14 06:45 - 00267704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-03 18:18 - 2014-07-03 18:18 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-03 18:18 - 2014-07-03 18:18 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-03 18:18 - 2014-07-03 18:18 - 00000000 ____D () C:\Program Files\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-03 17:54 - 2014-07-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-07-01 16:49 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-30 20:15 - 2014-06-14 13:34 - 00000000 ____D () C:\Users\Jinoru\Documents\StarCraft II
2014-06-30 19:24 - 2014-06-30 19:18 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TeamViewer
2014-06-30 12:28 - 2014-06-30 12:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-06-30 12:18 - 2014-06-30 12:15 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PSPdisp
2014-06-30 12:17 - 2014-06-30 12:15 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSPdisp
2014-06-30 12:17 - 2014-06-30 12:15 - 00000000 ____D () C:\Program Files (x86)\PSPdisp
2014-06-30 12:16 - 2014-06-30 12:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PSPdispSideShow_x64_01_00_00.Wdf
2014-06-28 12:23 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 23:25 - 2014-06-04 21:49 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-23 11:07 - 2014-06-03 20:21 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-06-23 10:57 - 2014-06-03 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
ZeroAccess:
C:\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}
C:\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}\@
C:\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}\U\00000004.@
C:\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}\U\00000008.@
C:\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}\U\000000cb.@
C:\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}\U\80000032.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-21 23:50
==================== End Of Log ============================
|
|
22.07.2014, 08:29
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Virus: Win64/Patched.A in c:\windows\system32\services.exe Hi,
__________________IObit Malwarefighter deinstallieren & Passwörter für sensible Logins von einem anderen (sauberen) PC aus ändern. Scan mit Combofix
__________________ |
|
22.07.2014, 12:53
| #3 |
| | Virus: Win64/Patched.A in c:\windows\system32\services.exe Danke für die schnelle Antwort deeprybka!
__________________Ich habe combofix gestartet und nachdem das Programm 50 Stufen fertiggestellt, und ein paar Dateien gelöscht hat, läuft es seit ca. zwei Stunden ohne weitere Veränderungen. Kann es sein, dass das Programm so viel zeit benötigt, um den Scan abzuschließen? IObit ist deinstalliert und keine Fehlermeldung von combofix. Ich schreibe jetzt auch von einem anderen Rechner, um combofix nicht zu stören. |
|
22.07.2014, 13:03
| #4 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Virus: Win64/Patched.A in c:\windows\system32\services.exeZitat:
Für den Fall, dass wirklich nichts mehr vorwärts geht, ist der nächste Schritt folgender: Schritt 1   Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
22.07.2014, 13:55
| #5 |
| | Virus: Win64/Patched.A in c:\windows\system32\services.exe Hi, ich habe combofix noch eineinhalb Stunden laufen lassen, aber es war immer noch alles unverändert. Ich habe das Programm dann geschlossen, den PC neu gestartet und mit FRST gescannt. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Jinoru (administrator) on JINORU-PC on 22-07-2014 14:42:43
Running from C:\Users\Jinoru\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93B16629587FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
FireFox:
========
FF ProfilePath: C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default
FF NewTab: google.at
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Jinoru\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\user.js
FF SearchPlugin: C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\searchplugins\Speedial.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\adremoveext@adremoveext.net [2014-07-22]
FF Extension: DownloadHelper - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-15]
FF Extension: Adblock Plus - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [345984 2014-07-07] ()
R2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1132032 2011-02-24] (Microsoft Corporation) [File not signed]
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-21] (Echobit LLC)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-03] (Echobit, LLC)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2010-10-02] (hxxp://libusb-win32.sourceforge.net)
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [760168 2011-02-23] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2011-02-23] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-02-23] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2011-02-23] (Microsoft Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 14:33 - 2014-07-22 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 14:33 - 2014-07-22 14:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 10:36 - 2014-07-22 10:44 - 00000000 ___SD () C:\ComboFix
2014-07-22 10:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 10:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 10:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 10:34 - 2014-07-22 10:35 - 00520736 _____ () C:\Windows\Minidump\072214-76877-01.dmp
2014-07-22 10:34 - 2014-07-22 10:34 - 810886948 _____ () C:\Windows\MEMORY.DMP
2014-07-22 10:21 - 2014-07-22 10:36 - 00000000 ____D () C:\Qoobox
2014-07-22 10:21 - 2014-07-22 10:22 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 09:48 - 2014-07-22 09:48 - 05562504 ____R (Swearware) C:\Users\Jinoru\Desktop\ComboFix.exe
2014-07-22 08:12 - 2014-07-22 07:43 - 00066023 _____ () C:\Users\Jinoru\Desktop\FRST.txt
2014-07-22 08:12 - 2014-07-22 07:43 - 00034093 _____ () C:\Users\Jinoru\Desktop\Addition.txt
2014-07-22 08:12 - 2014-07-22 07:41 - 00000474 _____ () C:\Users\Jinoru\Desktop\defogger_disable.log
2014-07-22 08:04 - 2014-07-22 08:04 - 00008705 _____ () C:\Users\Jinoru\Desktop\Gmer.txt
2014-07-22 07:45 - 2014-07-22 07:45 - 00380416 _____ () C:\Users\Jinoru\Downloads\Gmer-19357.exe
2014-07-22 07:43 - 2014-07-22 07:43 - 00034093 _____ () C:\Users\Jinoru\Downloads\Addition.txt
2014-07-22 07:42 - 2014-07-22 14:42 - 00013118 _____ () C:\Users\Jinoru\Downloads\FRST.txt
2014-07-22 07:42 - 2014-07-22 14:42 - 00000000 ____D () C:\FRST
2014-07-22 07:41 - 2014-07-22 07:42 - 02090496 _____ (Farbar) C:\Users\Jinoru\Downloads\FRST64.exe
2014-07-22 07:41 - 2014-07-22 07:41 - 00000474 _____ () C:\Users\Jinoru\Downloads\defogger_disable.log
2014-07-22 07:41 - 2014-07-22 07:41 - 00000000 _____ () C:\Users\Jinoru\defogger_reenable
2014-07-22 07:40 - 2014-07-22 07:40 - 00050477 _____ () C:\Users\Jinoru\Downloads\Defogger.exe
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieUserList
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieSiteList
2014-07-22 07:01 - 2014-07-22 14:33 - 00001210 _____ () C:\Windows\PFRO.log
2014-07-22 06:01 - 2014-07-22 06:01 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-07-22 05:41 - 2014-07-22 05:41 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-22 05:40 - 2014-07-22 05:40 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-07-22 05:40 - 2014-07-22 05:40 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02117424 _____ () C:\Windows\system32\SStudio.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-07-22 05:40 - 2014-07-22 05:40 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-07-22 05:40 - 2014-07-22 05:40 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-07-22 05:39 - 2014-07-22 14:33 - 00001046 _____ () C:\Windows\setupact.log
