Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HEUR:Exploit.Java.CVE-2013-2423.gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.07.2013, 23:16   #1
Xplosion
 
HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Hallo Trojaner board,

mich hat es erwischt.

Kaspersky Internet Security 2013 (Testversion) hat bei mir das Tjojanische Pferd HEUR:Exploit.Java.CVE-2013-2423.gen gefunden und kann es nicht löschen oder reparieren.
Ich hatte vorher immer microsoft essential drauf, der hat nie was gefunden.


Kaspersky:
Zitat:
Typ: trojanisches Programm (1)
HEUR:Exploit.Java.CVE-2013-2423.gen Gefunden; nicht verarbeitet 21.07.2013 21:53:17 C:\Documents and Settings\Xplosion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\ 54ce3ba-34856fb8
Defogger disable log:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:24 on 21/07/2013 (Xplosion)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL.txt
Zitat:
OTL logfile created on: 21.07.2013 22:26:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Xplosion\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,47 Gb Available Physical Memory | 80,83% Memory free
16,00 Gb Paging File | 14,11 Gb Available in Paging File | 88,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 303,30 Gb Free Space | 65,12% Space Free | Partition Type: NTFS

Computer Name: XPLOSION-PC | User Name: Xplosion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.21 22:11:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xplosion\Desktop\OTL.exe
PRC - [2013.07.08 22:21:27 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2013.07.08 20:50:46 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.07.03 23:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.07.03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.31 21:18:04 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.03.09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.03.05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009.05.05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2001.12.13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE


========== Modules (No Company Name) ==========

MOD - [2013.07.08 20:50:47 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.07.08 20:50:47 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.07.08 20:50:47 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll


========== Services (SafeList) ==========

SRV - [2013.07.08 20:50:57 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.07.03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.06.16 16:11:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.16 07:27:22 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.31 21:18:04 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010.01.25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2002.04.12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.07.21 15:12:24 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.05.16 07:27:20 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.05.16 07:27:20 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.05.16 07:27:20 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013.05.16 07:27:20 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.31 06:42:14 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012.10.31 06:42:12 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012.10.28 02:18:51 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.10.28 01:35:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.05.13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.05.13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 35 8C A8 DF F8 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.07.21 15:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.07.21 15:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.07.21 15:02:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.07.21 15:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.07.21 15:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.08 20:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012.10.28 02:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xplosion\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Erster Nutzer = C:\Users\Xplosion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CA5A372-689A-4224-A1E0-DDA35CA6BBED}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEEC7AF9-E615-43E0-A083-1CA27CF252F8}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.21 22:11:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Xplosion\Desktop\OTL.exe
[2013.07.21 22:03:14 | 000,000,000 | ---D | C] -- C:\Users\Xplosion\AppData\Local\Programs
[2013.07.21 15:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.07.21 15:04:06 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.07.21 15:02:48 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.07.21 15:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.07.21 15:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.07.21 15:02:24 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.07.21 15:02:24 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.07.17 18:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13
[2013.07.16 21:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.07.16 21:58:21 | 000,000,000 | ---D | C] -- C:\Users\Xplosion\AppData\Roaming\Origin
[2013.07.16 21:58:20 | 000,000,000 | ---D | C] -- C:\Users\Xplosion\AppData\Local\Origin
[2013.07.16 21:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.07.16 21:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.07.16 21:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.07.16 21:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.07.16 21:55:12 | 000,000,000 | ---D | C] -- C:\Users\Xplosion\Desktop\FIFA 13
[2013.07.14 16:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.14 15:59:31 | 000,000,000 | ---D | C] -- C:\Users\Xplosion\AppData\Roaming\dvdcss
[2013.07.14 15:38:08 | 000,000,000 | ---D | C] -- C:\Users\Xplosion\Desktop\Die.vielen.Abenteuer.von.Winnie.Pooh.1977.German.DL.Untouched.DVD9
[2013.07.08 20:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.07.01 21:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.07.01 21:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.07.01 21:07:23 | 000,000,000 | ---D | C] -- C:\Users\Xplosion\Desktop\FIFA.13.Update.v1.7-RELOADED
[2013.07.01 21:06:33 | 000,000,000 | ---D | C] -- C:\Users\Xplosion\AppData\Local\NVIDIA
[2013.06.24 21:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3

========== Files - Modified Within 30 Days ==========

[2013.07.21 22:24:40 | 000,000,000 | ---- | M] () -- C:\Users\Xplosion\defogger_reenable
[2013.07.21 22:22:56 | 000,050,477 | ---- | M] () -- C:\Users\Xplosion\Desktop\Defogger.exe
[2013.07.21 22:11:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xplosion\Desktop\OTL.exe
[2013.07.21 22:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.21 21:52:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.21 15:12:24 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.07.21 15:05:27 | 000,002,336 | ---- | M] () -- C:\Users\Xplosion\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.07.21 15:04:08 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.07.21 15:01:41 | 000,018,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.21 15:01:41 | 000,018,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.21 15:01:26 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.21 15:01:26 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.21 15:01:26 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.21 15:01:26 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.21 15:01:26 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.21 14:58:51 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.07.21 14:54:02 | 2146,783,231 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.17 18:31:01 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2013.07.16 21:56:26 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.07.16 20:57:46 | 000,294,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.27 22:24:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.27 22:24:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.24 21:30:23 | 000,268,952 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.24 21:30:23 | 000,268,952 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