2014-07-22 05:39 - 2014-07-22 05:39 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-07-22 05:39 - 2014-07-22 05:39 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-07-22 05:39 - 2014-07-22 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-22 05:38 - 2014-07-22 05:38 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-07-22 05:38 - 2014-07-22 05:38 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-07-22 05:38 - 2014-07-22 05:38 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-07-22 05:38 - 2014-07-22 05:38 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-07-22 05:38 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Windows\system32\log
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\eCyber
2014-07-22 05:34 - 2014-07-16 11:39 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-22 05:33 - 2014-07-22 10:12 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\iSafe
2014-07-22 05:33 - 2014-07-22 05:33 - 12787224 _____ (Elex do Brasil Participações Ltda) C:\Users\Jinoru\Downloads\yet_another_cleaner_sk.exe
2014-07-22 05:22 - 2014-07-22 05:22 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-22 05:22 - 2014-07-22 05:22 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 05:21 - 2014-07-22 05:21 - 03736040 _____ (Piriform Ltd) C:\Users\Jinoru\Downloads\ccsetup415_slim.exe
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\IObit
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\IObit
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-22 03:42 - 2014-07-22 03:43 - 26163624 _____ (IObit ) C:\Users\Jinoru\Downloads\IObit-Malware-Figher-Setup2.4.1.16.exe
2014-07-22 03:42 - 2014-07-22 03:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Jinoru\Downloads\IObit Malware Fighter - CHIP-Installer.exe
2014-07-22 03:35 - 2009-07-13 18:39 - 00328704 _____ (Microsoft Corporation) C:\Users\Jinoru\Downloads\services.exe
2014-07-22 03:25 - 2014-07-22 03:25 - 00158058 _____ () C:\Users\Jinoru\Downloads\services64.zip
2014-07-21 09:50 - 2014-07-21 09:50 - 00042003 _____ () C:\Users\Jinoru\Downloads\TwitchTV App.zip
2014-07-21 09:31 - 2014-07-21 09:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\livestreamer
2014-07-21 09:31 - 2014-07-21 09:42 - 00000000 ____D () C:\Program Files (x86)\Livestreamer
2014-07-21 09:30 - 2014-07-21 09:31 - 04071155 _____ () C:\Users\Jinoru\Downloads\livestreamer-v1.8.2-win32-setup.exe
2014-07-21 09:13 - 2014-07-21 09:13 - 24677393 _____ () C:\Users\Jinoru\Downloads\vlc-2.1.3-win32.exe
2014-07-21 08:59 - 2014-07-22 06:54 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\vlc
2014-07-21 08:58 - 2014-07-21 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 08:57 - 2014-07-21 08:57 - 19985265 _____ () C:\Users\Jinoru\Downloads\vlc-1.1.5-win32.exe
2014-07-21 08:05 - 2014-07-21 08:05 - 00000000 ____D () C:\Windows\pss
2014-07-21 08:00 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\Documents\Rockstar Games
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Chromium
2014-07-21 06:01 - 2014-07-21 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-21 05:33 - 2014-07-21 06:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-21 05:33 - 2014-07-21 05:33 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-07-21 04:55 - 2014-07-21 04:56 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Program Files\CorsixTH
2014-07-19 03:46 - 2014-07-19 03:46 - 00000956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk
2014-07-19 03:43 - 2014-07-22 09:24 - 00000000 ____D () C:\Program Files (x86)\Age of Mythology Extended Edition
2014-07-16 16:23 - 2014-07-16 16:23 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 16:23 - 2014-07-16 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 16:23 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-16 16:23 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-16 16:23 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-16 16:23 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-07 17:44 - 2014-07-17 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2 OA
2014-07-07 17:44 - 2014-07-07 17:44 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio
2014-07-07 16:49 - 2014-07-07 18:02 - 00000000 ____D () C:\Users\Jinoru\Documents\ArmA 2
2014-07-07 16:49 - 2014-07-07 17:43 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 16:49 - 2014-07-07 16:50 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2
2014-07-07 16:49 - 2014-07-07 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 14:30 - 2014-07-07 14:31 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Sniper3
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\DayZCommander
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-07-06 21:12 - 2014-07-08 14:58 - 00000000 ____D () C:\Users\Jinoru\Documents\Xenonauts
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-06 21:08 - 2014-07-06 21:08 - 00000000 ____D () C:\GOG Games
2014-07-06 19:59 - 2014-07-06 20:09 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\BetterDS3
2014-07-05 15:47 - 2014-07-22 14:37 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn Hamachi
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\MotioninJoy
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-07-04 15:10 - 2011-12-07 19:42 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-07-04 15:10 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-07-04 15:10 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2014-07-04 15:09 - 2014-07-04 15:09 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-07-04 15:09 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-07-03 20:50 - 2014-07-03 20:50 - 00001000 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
2014-07-03 20:23 - 2014-07-03 20:53 - 00000000 ____D () C:\Program Files (x86)\Sniper Elite 3
2014-07-03 19:57 - 2014-07-03 19:57 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-07-03 19:18 - 2014-07-03 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-03 18:18 - 2014-07-03 18:18 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-03 18:18 - 2014-07-03 18:18 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-03 18:18 - 2014-07-03 18:18 - 00000000 ____D () C:\Program Files\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-03 17:53 - 2014-07-06 17:32 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Tunngle
2014-07-03 17:53 - 2014-07-06 17:32 - 00000000 ____D () C:\ProgramData\Tunngle
2014-07-03 17:53 - 2014-07-03 17:54 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-07-03 17:53 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-06-30 19:18 - 2014-06-30 19:24 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TeamViewer
2014-06-30 12:28 - 2014-06-30 12:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-06-30 12:16 - 2014-06-30 12:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PSPdispSideShow_x64_01_00_00.Wdf
2014-06-30 12:15 - 2014-06-30 12:18 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PSPdisp
2014-06-30 12:15 - 2014-06-30 12:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSPdisp
2014-06-30 12:15 - 2014-06-30 12:17 - 00000000 ____D () C:\Program Files (x86)\PSPdisp
2014-06-27 16:52 - 2014-06-28 12:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-23 10:58 - 2014-07-22 10:34 - 00000000 ____D () C:\Windows\Minidump
==================== One Month Modified Files and Folders =======
2014-07-22 14:42 - 2014-07-22 07:42 - 00013118 _____ () C:\Users\Jinoru\Downloads\FRST.txt
2014-07-22 14:42 - 2014-07-22 07:42 - 00000000 ____D () C:\FRST
2014-07-22 14:40 - 2009-07-14 06:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 14:40 - 2009-07-14 06:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 14:37 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn Hamachi
2014-07-22 14:37 - 2011-04-12 09:43 - 00699230 _____ () C:\Windows\system32\perfh007.dat
2014-07-22 14:37 - 2011-04-12 09:43 - 00149112 _____ () C:\Windows\system32\perfc007.dat
2014-07-22 14:37 - 2009-07-14 07:13 - 01619832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 14:33 - 2014-07-22 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 14:33 - 2014-07-22 14:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 14:33 - 2014-07-22 07:01 - 00001210 _____ () C:\Windows\PFRO.log
2014-07-22 14:33 - 2014-07-22 05:39 - 00001046 _____ () C:\Windows\setupact.log
2014-07-22 14:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 14:31 - 2014-06-03 19:51 - 01924088 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 13:52 - 2014-06-20 10:52 - 00000296 _____ () C:\Windows\Tasks\Speedial.job
2014-07-22 10:44 - 2014-07-22 10:36 - 00000000 ___SD () C:\ComboFix
2014-07-22 10:36 - 2014-07-22 10:21 - 00000000 ____D () C:\Qoobox
2014-07-22 10:35 - 2014-07-22 10:34 - 00520736 _____ () C:\Windows\Minidump\072214-76877-01.dmp
2014-07-22 10:35 - 2009-07-14 07:08 - 00011466 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-22 10:34 - 2014-07-22 10:34 - 810886948 _____ () C:\Windows\MEMORY.DMP
2014-07-22 10:34 - 2014-06-23 10:58 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 10:22 - 2014-07-22 10:21 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:21 - 2014-06-07 05:15 - 00000000 ____D () C:\Netzwrk
2014-07-22 10:12 - 2014-07-22 05:33 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\iSafe
2014-07-22 09:48 - 2014-07-22 09:48 - 05562504 ____R (Swearware) C:\Users\Jinoru\Desktop\ComboFix.exe
2014-07-22 09:24 - 2014-07-19 03:43 - 00000000 ____D () C:\Program Files (x86)\Age of Mythology Extended Edition
2014-07-22 08:26 - 2014-06-03 22:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-22 08:04 - 2014-07-22 08:04 - 00008705 _____ () C:\Users\Jinoru\Desktop\Gmer.txt
2014-07-22 07:45 - 2014-07-22 07:45 - 00380416 _____ () C:\Users\Jinoru\Downloads\Gmer-19357.exe
2014-07-22 07:43 - 2014-07-22 08:12 - 00066023 _____ () C:\Users\Jinoru\Desktop\FRST.txt
2014-07-22 07:43 - 2014-07-22 08:12 - 00034093 _____ () C:\Users\Jinoru\Desktop\Addition.txt
2014-07-22 07:43 - 2014-07-22 07:43 - 00034093 _____ () C:\Users\Jinoru\Downloads\Addition.txt
2014-07-22 07:42 - 2014-07-22 07:41 - 02090496 _____ (Farbar) C:\Users\Jinoru\Downloads\FRST64.exe
2014-07-22 07:41 - 2014-07-22 08:12 - 00000474 _____ () C:\Users\Jinoru\Desktop\defogger_disable.log
2014-07-22 07:41 - 2014-07-22 07:41 - 00000474 _____ () C:\Users\Jinoru\Downloads\defogger_disable.log
2014-07-22 07:41 - 2014-07-22 07:41 - 00000000 _____ () C:\Users\Jinoru\defogger_reenable
2014-07-22 07:41 - 2014-06-03 19:52 - 00000000 ____D () C:\Users\Jinoru
2014-07-22 07:40 - 2014-07-22 07:40 - 00050477 _____ () C:\Users\Jinoru\Downloads\Defogger.exe
2014-07-22 07:08 - 2014-06-03 20:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-22 07:08 - 2014-06-03 20:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieUserList
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieSiteList
2014-07-22 06:58 - 2014-06-05 16:40 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-22 06:54 - 2014-07-21 08:59 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\vlc
2014-07-22 06:01 - 2014-07-22 06:01 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-07-22 05:41 - 2014-07-22 05:41 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-22 05:41 - 2014-06-03 20:02 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-07-22 05:40 - 2014-07-22 05:40 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02117424 _____ () C:\Windows\system32\SStudio.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-07-22 05:40 - 2014-07-22 05:40 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-07-22 05:40 - 2014-07-22 05:40 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-07-22 05:40 - 2014-06-03 19:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-07-22 05:39 - 2014-07-22 05:39 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-07-22 05:39 - 2014-07-22 05:39 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-07-22 05:39 - 2014-07-22 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-22 05:38 - 2014-07-22 05:38 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-07-22 05:38 - 2014-07-22 05:38 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-07-22 05:38 - 2014-07-22 05:38 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-07-22 05:38 - 2014-07-22 05:38 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-07-22 05:38 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\IObit
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\ProgramData\IObit
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Windows\system32\log
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\eCyber
2014-07-22 05:33 - 2014-07-22 05:33 - 12787224 _____ (Elex do Brasil Participações Ltda) C:\Users\Jinoru\Downloads\yet_another_cleaner_sk.exe
2014-07-22 05:28 - 2014-06-19 13:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-22 05:28 - 2014-06-05 16:40 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TS3Client
2014-07-22 05:28 - 2012-05-09 12:46 - 00000000 ____D () C:\Windows\Panther
2014-07-22 05:22 - 2014-07-22 05:22 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-22 05:22 - 2014-07-22 05:22 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 05:21 - 2014-07-22 05:21 - 03736040 _____ (Piriform Ltd) C:\Users\Jinoru\Downloads\ccsetup415_slim.exe
2014-07-22 04:08 - 2014-06-03 22:07 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Avg2014
2014-07-22 03:58 - 2014-06-03 22:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-22 03:43 - 2014-07-22 03:42 - 26163624 _____ (IObit ) C:\Users\Jinoru\Downloads\IObit-Malware-Figher-Setup2.4.1.16.exe
2014-07-22 03:42 - 2014-07-22 03:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Jinoru\Downloads\IObit Malware Fighter - CHIP-Installer.exe
2014-07-22 03:25 - 2014-07-22 03:25 - 00158058 _____ () C:\Users\Jinoru\Downloads\services64.zip
2014-07-22 01:58 - 2014-06-04 17:13 - 00000000 ____D () C:\Users\Jinoru\Desktop\GAMES
2014-07-21 10:24 - 2014-06-03 21:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Battle.net
2014-07-21 09:52 - 2014-06-04 17:13 - 00000000 ___RD () C:\Users\Jinoru\Desktop\Programme
2014-07-21 09:50 - 2014-07-21 09:50 - 00042003 _____ () C:\Users\Jinoru\Downloads\TwitchTV App.zip
2014-07-21 09:49 - 2014-07-21 09:31 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\livestreamer
2014-07-21 09:42 - 2014-07-21 09:31 - 00000000 ____D () C:\Program Files (x86)\Livestreamer
2014-07-21 09:31 - 2014-07-21 09:30 - 04071155 _____ () C:\Users\Jinoru\Downloads\livestreamer-v1.8.2-win32-setup.exe
2014-07-21 09:14 - 2014-07-21 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 09:13 - 2014-07-21 09:13 - 24677393 _____ () C:\Users\Jinoru\Downloads\vlc-2.1.3-win32.exe
2014-07-21 08:57 - 2014-07-21 08:57 - 19985265 _____ () C:\Users\Jinoru\Downloads\vlc-1.1.5-win32.exe
2014-07-21 08:05 - 2014-07-21 08:05 - 00000000 ____D () C:\Windows\pss
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\Documents\Rockstar Games
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Chromium
2014-07-21 06:07 - 2014-07-21 05:33 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-21 06:01 - 2014-07-21 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-21 06:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-21 05:33 - 2014-07-21 05:33 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-07-21 05:33 - 2014-06-03 19:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-21 04:56 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Program Files\CorsixTH
2014-07-19 03:46 - 2014-07-19 03:46 - 00000956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk
2014-07-19 00:53 - 2014-06-20 11:52 - 00000094 _____ () C:\Users\Jinoru\AppData\Roaming\WB.CFG
2014-07-17 18:17 - 2014-07-07 17:44 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2 OA
2014-07-16 16:23 - 2014-07-16 16:23 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 16:23 - 2014-07-16 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 16:23 - 2014-06-20 10:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 16:23 - 2014-06-20 10:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 11:39 - 2014-07-22 05:34 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-14 15:29 - 2014-06-15 02:19 - 00000000 ____D () C:\Users\Jinoru\dwhelper