========== Files Created - No Company Name ==========

[2013.07.21 22:24:40 | 000,000,000 | ---- | C] () -- C:\Users\Xplosion\defogger_reenable
[2013.07.21 22:22:56 | 000,050,477 | ---- | C] () -- C:\Users\Xplosion\Desktop\Defogger.exe
[2013.07.21 15:05:27 | 000,002,336 | ---- | C] () -- C:\Users\Xplosion\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.07.21 15:04:38 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.07.17 18:31:01 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2013.07.16 21:56:26 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.07.14 15:41:46 | 733,898,752 | ---- | C] () -- C:\Users\Xplosion\Desktop\Winnie_Puuh-Unzertrennliche_Freunde-German-2004-AC3-DVDRiP-XviD-oNePiEcE.avi
[2013.07.14 15:41:23 | 733,327,360 | ---- | C] () -- C:\Users\Xplosion\Desktop\Winnie_Puuh-Honigsuesse_Abenteuer-Die_kleinen_Entdecker-German-2004-AC3-DVDRiP-XviD-oNePiEcE.avi
[2013.07.14 15:41:02 | 698,928,204 | ---- | C] () -- C:\Users\Xplosion\Desktop\Winnie.Puuh.auf.großer.Reise.German.2006.MP3.DVDRip.DivX.-.iND.avi
[2013.06.27 22:24:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.27 22:24:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.24 21:31:42 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.16 00:50:52 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012.12.28 01:22:30 | 000,000,218 | ---- | C] () -- C:\Users\Xplosion\.recently-used.xbel
[2012.12.28 00:57:12 | 000,006,656 | ---- | C] () -- C:\Users\Xplosion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.21 00:06:19 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.12.21 00:06:18 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.11.13 21:20:29 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.11.13 21:20:29 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.11.13 21:03:58 | 000,008,852 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012.10.31 22:13:07 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.31 21:18:04 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.30 23:53:06 | 000,000,000 | ---- | C] () -- C:\Users\Xplosion\.gtk-bookmarks
[2012.10.28 00:33:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.07.20 23:44:28 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\.purple
[2013.07.14 17:52:51 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\AIMP3
[2012.10.31 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\Canneverbe Limited
[2013.03.13 21:57:00 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\ControlCenter4
[2012.10.31 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\CoSoSys
[2012.10.30 23:05:02 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\DAEMON Tools Lite
[2013.01.14 22:49:53 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\elsterformular
[2013.03.14 23:20:31 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\FreePDF
[2013.03.16 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\gtk-2.0
[2012.12.28 00:56:50 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\IrfanView
[2012.11.10 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\IsolatedStorage
[2012.11.13 21:11:04 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\Nuance
[2012.11.10 13:56:11 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\OpenOffice.org
[2012.10.28 02:16:12 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\Opera
[2013.07.16 22:49:56 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\Origin
[2012.10.31 21:07:51 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\TeamViewer
[2012.10.28 02:37:03 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\Thunderbird
[2012.10.28 02:40:03 | 000,000,000 | ---D | M] -- C:\Users\Xplosion\AppData\Roaming\TrueCrypt

========== Purity Check ==========



< End of report >
Extra.txt:
Zitat:
OTL Extras logfile created on: 21.07.2013 22:26:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Xplosion\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,47 Gb Available Physical Memory | 80,83% Memory free
16,00 Gb Paging File | 14,11 Gb Available in Paging File | 88,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 303,30 Gb Free Space | 65,12% Space Free | Partition Type: NTFS

Computer Name: XPLOSION-PC | User Name: Xplosion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027CEA1E-DC5E-428A-9BDF-028D8F63A798}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{09360BDD-3781-448A-95C1-DD7C44C84677}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1DD593DD-F0EB-4F8B-B1D6-187BE49102C8}" = rport=445 | protocol=6 | dir=out | app=system |
"{20983571-01B7-4A06-9085-ED62D48C77EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3FCE44A4-E847-48B6-BD01-14C48900AB34}" = lport=445 | protocol=6 | dir=in | app=system |
"{55E30999-FFE1-444B-A628-6905769D3E34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60E9C8B5-3FC2-4CE1-B6A3-07736AA75645}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A06BAE6-005E-48FC-B957-E9E332FC9888}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AFC2138-469D-4482-8076-A73D95E44699}" = rport=138 | protocol=17 | dir=out | app=system |
"{76EAA173-0274-49D1-817A-23C0A07FB3DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86818718-3FCA-4D24-A02F-8119A446FE33}" = lport=137 | protocol=17 | dir=in | app=system |
"{86DF747A-104C-4448-912B-90E8C883B5F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E35B039-2736-4977-B363-96FDF482043B}" = lport=138 | protocol=17 | dir=in | app=system |
"{9F81C4C2-207E-44A9-B2BC-94638651E8E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD9DD806-AD28-4DAF-87DA-10888CAD6CE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC86F1CF-7320-44C3-AA3C-BA9A1D036168}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC8A93D8-9E9E-42DB-B919-DB1F6742AD9E}" = rport=137 | protocol=17 | dir=out | app=system |
"{C1526C44-335C-4FC0-85B2-DD4FCA94216A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6776201-353A-4B77-B9F3-55F9CB004DF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C68C9C39-F96A-40F7-B25A-677A3EEBC61C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D123D5CC-277B-402D-B7E7-1821EECCF4F6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DBF5733B-8DC2-49DC-84BB-8EB2E5B65D13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9992955-AFD8-488A-8B77-8FA1456149D6}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B6DFA26-42BB-4849-A699-9C3AEFFB754C}" = protocol=6 | dir=out | app=system |
"{0D03FAA8-FC72-4F3B-BB8A-F43930C2F2F2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{1513ABAF-AF78-46A2-802F-9FE95CB28E12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{188107F0-F253-48E7-A6CE-8EF1747AE7A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{25829AF8-E98E-48C9-99B2-4ABA52522127}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B8E09A2-F701-4022-9840-AA299D485B1E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39C78786-05C8-4100-80BC-9EF23CBBE37D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C965FA9-42D1-4E8C-B8B2-CBAFE273EFFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3E141637-26C8-4B5B-B2F6-A3763BAA8AB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{542FDBF5-AA96-4A3A-BF7A-503AB674A702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{564FEAD6-6A13-49E6-8820-E8BEECB67735}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A04876F-1C45-432A-9EA8-EED1FEA6CDEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7A1AEAD7-3721-41B0-B2AC-4844DD5B21AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7CABC731-0350-44FE-AA23-7714EEE07AA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7EE17C53-5D48-46A7-8960-31FAAF21B3C8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{AF1371BC-EF71-4963-B22D-D8129E597FD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1011EA0-6C70-4F3D-B905-0A9E5679D840}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B411929B-EF53-4714-996B-59CD14741312}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DDC87C46-3841-4254-B79D-D5CEC52AEB8D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE89C29B-0B25-4C0A-8C3D-9094649C5581}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{EA4725E9-21C8-4A52-BCBA-F8D7A03F2CFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ECDFF1A7-4B04-4383-AAF0-CB9A579F2034}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F71ED38C-0EC6-4319-8472-A67EBFAAFE03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{14BC5EE5-FD87-4A39-9B24-E8DFA14178CE}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"TCP Query User{2CFF4C41-D821-47B4-9003-C2870F6CCD62}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{06AE896B-8022-4BBF-B113-2C69CACC2D83}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{8E651B27-C6E3-4276-B8C3-4B06549F4960}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{830F55B6-4398-4B72-A0D8-66397B902C0E}" = Brother MFL-Pro Suite MFC-J5910DW
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP3" = AIMP3
"DAEMON Tools Lite" = DAEMON Tools Lite
"ElsterFormular" = ElsterFormular
"FreePDF_XP" = FreePDF (Remove only)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.16.1860" = Opera 12.16
"Origin" = Origin
"Pidgin" = Pidgin
"TrueCrypt" = TrueCrypt