2014-07-11 03:02 - 2014-07-16 16:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-16 16:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-16 16:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-16 16:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 10:26 - 2014-06-03 21:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-09 11:18 - 2014-06-03 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-08 14:58 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\Documents\Xenonauts
2014-07-07 18:02 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\Documents\ArmA 2
2014-07-07 17:44 - 2014-07-07 17:44 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio
2014-07-07 17:43 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 16:50 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2
2014-07-07 16:49 - 2014-07-07 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 14:31 - 2014-07-07 14:30 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Sniper3
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\DayZCommander
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-07-06 23:19 - 2014-06-20 13:52 - 01645874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-06 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-06 21:08 - 2014-07-06 21:08 - 00000000 ____D () C:\GOG Games
2014-07-06 20:09 - 2014-07-06 19:59 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\BetterDS3
2014-07-06 17:32 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Tunngle
2014-07-06 17:32 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Tunngle
2014-07-05 21:40 - 2014-06-17 11:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Diablo III
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\MotioninJoy
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-07-04 15:09 - 2014-07-04 15:09 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-07-03 21:00 - 2014-06-03 20:15 - 00058336 _____ () C:\Users\Jinoru\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 20:53 - 2014-07-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Sniper Elite 3
2014-07-03 20:50 - 2014-07-03 20:50 - 00001000 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
2014-07-03 19:57 - 2014-07-03 19:57 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-07-03 19:18 - 2014-07-03 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-03 19:17 - 2009-07-14 06:45 - 00267704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-03 18:18 - 2014-07-03 18:18 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-03 18:18 - 2014-07-03 18:18 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-03 18:18 - 2014-07-03 18:18 - 00000000 ____D () C:\Program Files\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-03 17:54 - 2014-07-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-07-01 16:49 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-30 20:15 - 2014-06-14 13:34 - 00000000 ____D () C:\Users\Jinoru\Documents\StarCraft II
2014-06-30 19:24 - 2014-06-30 19:18 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TeamViewer
2014-06-30 12:28 - 2014-06-30 12:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-06-30 12:18 - 2014-06-30 12:15 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PSPdisp
2014-06-30 12:17 - 2014-06-30 12:15 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSPdisp
2014-06-30 12:17 - 2014-06-30 12:15 - 00000000 ____D () C:\Program Files (x86)\PSPdisp
2014-06-30 12:16 - 2014-06-30 12:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PSPdispSideShow_x64_01_00_00.Wdf
2014-06-28 12:23 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 23:25 - 2014-06-04 21:49 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-23 11:07 - 2014-06-03 20:21 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-06-23 10:57 - 2014-06-03 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-21 23:50
==================== End Of Log ============================
mfg Defendor |
|
22.07.2014, 14:50
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virus: Win64/Patched.A in c:\windows\system32\services.exe Hi, Combofix hat aber schon gearbeitet...  Bitte folgende Anweisungen genau durchführen: Schritt 1  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Reboot:
Hinweis: Der PC wird neugestartet. Poste mir jetzt das Fixlog. Anschließend: Schritt 2 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter cmd: netsh winsock reset
Nach dem erneuten Reboot: Schritt 3 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs. Jetzt bitte das Fixlog von Schritt 2 und die FRST.txt von Schritt 3 posten.
__________________ --> Virus: Win64/Patched.A in c:\windows\system32\services.exe |
|
22.07.2014, 16:47
| #7 |
| | Virus: Win64/Patched.A in c:\windows\system32\services.exe Super, dann habe ich also nicht vergebens gewartet  Hier die Fixlog.txt von Schritt 1: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Jinoru at 2014-07-22 17:12:57 Run:1
Running from C:\Users\Jinoru\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: hxxp://speedial.com/?f=1&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyEzyzztD0E0F0A0A0BtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0BtCyBtC0ByByCtG0E0A0AzztG0A0FtDyCtG0B0AtBzytGtB0DtC0F0Ezy0DyEzyzy0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0ByEyD0F0C0FtGzzzz0DzytGtB0DyDyEtGyDyCtCtBtGtC0C0FyDtCyBtC0DtAtAyEzy2Q&cr=282083095&ir=
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Reboot:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
The system needed a reboot.
==== End of Fixlog ====
Fixlog.txt von Schritt 2: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Jinoru at 2014-07-22 17:49:31 Run:3
Running from C:\Users\Jinoru\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
cmd: netsh winsock reset
*****************
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= End of CMD: =========
==== End of Fixlog ====
|
|
22.07.2014, 16:50
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virus: Win64/Patched.A in c:\windows\system32\services.exe Das war schon das richtige... Und jetzt noch FRST.txt
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
22.07.2014, 16:56
| #9 |
| | Virus: Win64/Patched.A in c:\windows\system32\services.exeFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Jinoru (administrator) on JINORU-PC on 22-07-2014 17:53:45
Running from C:\Users\Jinoru\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93B16629587FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default
FF NewTab: google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Jinoru\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\user.js
FF SearchPlugin: C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\searchplugins\Speedial.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\adremoveext@adremoveext.net [2014-07-22]
FF Extension: DownloadHelper - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-15]
FF Extension: Adblock Plus - C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [345984 2014-07-07] ()
R2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1132032 2011-02-24] (Microsoft Corporation) [File not signed]
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-21] (Echobit LLC)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-03] (Echobit, LLC)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2010-10-02] (hxxp://libusb-win32.sourceforge.net)
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [760168 2011-02-23] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2011-02-23] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-02-23] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2011-02-23] (Microsoft Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 17:53 - 2014-07-22 17:53 - 00009413 _____ () C:\Users\Jinoru\Downloads\FRST.txt
2014-07-22 14:57 - 2014-07-22 14:57 - 00064819 _____ () C:\Users\Jinoru\Desktop\FRST2.txt
2014-07-22 14:33 - 2014-07-22 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 14:33 - 2014-07-22 14:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 10:36 - 2014-07-22 10:44 - 00000000 ___SD () C:\ComboFix
2014-07-22 10:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 10:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 10:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 10:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 10:34 - 2014-07-22 10:35 - 00520736 _____ () C:\Windows\Minidump\072214-76877-01.dmp
2014-07-22 10:34 - 2014-07-22 10:34 - 810886948 _____ () C:\Windows\MEMORY.DMP
2014-07-22 10:21 - 2014-07-22 10:36 - 00000000 ____D () C:\Qoobox
2014-07-22 10:21 - 2014-07-22 10:22 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 09:48 - 2014-07-22 09:48 - 05562504 ____R (Swearware) C:\Users\Jinoru\Desktop\ComboFix.exe
2014-07-22 08:12 - 2014-07-22 07:43 - 00066023 _____ () C:\Users\Jinoru\Desktop\FRST.txt
2014-07-22 08:12 - 2014-07-22 07:43 - 00034093 _____ () C:\Users\Jinoru\Desktop\Addition.txt
2014-07-22 08:12 - 2014-07-22 07:41 - 00000474 _____ () C:\Users\Jinoru\Desktop\defogger_disable.log
2014-07-22 08:04 - 2014-07-22 08:04 - 00008705 _____ () C:\Users\Jinoru\Desktop\Gmer.txt
2014-07-22 07:45 - 2014-07-22 07:45 - 00380416 _____ () C:\Users\Jinoru\Downloads\Gmer-19357.exe
2014-07-22 07:43 - 2014-07-22 07:43 - 00034093 _____ () C:\Users\Jinoru\Downloads\Addition.txt
2014-07-22 07:42 - 2014-07-22 17:53 - 00000000 ____D () C:\FRST
2014-07-22 07:41 - 2014-07-22 07:42 - 02090496 _____ (Farbar) C:\Users\Jinoru\Downloads\FRST64.exe
2014-07-22 07:41 - 2014-07-22 07:41 - 00000474 _____ () C:\Users\Jinoru\Downloads\defogger_disable.log
2014-07-22 07:41 - 2014-07-22 07:41 - 00000000 _____ () C:\Users\Jinoru\defogger_reenable
2014-07-22 07:40 - 2014-07-22 07:40 - 00050477 _____ () C:\Users\Jinoru\Downloads\Defogger.exe
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieUserList
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieSiteList
2014-07-22 07:01 - 2014-07-22 14:33 - 00001210 _____ () C:\Windows\PFRO.log
2014-07-22 06:01 - 2014-07-22 06:01 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-07-22 05:41 - 2014-07-22 05:41 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-22 05:40 - 2014-07-22 05:40 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-07-22 05:40 - 2014-07-22 05:40 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02117424 _____ () C:\Windows\system32\SStudio.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-07-22 05:40 - 2014-07-22 05:40 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-07-22 05:40 - 2014-07-22 05:40 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-07-22 05:39 - 2014-07-22 17:52 - 00001270 _____ () C:\Windows\setupact.log
2014-07-22 05:39 - 2014-07-22 05:39 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-07-22 05:39 - 2014-07-22 05:39 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-07-22 05:39 - 2014-07-22 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-22 05:38 - 2014-07-22 05:38 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-07-22 05:38 - 2014-07-22 05:38 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-07-22 05:38 - 2014-07-22 05:38 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-07-22 05:38 - 2014-07-22 05:38 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-07-22 05:38 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Windows\system32\log
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\eCyber
2014-07-22 05:34 - 2014-07-16 11:39 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-22 05:33 - 2014-07-22 10:12 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\iSafe
2014-07-22 05:33 - 2014-07-22 05:33 - 12787224 _____ (Elex do Brasil Participações Ltda) C:\Users\Jinoru\Downloads\yet_another_cleaner_sk.exe
2014-07-22 05:22 - 2014-07-22 05:22 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-22 05:22 - 2014-07-22 05:22 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 05:21 - 2014-07-22 05:21 - 03736040 _____ (Piriform Ltd) C:\Users\Jinoru\Downloads\ccsetup415_slim.exe
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\IObit
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\IObit
2014-07-22 03:44 - 2014-07-22 05:38 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-22 03:42 - 2014-07-22 03:43 - 26163624 _____ (IObit ) C:\Users\Jinoru\Downloads\IObit-Malware-Figher-Setup2.4.1.16.exe
2014-07-22 03:42 - 2014-07-22 03:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Jinoru\Downloads\IObit Malware Fighter - CHIP-Installer.exe
2014-07-22 03:35 - 2009-07-13 18:39 - 00328704 _____ (Microsoft Corporation) C:\Users\Jinoru\Downloads\services.exe
2014-07-22 03:25 - 2014-07-22 03:25 - 00158058 _____ () C:\Users\Jinoru\Downloads\services64.zip
2014-07-21 09:50 - 2014-07-21 09:50 - 00042003 _____ () C:\Users\Jinoru\Downloads\TwitchTV App.zip
2014-07-21 09:31 - 2014-07-21 09:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\livestreamer
2014-07-21 09:31 - 2014-07-21 09:42 - 00000000 ____D () C:\Program Files (x86)\Livestreamer
2014-07-21 09:30 - 2014-07-21 09:31 - 04071155 _____ () C:\Users\Jinoru\Downloads\livestreamer-v1.8.2-win32-setup.exe
2014-07-21 09:13 - 2014-07-21 09:13 - 24677393 _____ () C:\Users\Jinoru\Downloads\vlc-2.1.3-win32.exe
2014-07-21 08:59 - 2014-07-22 06:54 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\vlc
2014-07-21 08:58 - 2014-07-21 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 08:57 - 2014-07-21 08:57 - 19985265 _____ () C:\Users\Jinoru\Downloads\vlc-1.1.5-win32.exe
2014-07-21 08:05 - 2014-07-21 08:05 - 00000000 ____D () C:\Windows\pss
2014-07-21 08:00 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\Documents\Rockstar Games
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Chromium
2014-07-21 06:01 - 2014-07-21 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-21 05:33 - 2014-07-21 06:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-21 05:33 - 2014-07-21 05:33 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-07-21 04:55 - 2014-07-21 04:56 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Program Files\CorsixTH
2014-07-19 03:46 - 2014-07-19 03:46 - 00000956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk
2014-07-19 03:43 - 2014-07-22 09:24 - 00000000 ____D () C:\Program Files (x86)\Age of Mythology Extended Edition
2014-07-16 16:23 - 2014-07-16 16:23 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 16:23 - 2014-07-16 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 16:23 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-16 16:23 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-16 16:23 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-16 16:23 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-07 17:44 - 2014-07-17 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2 OA
2014-07-07 17:44 - 2014-07-07 17:44 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio
2014-07-07 16:49 - 2014-07-07 18:02 - 00000000 ____D () C:\Users\Jinoru\Documents\ArmA 2
2014-07-07 16:49 - 2014-07-07 17:43 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 16:49 - 2014-07-07 16:50 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2
2014-07-07 16:49 - 2014-07-07 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 14:30 - 2014-07-07 14:31 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Sniper3
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\DayZCommander
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-07-06 21:12 - 2014-07-08 14:58 - 00000000 ____D () C:\Users\Jinoru\Documents\Xenonauts
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-06 21:08 - 2014-07-06 21:08 - 00000000 ____D () C:\GOG Games
2014-07-06 19:59 - 2014-07-06 20:09 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\BetterDS3
2014-07-05 15:47 - 2014-07-22 17:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn Hamachi
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\MotioninJoy