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16.07.2013 14:57:50 | Computer Name = Xplosion-PC | Source = ESENT | ID = 455
Description = Windows (2352) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00073.log.

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 14.07.2013 10:54:40 | Computer Name = Xplosion-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet:
0

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.

Error - 16.07.2013 14:57:51 | Computer Name = Xplosion-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 16.07.2013 14:58:48 | Computer Name = Xplosion-PC | Source = DCOM | ID = 10016
Description =

Error - 17.07.2013 10:37:51 | Computer Name = Xplosion-PC | Source = DCOM | ID = 10016
Description =

Error - 17.07.2013 11:41:31 | Computer Name = Xplosion-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet:
0

Error - 17.07.2013 12:44:55 | Computer Name = Xplosion-PC | Source = DCOM | ID = 10016
Description =

Error - 20.07.2013 17:07:07 | Computer Name = Xplosion-PC | Source = DCOM | ID = 10016
Description =

Error - 21.07.2013 08:55:25 | Computer Name = Xplosion-PC | Source = DCOM | ID = 10016
Description =

Error - 21.07.2013 11:50:36 | Computer Name = Xplosion-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet:
0


< End of report >
Gmer.txt:
Zitat:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-21 23:00:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-8 ST3500320NS rev.SN04 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Xplosion\AppData\Local\Temp\kxtcakog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002c03000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002c0300e 3 bytes [00, 00, 00]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [332:4348] 000007fefaec1ab0
Thread C:\Windows\system32\svchost.exe [332:4412] 000007fefbe14164
Thread C:\Windows\System32\spoolsv.exe [1552:1176] 000007fef78710c8
Thread C:\Windows\System32\spoolsv.exe [1552:348] 000007fef74a6144
Thread C:\Windows\System32\spoolsv.exe [1552:580] 000007fef7bb5fd0
Thread C:\Windows\System32\spoolsv.exe [1552:1640] 000007fef7483438
Thread C:\Windows\System32\spoolsv.exe [1552:1716] 000007fef7bb63ec
Thread C:\Windows\System32\spoolsv.exe [1552:1720] 000007fef7483438
Thread C:\Windows\System32\spoolsv.exe [1552:1812] 000007fef7bb63ec
Thread C:\Windows\System32\spoolsv.exe [1552:1804] 000007fef7b65e5c
Thread C:\Windows\System32\spoolsv.exe [1552:2108] 000007fef8495074
Thread C:\Windows\System32\spoolsv.exe [1552:2740] 000007fef8502288
Thread C:\Windows\System32\spoolsv.exe [1552:2772] 000007fef78c8760
Thread C:\Windows\System32\svchost.exe [1412:604] 000007fefae59688
Thread C:\Program Files\Windows Sidebar\sidebar.exe [1688:1092] 000007feec558c50
Thread C:\Program Files\Windows Sidebar\sidebar.exe [1688:1784] 000007feec0419b0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [1688:1040] 000007feec0419b0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [1688:4132] 000007feec0419b0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [1688:4136] 0000000069c81dbc
Thread C:\Program Files\Windows Sidebar\sidebar.exe [1688:4140] 0000000069c81dbc
Thread C:\Program Files\Windows Sidebar\sidebar.exe [1688:4144] 0000000069c81dbc
Thread C:\Windows\system32\taskhost.exe [5048:4564] 000007fef511ef24

---- EOF - GMER 2.1 ----
Ich hoffe ich habe alles verständlich und richtig erläutert. Bitte verbessert mich, sollte es nicht wie gewünscht sein. Mache das hier zum 1. Mal.

MFG Xplosion

Alt 22.07.2013, 00:18   #2
schrauber
/// the machine
/// TB-Ausbilder
 

HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.07.2013, 08:34   #3
Xplosion
 
HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Danke Schrauber!

Ich bin heute ca. 18-18:30 Uhr wieder online und werde dann die Sachen posten!
__________________

Alt 22.07.2013, 10:22   #4
schrauber
/// the machine
/// TB-Ausbilder
 

HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2013, 17:51   #5
Xplosion
 
HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Hi Schrauber,

hier wie gewünscht die beiden log. dateien

MFG Xplosion

Angehängte Dateien
Dateityp: txt FRST.txt (51,8 KB, 183x aufgerufen)
Dateityp: txt Addition.txt (16,6 KB, 166x aufgerufen)

Alt 22.07.2013, 18:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Hi,

Logs bitte immer in den Thread posten

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
--> HEUR:Exploit.Java.CVE-2013-2423.gen

Alt 22.07.2013, 18:54   #7
Xplosion
 
HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Ok sorry!