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-07-04 15:10 - 2011-12-07 19:42 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-07-04 15:10 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-07-04 15:10 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2014-07-04 15:09 - 2014-07-04 15:09 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-07-04 15:09 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-07-03 20:50 - 2014-07-03 20:50 - 00001000 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
2014-07-03 20:23 - 2014-07-03 20:53 - 00000000 ____D () C:\Program Files (x86)\Sniper Elite 3
2014-07-03 19:57 - 2014-07-03 19:57 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-07-03 19:18 - 2014-07-03 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-03 18:18 - 2014-07-03 18:18 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-03 18:18 - 2014-07-03 18:18 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-03 18:18 - 2014-07-03 18:18 - 00000000 ____D () C:\Program Files\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-03 17:53 - 2014-07-06 17:32 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Tunngle
2014-07-03 17:53 - 2014-07-06 17:32 - 00000000 ____D () C:\ProgramData\Tunngle
2014-07-03 17:53 - 2014-07-03 17:54 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-07-03 17:53 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-06-30 19:18 - 2014-06-30 19:24 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TeamViewer
2014-06-30 12:28 - 2014-06-30 12:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-06-30 12:16 - 2014-06-30 12:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PSPdispSideShow_x64_01_00_00.Wdf
2014-06-30 12:15 - 2014-06-30 12:18 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PSPdisp
2014-06-30 12:15 - 2014-06-30 12:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSPdisp
2014-06-30 12:15 - 2014-06-30 12:17 - 00000000 ____D () C:\Program Files (x86)\PSPdisp
2014-06-27 16:52 - 2014-06-28 12:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-23 10:58 - 2014-07-22 10:34 - 00000000 ____D () C:\Windows\Minidump
==================== One Month Modified Files and Folders =======
2014-07-22 17:54 - 2014-07-22 17:53 - 00009413 _____ () C:\Users\Jinoru\Downloads\FRST.txt
2014-07-22 17:53 - 2014-07-22 07:42 - 00000000 ____D () C:\FRST
2014-07-22 17:52 - 2014-07-22 05:39 - 00001270 _____ () C:\Windows\setupact.log
2014-07-22 17:52 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn Hamachi
2014-07-22 17:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 17:50 - 2014-06-03 19:51 - 01928843 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 17:22 - 2009-07-14 06:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 17:22 - 2009-07-14 06:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 17:19 - 2011-04-12 09:43 - 00699230 _____ () C:\Windows\system32\perfh007.dat
2014-07-22 17:19 - 2011-04-12 09:43 - 00149112 _____ () C:\Windows\system32\perfc007.dat
2014-07-22 17:19 - 2009-07-14 07:13 - 01619832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 17:12 - 2014-06-07 05:15 - 00000000 ____D () C:\Netzwrk
2014-07-22 16:52 - 2014-06-20 10:52 - 00000296 _____ () C:\Windows\Tasks\Speedial.job
2014-07-22 14:57 - 2014-07-22 14:57 - 00064819 _____ () C:\Users\Jinoru\Desktop\FRST2.txt
2014-07-22 14:33 - 2014-07-22 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 14:33 - 2014-07-22 14:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 14:33 - 2014-07-22 07:01 - 00001210 _____ () C:\Windows\PFRO.log
2014-07-22 10:44 - 2014-07-22 10:36 - 00000000 ___SD () C:\ComboFix
2014-07-22 10:36 - 2014-07-22 10:21 - 00000000 ____D () C:\Qoobox
2014-07-22 10:35 - 2014-07-22 10:34 - 00520736 _____ () C:\Windows\Minidump\072214-76877-01.dmp
2014-07-22 10:35 - 2009-07-14 07:08 - 00011970 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-22 10:34 - 2014-07-22 10:34 - 810886948 _____ () C:\Windows\MEMORY.DMP
2014-07-22 10:34 - 2014-06-23 10:58 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 10:22 - 2014-07-22 10:21 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:12 - 2014-07-22 05:33 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\iSafe
2014-07-22 09:48 - 2014-07-22 09:48 - 05562504 ____R (Swearware) C:\Users\Jinoru\Desktop\ComboFix.exe
2014-07-22 09:24 - 2014-07-19 03:43 - 00000000 ____D () C:\Program Files (x86)\Age of Mythology Extended Edition
2014-07-22 08:26 - 2014-06-03 22:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-22 08:04 - 2014-07-22 08:04 - 00008705 _____ () C:\Users\Jinoru\Desktop\Gmer.txt
2014-07-22 07:45 - 2014-07-22 07:45 - 00380416 _____ () C:\Users\Jinoru\Downloads\Gmer-19357.exe
2014-07-22 07:43 - 2014-07-22 08:12 - 00066023 _____ () C:\Users\Jinoru\Desktop\FRST.txt
2014-07-22 07:43 - 2014-07-22 08:12 - 00034093 _____ () C:\Users\Jinoru\Desktop\Addition.txt
2014-07-22 07:43 - 2014-07-22 07:43 - 00034093 _____ () C:\Users\Jinoru\Downloads\Addition.txt
2014-07-22 07:42 - 2014-07-22 07:41 - 02090496 _____ (Farbar) C:\Users\Jinoru\Downloads\FRST64.exe
2014-07-22 07:41 - 2014-07-22 08:12 - 00000474 _____ () C:\Users\Jinoru\Desktop\defogger_disable.log
2014-07-22 07:41 - 2014-07-22 07:41 - 00000474 _____ () C:\Users\Jinoru\Downloads\defogger_disable.log
2014-07-22 07:41 - 2014-07-22 07:41 - 00000000 _____ () C:\Users\Jinoru\defogger_reenable
2014-07-22 07:41 - 2014-06-03 19:52 - 00000000 ____D () C:\Users\Jinoru
2014-07-22 07:40 - 2014-07-22 07:40 - 00050477 _____ () C:\Users\Jinoru\Downloads\Defogger.exe
2014-07-22 07:08 - 2014-06-03 20:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-22 07:08 - 2014-06-03 20:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieUserList
2014-07-22 07:06 - 2014-07-22 07:06 - 00000000 __SHD () C:\Users\Jinoru\AppData\Local\EmieSiteList
2014-07-22 06:58 - 2014-06-05 16:40 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-22 06:54 - 2014-07-21 08:59 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\vlc
2014-07-22 06:01 - 2014-07-22 06:01 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-07-22 05:41 - 2014-07-22 05:41 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-07-22 05:41 - 2014-07-22 05:41 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-22 05:41 - 2014-06-03 20:02 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-07-22 05:40 - 2014-07-22 05:40 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-07-22 05:40 - 2014-07-22 05:40 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02117424 _____ () C:\Windows\system32\SStudio.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-07-22 05:40 - 2014-07-22 05:40 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-07-22 05:40 - 2014-07-22 05:40 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
2014-07-22 05:40 - 2014-07-22 05:40 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-07-22 05:40 - 2014-06-03 19:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-07-22 05:39 - 2014-07-22 05:39 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-07-22 05:39 - 2014-07-22 05:39 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-07-22 05:39 - 2014-07-22 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-22 05:38 - 2014-07-22 05:38 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-07-22 05:38 - 2014-07-22 05:38 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-07-22 05:38 - 2014-07-22 05:38 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-07-22 05:38 - 2014-07-22 05:38 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-07-22 05:38 - 2014-07-22 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\IObit
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\ProgramData\IObit
2014-07-22 05:38 - 2014-07-22 03:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Windows\system32\log
2014-07-22 05:34 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\eCyber
2014-07-22 05:33 - 2014-07-22 05:33 - 12787224 _____ (Elex do Brasil Participações Ltda) C:\Users\Jinoru\Downloads\yet_another_cleaner_sk.exe
2014-07-22 05:28 - 2014-06-19 13:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-22 05:28 - 2014-06-05 16:40 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TS3Client
2014-07-22 05:28 - 2012-05-09 12:46 - 00000000 ____D () C:\Windows\Panther
2014-07-22 05:22 - 2014-07-22 05:22 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-22 05:22 - 2014-07-22 05:22 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-22 05:22 - 2014-07-22 05:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 05:21 - 2014-07-22 05:21 - 03736040 _____ (Piriform Ltd) C:\Users\Jinoru\Downloads\ccsetup415_slim.exe
2014-07-22 04:08 - 2014-06-03 22:07 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Avg2014
2014-07-22 03:58 - 2014-06-03 22:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-22 03:43 - 2014-07-22 03:42 - 26163624 _____ (IObit ) C:\Users\Jinoru\Downloads\IObit-Malware-Figher-Setup2.4.1.16.exe
2014-07-22 03:42 - 2014-07-22 03:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Jinoru\Downloads\IObit Malware Fighter - CHIP-Installer.exe
2014-07-22 03:25 - 2014-07-22 03:25 - 00158058 _____ () C:\Users\Jinoru\Downloads\services64.zip
2014-07-22 01:58 - 2014-06-04 17:13 - 00000000 ____D () C:\Users\Jinoru\Desktop\GAMES
2014-07-21 10:24 - 2014-06-03 21:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Battle.net
2014-07-21 09:52 - 2014-06-04 17:13 - 00000000 ___RD () C:\Users\Jinoru\Desktop\Programme
2014-07-21 09:50 - 2014-07-21 09:50 - 00042003 _____ () C:\Users\Jinoru\Downloads\TwitchTV App.zip
2014-07-21 09:49 - 2014-07-21 09:31 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\livestreamer
2014-07-21 09:42 - 2014-07-21 09:31 - 00000000 ____D () C:\Program Files (x86)\Livestreamer
2014-07-21 09:31 - 2014-07-21 09:30 - 04071155 _____ () C:\Users\Jinoru\Downloads\livestreamer-v1.8.2-win32-setup.exe
2014-07-21 09:14 - 2014-07-21 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 09:13 - 2014-07-21 09:13 - 24677393 _____ () C:\Users\Jinoru\Downloads\vlc-2.1.3-win32.exe
2014-07-21 08:57 - 2014-07-21 08:57 - 19985265 _____ () C:\Users\Jinoru\Downloads\vlc-1.1.5-win32.exe
2014-07-21 08:05 - 2014-07-21 08:05 - 00000000 ____D () C:\Windows\pss
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\Documents\Rockstar Games
2014-07-21 06:46 - 2014-07-21 06:46 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Chromium
2014-07-21 06:07 - 2014-07-21 05:33 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-21 06:01 - 2014-07-21 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-21 06:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-21 05:33 - 2014-07-21 05:33 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-07-21 05:33 - 2014-06-03 19:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-21 04:56 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CorsixTH
2014-07-21 04:55 - 2014-07-21 04:55 - 00000000 ____D () C:\Program Files\CorsixTH
2014-07-19 03:46 - 2014-07-19 03:46 - 00000956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk
2014-07-19 00:53 - 2014-06-20 11:52 - 00000094 _____ () C:\Users\Jinoru\AppData\Roaming\WB.CFG
2014-07-17 18:17 - 2014-07-07 17:44 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2 OA
2014-07-16 16:23 - 2014-07-16 16:23 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 16:23 - 2014-07-16 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 16:23 - 2014-06-20 10:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 16:23 - 2014-06-20 10:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 11:39 - 2014-07-22 05:34 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-14 15:29 - 2014-06-15 02:19 - 00000000 ____D () C:\Users\Jinoru\dwhelper
2014-07-11 03:02 - 2014-07-16 16:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-16 16:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-16 16:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-16 16:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 10:26 - 2014-06-03 21:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-09 11:18 - 2014-06-03 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-08 14:58 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\Documents\Xenonauts
2014-07-07 18:02 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\Documents\ArmA 2
2014-07-07 17:44 - 2014-07-07 17:44 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio
2014-07-07 17:43 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 16:50 - 2014-07-07 16:49 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\ArmA 2
2014-07-07 16:49 - 2014-07-07 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-07 14:31 - 2014-07-07 14:30 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Sniper3
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\DayZCommander
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-06 23:19 - 2014-07-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-07-06 23:19 - 2014-06-20 13:52 - 01645874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-06 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-07-06 21:12 - 2014-07-06 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-06 21:08 - 2014-07-06 21:08 - 00000000 ____D () C:\GOG Games
2014-07-06 20:09 - 2014-07-06 19:59 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\BetterDS3
2014-07-06 17:32 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Tunngle
2014-07-06 17:32 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Tunngle
2014-07-05 21:40 - 2014-06-17 11:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Diablo III
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\LogMeIn
2014-07-05 15:47 - 2014-07-05 15:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\MotioninJoy
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-07-04 15:09 - 2014-07-04 15:09 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-07-03 21:00 - 2014-06-03 20:15 - 00058336 _____ () C:\Users\Jinoru\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 20:53 - 2014-07-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Sniper Elite 3
2014-07-03 20:50 - 2014-07-03 20:50 - 00001000 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
2014-07-03 19:57 - 2014-07-03 19:57 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-07-03 19:18 - 2014-07-03 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-03 19:17 - 2009-07-14 06:45 - 00267704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-03 18:18 - 2014-07-03 18:18 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-03 18:18 - 2014-07-03 18:18 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-03 18:18 - 2014-07-03 18:18 - 00000000 ____D () C:\Program Files\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Echobit
2014-07-03 18:17 - 2014-07-03 18:17 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-03 17:54 - 2014-07-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Jinoru\Documents\Tunngle
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-07-01 16:49 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-30 20:15 - 2014-06-14 13:34 - 00000000 ____D () C:\Users\Jinoru\Documents\StarCraft II
2014-06-30 19:24 - 2014-06-30 19:18 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\TeamViewer
2014-06-30 12:28 - 2014-06-30 12:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-06-30 12:18 - 2014-06-30 12:15 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\PSPdisp
2014-06-30 12:17 - 2014-06-30 12:15 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSPdisp
2014-06-30 12:17 - 2014-06-30 12:15 - 00000000 ____D () C:\Program Files (x86)\PSPdisp
2014-06-30 12:16 - 2014-06-30 12:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PSPdispSideShow_x64_01_00_00.Wdf
2014-06-28 12:23 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Roaming\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\Users\Jinoru\AppData\Local\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Skype
2014-06-27 16:52 - 2014-06-27 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 23:25 - 2014-06-04 21:49 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-06-24 08:07 - 2014-06-24 08:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-23 11:07 - 2014-06-03 20:21 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-06-23 10:57 - 2014-06-03 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-21 23:50