Addition.txt:

Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013
Ran by Xplosion at 2013-07-22 17:50:05
Running from C:\Users\Xplosion\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
AIMP3 (x32 Version: v3.50.1277, 19.06.2013)
Brother MFL-Pro Suite MFC-J5910DW (x32 Version: 1.0.5.0)
CDBurnerXP (x32 Version: 4.5.0.3717)
DAEMON Tools Lite (x32 Version: 4.45.4.0316)
eaner (Version: 4.03)
ElsterFormular (x32 Version: 14.0.0.10899)
FIFA 13 (x32 Version: 1.8.0.0)
FreePDF (Remove only) (x32)
GPL Ghostscript (Version: 9.04)
IrfanView (remove only) (x32 Version: 4.35)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.125.816)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 6.4.23 (Version: 6.4.23)
NVIDIA Update Components (Version: 6.4.23)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.16 (x32 Version: 12.16.1860)
Origin (x32 Version: 9.2.1.4399)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
Pidgin (x32 Version: 2.10.6)
RedMon - Redirection Port Monitor
Scansoft PDF Professional (x32)
TrueCrypt (x32 Version: 7.1a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VLC media player 2.0.7 (Version: 2.0.7)

==================== Restore Points =========================

17-07-2013 16:29:02 DirectX wurde installiert
17-07-2013 17:52:32 Windows Update
20-07-2013 21:16:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {022AC752-C5AB-4843-AC96-5C66D7671594} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-16] (Adobe Systems Incorporated)
Task: {1BA5AC29-54CD-415E-9880-D83E8465CFE9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {2753C54F-61B0-4616-82F4-E091B24871A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {298175C4-E188-44B0-9DA1-A354A1C5F663} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {667DE314-4243-4E4D-A1E8-A12D92A1813C} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {F8645B4D-0F5C-4E47-926D-64B9764088BE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: Marvell Yukon 88E8056 PCI-E-Gigabit-Ethernet-Controller
Description: Marvell Yukon 88E8056 PCI-E-Gigabit-Ethernet-Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2013 11:38:29 PM) (Source: RasClient) (User: )
Description: CoID={EB16206A-D3A5-42D4-B21F-E1CD8BCEF514}: Der Benutzer "Xplosion-PC\Xplosion" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (07/21/2013 11:32:30 PM) (Source: RasClient) (User: )
Description: CoID={E2631356-E21C-4413-A4C7-78483165AC49}: Der Benutzer "Xplosion-PC\Xplosion" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (07/21/2013 11:26:27 PM) (Source: RasClient) (User: )
Description: CoID={F7295145-929D-45B7-86FF-A51D5EE1AAC1}: Der Benutzer "Xplosion-PC\Xplosion" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (07/21/2013 10:44:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000218a
ID des fehlerhaften Prozesses: 0xb6c
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (07/22/2013 05:41:15 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/21/2013 05:50:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (07/21/2013 02:55:25 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2013 11:07:07 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/17/2013 06:44:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/17/2013 05:41:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (07/17/2013 04:37:51 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/16/2013 08:58:48 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/16/2013 08:57:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2013 08:57:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (07/21/2013 11:38:29 PM) (Source: RasClient)(User: )
Description: {EB16206A-D3A5-42D4-B21F-E1CD8BCEF514}Xplosion-PC\XplosionBreitbandverbindung651

Error: (07/21/2013 11:32:30 PM) (Source: RasClient)(User: )
Description: {E2631356-E21C-4413-A4C7-78483165AC49}Xplosion-PC\XplosionBreitbandverbindung651

Error: (07/21/2013 11:26:27 PM) (Source: RasClient)(User: )
Description: {F7295145-929D-45B7-86FF-A51D5EE1AAC1}Xplosion-PC\XplosionBreitbandverbindung651

Error: (07/21/2013 10:44:18 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218ab6c01ce865266c5af55C:\Users\Xplosion\Desktop\gmer_2.1.19163. exeC:\Users\Xplosion\Desktop\gmer_2.1.19163.exe4fb10340-f246-11e2-9751-0015af64ef6e

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/16/2013 08:57:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)


CodeIntegrity Errors:
===================================
Date: 2013-07-21 17:44:30.154
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 17:44:30.154
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 17:44:30.139
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 17:44:30.123
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 17:44:30.123
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 17:44:30.123
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 8191.11 MB
Available physical RAM: 6276.72 MB
Total Pagefile: 16380.41 MB
Available Pagefile: 14366.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:303.73 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 23CA23CA)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Frst.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Xplosion (administrator) on 22-07-2013 17:49:47
Running from C:\Users\Xplosion\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-05-16] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\Xplosion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-16] (Kaspersky Lab ZAO)
R2 Brother XP spl Service; C:\Windows\SysWow64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-31] ()

==================== Drivers (Whitelisted) ====================

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-28] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-05-16] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-05-16] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-16] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-22 17:45 - 2013-07-22 17:49 - 00000000 _____ C:\Users\Xplosion\Desktop\Addition.txt
2013-07-22 17:44 - 2013-07-22 17:44 - 00000000 ____D C:\FRST
2013-07-22 17:42 - 2013-07-22 17:42 - 01779363 _____ (Farbar) C:\Users\Xplosion\Desktop\FRST64.exe
2013-07-21 23:05 - 2013-07-21 23:05 - 00000746 _____ C:\Users\Xplosion\Desktop\Kaspersky.txt
2013-07-21 23:00 - 2013-07-21 23:00 - 00002761 _____ C:\Users\Xplosion\Desktop\Gmer.txt
2013-07-21 22:31 - 2013-07-21 22:31 - 00043718 _____ C:\Users\Xplosion\Desktop\Extras.Txt
2013-07-21 22:30 - 2013-07-21 22:30 - 00377856 _____ C:\Users\Xplosion\Desktop\gmer_2.1.19163.exe
2013-07-21 22:30 - 2013-07-21 22:30 - 00071480 _____ C:\Users\Xplosion\Desktop\OTL.Txt
2013-07-21 22:24 - 2013-07-21 22:24 - 00000478 _____ C:\Users\Xplosion\Desktop\defogger_disable.log
2013-07-21 22:24 - 2013-07-21 22:24 - 00000000 _____ C:\Users\Xplosion\defogger_reenable
2013-07-21 22:22 - 2013-07-21 22:22 - 00050477 _____ C:\Users\Xplosion\Desktop\Defogger.exe
2013-07-21 22:11 - 2013-07-21 22:11 - 00602112 _____ (OldTimer Tools) C:\Users\Xplosion\Desktop\OTL.exe
2013-07-21 15:05 - 2013-07-21 15:05 - 00002336 _____ C:\Users\Xplosion\Desktop\Sicherer Zahlungsverkehr.lnk
2013-07-21 15:04 - 2013-07-21 15:04 - 00001146 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-21 15:04 - 2013-05-16 07:27 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-07-21 15:02 - 2013-07-22 17:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-21 15:02 - 2013-05-16 07:27 - 00620128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-21 15:02 - 2013-05-16 07:27 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-17 18:31 - 2013-07-17 18:31 - 00001242 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2013-07-17 18:29 - 2013-07-17 18:30 - 00017627 _____ C:\Windows\DirectX.log
2013-07-16 21:58 - 2013-07-16 22:50 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-16 21:58 - 2013-07-16 22:49 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\Origin
2013-07-16 21:58 - 2013-07-16 22:37 - 00000000 ____D C:\Users\Xplosion\AppData\Local\Origin
2013-07-16 21:56 - 2013-07-20 23:31 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-16 21:56 - 2013-07-17 18:35 - 00000000 ____D C:\ProgramData\Origin
2013-07-16 21:56 - 2013-07-17 18:35 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-16 21:56 - 2013-07-16 21:56 - 00000975 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-16 21:55 - 2013-07-16 21:55 - 00000000 ____D C:\Users\Xplosion\Desktop\FIFA 13
2013-07-16 20:57 - 2013-07-22 17:39 - 00000784 _____ C:\Windows\setupact.log
2013-07-16 20:57 - 2013-07-16 20:57 - 00000000 _____ C:\Windows\setuperr.log
2013-07-16 20:56 - 2013-07-17 16:36 - 00002592 _____ C:\Windows\PFRO.log
2013-07-14 17:58 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-14 17:58 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-14 17:58 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-14 17:58 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-14 17:58 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 17:58 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 15:59 - 2013-07-14 15:59 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\dvdcss
2013-07-14 15:41 - 2012-11-07 14:36 - 733327360 _____ C:\Users\Xplosion\Desktop\Winnie_Puuh-Honigsuesse_Abenteuer-Die_kleinen_Entdecker-German-2004-AC3-DVDRiP-XviD-oNePiEcE.avi
2013-07-14 15:41 - 2012-11-07 11:35 - 733898752 _____ C:\Users\Xplosion\Desktop\Winnie_Puuh-Unzertrennliche_Freunde-German-2004-AC3-DVDRiP-XviD-oNePiEcE.avi
2013-07-14 15:41 - 2009-01-11 05:21 - 698928204 _____ C:\Users\Xplosion\Desktop\Winnie.Puuh.auf.großer.Reise.German.2006.MP3.DVDRip.DivX.-.iND.avi
2013-07-14 15:38 - 2013-07-14 15:38 - 00000000 ____D C:\Users\Xplosion\Desktop\Die.vielen.Abenteuer.von.Winnie.Pooh.1977.German.DL.Untouched.DVD9
2013-07-14 15:06 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 15:06 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 15:06 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 15:06 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 15:05 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 15:05 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 15:05 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 20:50 - 2013-07-08 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-01 21:25 - 2013-07-01 21:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-01 21:17 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-07-01 21:17 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 21:06 - 2013-07-01 21:06 - 00000000 ____D C:\Users\Xplosion\AppData\Local\NVIDIA
2013-06-29 10:43 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-29 10:43 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-27 22:23 - 2013-06-27 22:23 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