==================== End Of Log ============================
Nach Schritt 2 verlangte FRST keinen Neustart, ich habe manuell neu gestartet. Gruß Defendor |
|
22.07.2014, 17:03
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virus: Win64/Patched.A in c:\windows\system32\services.exe Prima...  ZeroAccess, den Sauhund, haben wir von der Platte geputzt und den Schaden soweit sichtbar repariert (Winsock). Jetzt machen wir noch letzte Kontrollen, die aber auch wichtig sind: Schritt 1  Malwarebytes Antimalware
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
22.07.2014, 17:46
| #11 |
| | Virus: Win64/Patched.A in c:\windows\system32\services.exe Wunderbar Ich mag Tiere sehr gerne, aber Sauhunde haben auf meinem PC nichts verloren!Allerdings hat der Scanner ein paar Sachen gefunden, die ich in Quarantäne verschoben habe. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.07.2014 Suchlauf-Zeit: 18:12:54 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.22.05 Rootkit Datenbank: v2014.07.17.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Jinoru Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 278590 Verstrichene Zeit: 6 Min, 40 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUM.Hijack.StartMenu, HKU\S-1-5-21-578131232-4241386587-3927081175-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Gut: (1), Schlecht: (0),Ersetzt,[851cddc3651660d654d8dad030d4d62a] Ordner: 2 PUP.Optional.Speedial.A, C:\Users\Jinoru\AppData\Roaming\Speedial, In Quarantäne, [4d54c1dfc0bb5fd7989411a22bd7a65a], PUP.Optional.Speedial.A, C:\Users\Jinoru\AppData\Roaming\Speedial\UpdateProc, In Quarantäne, [4d54c1dfc0bb5fd7989411a22bd7a65a], Dateien: 8 PUP.Optional.Speedial, C:\Windows\System32\Tasks\Speedial, In Quarantäne, [dbc608988fec5adcfd24cdfe5aa830d0], PUP.Optional.Speedial, C:\Windows\Tasks\Speedial.job, In Quarantäne, [dbc6dec29ddecf67b76caa21e121bd43], PUP.Optional.Speedial.A, C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\searchplugins\Speedial.xml, In Quarantäne, [9011b5eb6b10e1551952dbfcbc4644bc], PUP.Optional.Speedial.A, C:\Users\Jinoru\AppData\Roaming\Speedial\UpdateProc\config.dat, In Quarantäne, [4d54c1dfc0bb5fd7989411a22bd7a65a], PUP.Optional.Speedial.A, C:\Users\Jinoru\AppData\Roaming\Speedial\UpdateProc\info.dat, In Quarantäne, [4d54c1dfc0bb5fd7989411a22bd7a65a], PUP.Optional.Speedial.A, C:\Users\Jinoru\AppData\Roaming\Speedial\UpdateProc\STTL.DAT, In Quarantäne, [4d54c1dfc0bb5fd7989411a22bd7a65a], PUP.Optional.Speedial.A, C:\Users\Jinoru\AppData\Roaming\Speedial\UpdateProc\TTL.DAT, In Quarantäne, [4d54c1dfc0bb5fd7989411a22bd7a65a], PUP.Optional.CrossRider.A, C:\Users\Jinoru\AppData\Roaming\Mozilla\Firefox\Profiles\0v7l5evl.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14662f73d70a71aa64330b3ce0b584e8");), Ersetzt,[c1e0722ea3d8ea4c274b706deb19b848] Physische Sektoren: 0 (No malicious items detected) (end) Grüße Defendor |
|
22.07.2014, 17:57
| #12 | ||
| /// TB-Ausbilder /// Anleitungs-Guru | Virus: Win64/Patched.A in c:\windows\system32\services.exeZitat:
Zitat:
Dauert eh lange...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
22.07.2014, 18:19
| #13 |
| | Virus: Win64/Patched.A in c:\windows\system32\services.exe Das ist eigenartig. Ich wollte wie immer über die Systemsteuerung die Windows-Firewall deaktivieren, aber die Optionen sind alle nicht mehr sichtbar. So als hätte ich plötzlich gar keine Windows-Firewall mehr. Egal auf welchen Menüpunkt ich am linken Rand klicke, es steht immer nur dort, dass man mithilfe einer Firewall den Computer schützen kann usw. Nur einen button für "Empfohlene Einstellunen" kann ich anwählen, aber wenn ich draufklicke, kommt eine Fehlermeldung die mir sagt, dass einige der Einstellungen von der Windows-Firewall nicht übernommen werden könnnen und ein Fehlercode. |
|
22.07.2014, 18:22
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virus: Win64/Patched.A in c:\windows\system32\services.exe Das Sicherheitscenter müssen wir evtl. noch reparieren. Das hat auch der "Sauhund" auf dem Gewissen.  Starte einfach ESET. Passt scho...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
23.07.2014, 07:00
| #15 |
| | Virus: Win64/Patched.A in c:\windows\system32\services.exe Guten Morgen ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=892644c90fa2aa4ab69e7b8621b4ecba
# engine=19295
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-23 05:07:18
# local_time=2014-07-23 07:07:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus 2014'
# compatibility_mode=1050 16777213 100 100 81560 93226022 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4157421 157721888 0 0
# scanned=404823
# found=14
# cleaned=0
# scan_time=41891
sh=CEEFED45CCD70527CC26AE53C1D84438BE174E3C ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Netzwrk\rld-mpd.iso"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung" ac=I fn="C:\Netzwrk\rld-snel3.iso"
sh=4911960E9DB71C79172D9323DC1D2FDC2EA73382 ft=1 fh=2bf075b33473e658 vn="Variante von Win32/Sirefef.GC Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}\U\80000032.@.vir"
sh=5E9697BCE177E6D3148C9D86B8771A21A9CC2559 ft=1 fh=09aafdb7071863eb vn="Variante von Win64/Sirefef.BK Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{8c8e8ca7-9ea5-7a5c-b169-9a2e877fd82b}\U\80000064.@.vir"
sh=CCB938D9BEA1626D4786D96ED26A96EE392E314B ft=1 fh=0c5d2e9df5c5a0a5 vn="Win64/Sirefef.AX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir"
sh=8BBA91690229C811D85D87E463FA24E88F080757 ft=1 fh=18c6a5a2908d7ace vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jinoru\Downloads\IObit Malware Fighter - CHIP-Installer.exe"
sh=938ECFD65ABE1740FD4A3E3FBA6ADCED5908F45A ft=1 fh=063c007ae433a8da vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Windows\Setup\Scripts\Windows7Loader.exe"
sh=8BFD9E0D4BD2381A10798369416D52DD44A7AE95 ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="E:\Windows Vista Home Basic SP2 (32 Bit)\Windows Vista Home Basic SP2 (32 Bit).iso"
sh=2C82ED97B34F8EE5F06ED6FB7F660D89163CA932 ft=1 fh=da17217a0037ec8a vn="Variante von Win32/MessengerPlus evtl. unerwünschte Anwendung" ac=I fn="F:\System Volume Information\_restore{E4700945-9CA6-4853-9C86-0C8437DC5289}\RP113\A0011152.exe"
sh=C2C051F6BDEC9936387342933DC44B2446D4F2A7 ft=1 fh=6d331a11c760ade7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Jinoru\b__Verschiedenes\apps\ISObuster\isobuster_all_lang.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="F:\Jinoru\b__Verschiedenes\apps\unlocker\Unlocker1.9.1.exe"
sh=8BC02363EEEA6244D926E714B69849E6F466F8DE ft=1 fh=999267bd833d3e36 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Jinoru\b__Verschiedenes\apps\YouTubeDownloader\FreeYouTubeDownload_210.exe"
sh=101FB24208B1B179B1D6546FA7A75C2F77BAE0C9 ft=1 fh=d7d4227c0eda59ca vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\Jinoru\b__Verschiedenes\apps\Ashampoo Photo Commander\ashampoo_photo_commander_9_9.4.3_11588.exe"
sh=78FDA1ABB5C4ED0675613423536A6D9DEC89C187 ft=1 fh=370e1c14c773c4a9 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="F:\Jinoru\b__Verschiedenes\apps\PSP Video 9\pspvideo9-600-setup.exe"
FSS Log: Code:
ATTFilter Farbar Service Scanner Version: 21-07-2014
Ran by Jinoru (administrator) on 23-07-2014 at 08:03:20
Running from "C:\Users\Jinoru\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Defendor Geändert von Defendor (23.07.2014 um 07:20 Uhr) |
|
| Themen zu Virus: Win64/Patched.A in c:\windows\system32\services.exe |
| 0x8007042, 4d36e972-e325-11ce-bfc1-08002be10318, avg antivirus, branding, ccsetup, newtab, pc speed maximizer, pum.hijack.startmenu, pup.optional.crossrider.a, pup.optional.speedial, pup.optional.speedial.a, speedial, win32/adware.adon, win32/downloadsponsor.a, win32/hacktool.crack.bl, win32/hacktool.winactivator.i, win32/packed.vmprotect.aah, win32/sirefef.gc, win32/toolbar.conduit, win32/toolbar.conduit.b, win64/patched.a, win64/sirefef.ax, win64/sirefef.bk |
WARNUNG an die MITLESER: 
Linear-Darstellung