==================== One Month Modified Files and Folders =======

2013-07-22 17:49 - 2013-07-22 17:45 - 00000000 _____ C:\Users\Xplosion\Desktop\Addition.txt
2013-07-22 17:47 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-07-22 17:47 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-07-22 17:47 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 17:47 - 2009-07-14 06:45 - 00018608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 17:47 - 2009-07-14 06:45 - 00018608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 17:44 - 2013-07-22 17:44 - 00000000 ____D C:\FRST
2013-07-22 17:44 - 2012-10-27 23:22 - 01065854 _____ C:\Windows\WindowsUpdate.log
2013-07-22 17:42 - 2013-07-22 17:42 - 01779363 _____ (Farbar) C:\Users\Xplosion\Desktop\FRST64.exe
2013-07-22 17:42 - 2013-07-21 15:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-22 17:40 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 17:39 - 2013-07-16 20:57 - 00000784 _____ C:\Windows\setupact.log
2013-07-22 17:39 - 2012-10-28 01:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 23:11 - 2013-03-13 22:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 23:05 - 2013-07-21 23:05 - 00000746 _____ C:\Users\Xplosion\Desktop\Kaspersky.txt
2013-07-21 23:00 - 2013-07-21 23:00 - 00002761 _____ C:\Users\Xplosion\Desktop\Gmer.txt
2013-07-21 22:31 - 2013-07-21 22:31 - 00043718 _____ C:\Users\Xplosion\Desktop\Extras.Txt
2013-07-21 22:30 - 2013-07-21 22:30 - 00377856 _____ C:\Users\Xplosion\Desktop\gmer_2.1.19163.exe
2013-07-21 22:30 - 2013-07-21 22:30 - 00071480 _____ C:\Users\Xplosion\Desktop\OTL.Txt
2013-07-21 22:24 - 2013-07-21 22:24 - 00000478 _____ C:\Users\Xplosion\Desktop\defogger_disable.log
2013-07-21 22:24 - 2013-07-21 22:24 - 00000000 _____ C:\Users\Xplosion\defogger_reenable
2013-07-21 22:24 - 2012-10-27 23:31 - 00000000 ____D C:\Users\Xplosion
2013-07-21 22:22 - 2013-07-21 22:22 - 00050477 _____ C:\Users\Xplosion\Desktop\Defogger.exe
2013-07-21 22:11 - 2013-07-21 22:11 - 00602112 _____ (OldTimer Tools) C:\Users\Xplosion\Desktop\OTL.exe
2013-07-21 22:03 - 2012-10-28 02:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:12 - 2013-05-16 07:27 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-07-21 15:05 - 2013-07-21 15:05 - 00002336 _____ C:\Users\Xplosion\Desktop\Sicherer Zahlungsverkehr.lnk
2013-07-21 15:04 - 2013-07-21 15:04 - 00001146 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-21 14:58 - 2012-10-28 01:48 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-20 23:44 - 2012-10-28 03:48 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\.purple
2013-07-20 23:40 - 2012-10-28 02:04 - 00000000 ____D C:\Users\Xplosion\Documents\FIFA 13
2013-07-20 23:31 - 2013-07-16 21:56 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-17 18:35 - 2013-07-16 21:56 - 00000000 ____D C:\ProgramData\Origin
2013-07-17 18:35 - 2013-07-16 21:56 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-17 18:31 - 2013-07-17 18:31 - 00001242 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2013-07-17 18:30 - 2013-07-17 18:29 - 00017627 _____ C:\Windows\DirectX.log
2013-07-17 16:36 - 2013-07-16 20:56 - 00002592 _____ C:\Windows\PFRO.log
2013-07-16 22:50 - 2013-07-16 21:58 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-16 22:49 - 2013-07-16 21:58 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\Origin
2013-07-16 22:37 - 2013-07-16 21:58 - 00000000 ____D C:\Users\Xplosion\AppData\Local\Origin
2013-07-16 21:56 - 2013-07-16 21:56 - 00000975 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-16 21:55 - 2013-07-16 21:55 - 00000000 ____D C:\Users\Xplosion\Desktop\FIFA 13
2013-07-16 20:57 - 2013-07-16 20:57 - 00000000 _____ C:\Windows\setuperr.log
2013-07-16 20:57 - 2012-10-28 00:18 - 00000000 ____D C:\Windows\Panther
2013-07-16 20:57 - 2009-07-14 06:45 - 00294848 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 20:56 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 20:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 20:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-14 17:59 - 2012-10-31 18:58 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-14 17:52 - 2012-10-28 01:57 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\AIMP3
2013-07-14 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-14 16:01 - 2013-03-16 01:52 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\vlc
2013-07-14 15:59 - 2013-07-14 15:59 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\dvdcss
2013-07-14 15:38 - 2013-07-14 15:38 - 00000000 ____D C:\Users\Xplosion\Desktop\Die.vielen.Abenteuer.von.Winnie.Pooh.1977.German.DL.Untouched.DVD9
2013-07-14 14:54 - 2012-10-28 02:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-08 22:24 - 2012-10-30 22:58 - 00000000 ____D C:\Program Files\CCleaner
2013-07-08 22:21 - 2012-10-28 02:16 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-08 20:51 - 2013-07-08 20:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-01 21:25 - 2013-07-01 21:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-01 21:25 - 2012-10-28 01:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-01 21:09 - 2013-07-01 21:09 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 21:09 - 2013-01-22 22:47 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-01 21:09 - 2013-01-22 22:47 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-01 21:06 - 2013-07-01 21:06 - 00000000 ____D C:\Users\Xplosion\AppData\Local\NVIDIA
2013-07-01 21:01 - 2012-10-28 01:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-06-29 10:38 - 2012-10-27 23:32 - 00001405 _____ C:\Users\Xplosion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-27 22:24 - 2013-06-27 22:24 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-27 22:23 - 2013-06-27 22:23 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-24 21:34 - 2012-10-28 01:57 - 00000000 ____D C:\Program Files (x86)\AIMP3
2013-06-24 21:30 - 2012-10-31 22:13 - 00268952 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-24 21:30 - 2012-10-31 22:12 - 00268952 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-14 16:47

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 22.07.2013, 21:16   #8
schrauber
/// the machine
/// TB-Ausbilder
 

HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2013, 16:58   #9
Xplosion
 
HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Hi Schrauber,

hier die gewünschte Combofix.log


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-23.01 - Xplosion 23.07.2013  16:51:29.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6449 [GMT 2:00]
ausgeführt von:: c:\users\Xplosion\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-23 bis 2013-07-23  ))))))))))))))))))))))))))))))
.
.
2013-07-23 14:55 . 2013-07-23 14:55	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-07-23 14:55 . 2013-07-23 14:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-23 14:48 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{810F6243-2D93-4ED9-9DA3-7A6E24561BD9}\mpengine.dll
2013-07-22 15:44 . 2013-07-22 15:44	--------	d-----w-	C:\FRST
2013-07-21 20:03 . 2013-07-21 20:03	--------	d-----w-	c:\users\Xplosion\AppData\Local\Programs
2013-07-21 13:04 . 2013-05-16 05:27	64856	----a-w-	c:\windows\system32\klfphc.dll
2013-07-21 13:02 . 2013-07-21 13:02	--------	d-----w-	c:\windows\ELAMBKUP
2013-07-21 13:02 . 2013-07-23 14:47	--------	d-----w-	c:\programdata\Kaspersky Lab
2013-07-21 13:02 . 2013-07-21 13:02	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2013-07-21 13:02 . 2013-05-16 05:27	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-07-21 13:02 . 2013-05-16 05:27	620128	----a-w-	c:\windows\system32\drivers\klif.sys
2013-07-16 19:58 . 2013-07-16 20:50	--------	d-----w-	c:\program files (x86)\Origin Games
2013-07-16 19:58 . 2013-07-16 20:49	--------	d-----w-	c:\users\Xplosion\AppData\Roaming\Origin
2013-07-16 19:58 . 2013-07-16 20:37	--------	d-----w-	c:\users\Xplosion\AppData\Local\Origin
2013-07-16 19:56 . 2013-07-17 16:35	--------	d-----w-	c:\programdata\Origin
2013-07-16 19:56 . 2013-07-17 16:35	--------	d-----w-	c:\programdata\Electronic Arts
2013-07-16 19:56 . 2013-07-22 17:58	--------	d-----w-	c:\program files (x86)\Origin
2013-07-14 13:59 . 2013-07-14 13:59	--------	d-----w-	c:\users\Xplosion\AppData\Roaming\dvdcss
2013-07-14 13:06 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-14 13:06 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-14 13:06 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-14 13:06 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-14 13:06 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-14 13:06 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-14 13:06 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-14 13:06 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-14 13:06 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-14 13:06 . 2013-05-06 06:03	1887744	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-14 13:06 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-14 13:05 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-14 13:05 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-14 13:05 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-14 13:05 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-14 13:05 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-14 13:05 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-14 13:05 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-07-14 13:05 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-08 18:50 . 2013-07-08 18:51	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-07-01 19:25 . 2013-07-01 19:25	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-07-01 19:09 . 2013-07-01 19:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-01 19:09 . 2013-07-01 19:09	--------	d-----w-	c:\program files (x86)\Java
2013-07-01 19:06 . 2013-07-01 19:06	--------	d-----w-	c:\users\Xplosion\AppData\Local\NVIDIA
2013-06-29 08:43 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-06-29 08:43 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-27 20:23 . 2013-06-27 20:23	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 13:12 . 2013-05-16 05:27	54368	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-07-14 15:59 . 2012-10-31 16:58	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-07-01 19:09 . 2013-01-22 20:47	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-07-01 19:09 . 2013-01-22 20:47	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-24 19:30 . 2012-10-31 20:13	268952	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-06-24 19:30 . 2012-10-31 20:12	268952	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-06-21 12:06 . 2013-03-29 22:35	12427240	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-03-29 22:35	2597856	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2012-10-27 23:03	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2012-10-27 23:03	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2012-10-27 23:02	2936208	----a-w-	c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2009-07-13 21:59	15920536	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2012-10-27 23:03	6496544	----a-w-	c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2012-10-27 23:03	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2012-10-27 23:03	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2012-10-27 23:03	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2012-10-27 23:03	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2012-10-27 23:03	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-06-16 14:59 . 2012-10-31 20:13	268952	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-06-16 14:11 . 2012-10-27 22:55	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-16 14:11 . 2012-10-27 22:55	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 05:27 . 2013-05-16 05:27	29528	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2013-05-16 05:27 . 2013-05-16 05:27	29016	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2013-05-16 05:27 . 2013-05-16 05:27	178448	----a-w-	c:\windows\system32\drivers\kneps.sys
2013-05-13 05:51 . 2013-06-16 13:08	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-16 13:08	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-16 13:08	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-16 13:08	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-16 13:08	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-16 13:08	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-16 13:08	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-16 13:08	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-16 13:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-16 13:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-12 21:42 . 2013-05-24 19:29	1832224	----a-w-	c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-05-24 19:29	1511712	----a-w-	c:\windows\system32\nvdispgenco6432018.dll
2013-05-10 05:49 . 2013-06-16 13:08	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-16 13:08	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-16 13:08	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2012-10-27 22:41	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-16 13:08	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-16 13:08	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-16 13:08	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-16 356376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 14:11]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Mit PDF Viewer Plus öffnen - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-23  16:56:40
ComboFix-quarantined-files.txt  2013-07-23 14:56
.
Vor Suchlauf: 12 Verzeichnis(se), 325.637.410.816 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 325.624.459.264 Bytes frei
.
- - End Of File - - C1045139E4F8461D1FBE314693E598F9
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/QUOTE]

Alt 23.07.2013, 19:53   #10
schrauber
/// the machine
/// TB-Ausbilder
 

HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2013, 22:29   #11
Xplosion
 
HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Hi Schrauber,

hier die logs:


JRT:
Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x64
Ran by Xplosion on 23.07.2013 at 22:15:28,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 22:20:13,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 23/07/2013 um 22:10:48 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Xplosion - XPLOSION-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Xplosion\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Xplosion\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.16.1860.0

Datei : C:\Users\Xplosion\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [928 octets] - [23/07/2013 22:10:48]

########## EOF - C:\AdwCleaner[S1].txt - [987 octets] ##########
         
--- --- ---

[/QUOTE]

Frst:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Xplosion (administrator) on 23-07-2013 22:21:35
Running from C:\Users\Xplosion\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Opera Software) C:\Program Files (x86)\Opera\Opera.exe
(Oleg N. Scherbakov) C:\Users\Xplosion\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-05-16] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\Xplosion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-16] (Kaspersky Lab ZAO)
R2 Brother XP spl Service; C:\Windows\SysWow64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-31] ()

==================== Drivers (Whitelisted) ====================

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-28] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-05-16] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-05-16] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-16] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 22:20 - 2013-07-23 22:20 - 00000832 _____ C:\Users\Xplosion\Desktop\JRT.txt
2013-07-23 22:15 - 2013-07-23 22:15 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 22:14 - 2013-07-23 22:14 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Xplosion\Desktop\JRT.exe
2013-07-23 22:10 - 2013-07-23 22:11 - 00001055 _____ C:\AdwCleaner[S1].txt
2013-07-23 22:09 - 2013-07-23 22:09 - 00666633 _____ C:\Users\Xplosion\Desktop\adwcleaner.exe
2013-07-23 16:56 - 2013-07-23 16:56 - 00019710 _____ C:\ComboFix.txt
2013-07-23 16:50 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-23 16:50 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-23 16:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-23 16:48 - 2013-07-23 16:56 - 00000000 ____D C:\Qoobox
2013-07-23 16:48 - 2013-07-23 16:55 - 00000000 ____D C:\Windows\erdnt
2013-07-23 16:47 - 2013-07-23 16:48 - 05092552 ____R (Swearware) C:\Users\Xplosion\Desktop\ComboFix.exe
2013-07-22 17:45 - 2013-07-22 17:50 - 00017044 _____ C:\Users\Xplosion\Desktop\Addition.txt
2013-07-22 17:44 - 2013-07-22 17:44 - 00000000 ____D C:\FRST
2013-07-22 17:42 - 2013-07-22 17:42 - 01779363 _____ (Farbar) C:\Users\Xplosion\Desktop\FRST64.exe
2013-07-21 23:05 - 2013-07-21 23:05 - 00000746 _____ C:\Users\Xplosion\Desktop\Kaspersky.txt
2013-07-21 23:00 - 2013-07-21 23:00 - 00002761 _____ C:\Users\Xplosion\Desktop\Gmer.txt
2013-07-21 22:31 - 2013-07-21 22:31 - 00043718 _____ C:\Users\Xplosion\Desktop\Extras.Txt
2013-07-21 22:30 - 2013-07-21 22:30 - 00377856 _____ C:\Users\Xplosion\Desktop\gmer_2.1.19163.exe
2013-07-21 22:30 - 2013-07-21 22:30 - 00071480 _____ C:\Users\Xplosion\Desktop\OTL.Txt
2013-07-21 22:24 - 2013-07-21 22:24 - 00000478 _____ C:\Users\Xplosion\Desktop\defogger_disable.log
2013-07-21 22:24 - 2013-07-21 22:24 - 00000000 _____ C:\Users\Xplosion\defogger_reenable
2013-07-21 22:22 - 2013-07-21 22:22 - 00050477 _____ C:\Users\Xplosion\Desktop\Defogger.exe
2013-07-21 22:11 - 2013-07-21 22:11 - 00602112 _____ (OldTimer Tools) C:\Users\Xplosion\Desktop\OTL.exe
2013-07-21 15:05 - 2013-07-21 15:05 - 00002336 _____ C:\Users\Xplosion\Desktop\Sicherer Zahlungsverkehr.lnk
2013-07-21 15:04 - 2013-07-21 15:04 - 00001146 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-21 15:04 - 2013-05-16 07:27 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-07-21 15:02 - 2013-07-23 22:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-21 15:02 - 2013-05-16 07:27 - 00620128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-21 15:02 - 2013-05-16 07:27 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-17 18:31 - 2013-07-17 18:31 - 00001242 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2013-07-17 18:29 - 2013-07-17 18:30 - 00017627 _____ C:\Windows\DirectX.log
2013-07-16 21:58 - 2013-07-16 22:50 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-16 21:58 - 2013-07-16 22:49 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\Origin
2013-07-16 21:58 - 2013-07-16 22:37 - 00000000 ____D C:\Users\Xplosion\AppData\Local\Origin
2013-07-16 21:56 - 2013-07-22 19:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-16 21:56 - 2013-07-17 18:35 - 00000000 ____D C:\ProgramData\Origin
2013-07-16 21:56 - 2013-07-17 18:35 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-16 21:56 - 2013-07-16 21:56 - 00000975 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-16 21:55 - 2013-07-16 21:55 - 00000000 ____D C:\Users\Xplosion\Desktop\FIFA 13
2013-07-16 20:57 - 2013-07-23 22:12 - 00001064 _____ C:\Windows\setupact.log
2013-07-16 20:57 - 2013-07-16 20:57 - 00000000 _____ C:\Windows\setuperr.log
2013-07-16 20:56 - 2013-07-23 22:06 - 00003138 _____ C:\Windows\PFRO.log
2013-07-14 17:58 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-14 17:58 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-14 17:58 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-14 17:58 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-14 17:58 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 17:58 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 15:59 - 2013-07-14 15:59 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\dvdcss
2013-07-14 15:41 - 2012-11-07 14:36 - 733327360 _____ C:\Users\Xplosion\Desktop\Winnie_Puuh-Honigsuesse_Abenteuer-Die_kleinen_Entdecker-German-2004-AC3-DVDRiP-XviD-oNePiEcE.avi
2013-07-14 15:41 - 2012-11-07 11:35 - 733898752 _____ C:\Users\Xplosion\Desktop\Winnie_Puuh-Unzertrennliche_Freunde-German-2004-AC3-DVDRiP-XviD-oNePiEcE.avi
2013-07-14 15:41 - 2009-01-11 05:21 - 698928204 _____ C:\Users\Xplosion\Desktop\Winnie.Puuh.auf.großer.Reise.German.2006.MP3.DVDRip.DivX.-.iND.avi
2013-07-14 15:38 - 2013-07-14 15:38 - 00000000 ____D C:\Users\Xplosion\Desktop\Die.vielen.Abenteuer.von.Winnie.Pooh.1977.German.DL.Untouched.DVD9
2013-07-14 15:06 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 15:06 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 15:06 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 15:06 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 15:05 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 15:05 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 15:05 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 20:50 - 2013-07-08 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-01 21:25 - 2013-07-01 21:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-01 21:17 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-07-01 21:17 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 21:06 - 2013-07-01 21:06 - 00000000 ____D C:\Users\Xplosion\AppData\Local\NVIDIA
2013-06-29 10:43 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-29 10:43 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-27 22:23 - 2013-06-27 22:23 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

==================== One Month Modified Files and Folders =======

2013-07-23 22:20 - 2013-07-23 22:20 - 00000832 _____ C:\Users\Xplosion\Desktop\JRT.txt
2013-07-23 22:19 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-07-23 22:19 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-07-23 22:19 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 22:19 - 2009-07-14 06:45 - 00018608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 22:19 - 2009-07-14 06:45 - 00018608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 22:16 - 2012-10-27 23:22 - 01159261 _____ C:\Windows\WindowsUpdate.log
2013-07-23 22:15 - 2013-07-23 22:15 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 22:14 - 2013-07-23 22:14 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Xplosion\Desktop\JRT.exe
2013-07-23 22:13 - 2013-07-21 15:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-23 22:12 - 2013-07-16 20:57 - 00001064 _____ C:\Windows\setupact.log
2013-07-23 22:12 - 2012-10-28 01:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-23 22:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 22:11 - 2013-07-23 22:10 - 00001055 _____ C:\AdwCleaner[S1].txt
2013-07-23 22:11 - 2013-03-13 22:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 22:09 - 2013-07-23 22:09 - 00666633 _____ C:\Users\Xplosion\Desktop\adwcleaner.exe
2013-07-23 22:06 - 2013-07-16 20:56 - 00003138 _____ C:\Windows\PFRO.log
2013-07-23 16:56 - 2013-07-23 16:56 - 00019710 _____ C:\ComboFix.txt
2013-07-23 16:56 - 2013-07-23 16:48 - 00000000 ____D C:\Qoobox
2013-07-23 16:55 - 2013-07-23 16:48 - 00000000 ____D C:\Windows\erdnt
2013-07-23 16:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-23 16:48 - 2013-07-23 16:47 - 05092552 ____R (Swearware) C:\Users\Xplosion\Desktop\ComboFix.exe
2013-07-22 20:00 - 2012-10-28 02:04 - 00000000 ____D C:\Users\Xplosion\Documents\FIFA 13
2013-07-22 19:58 - 2013-07-16 21:56 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-22 17:50 - 2013-07-22 17:45 - 00017044 _____ C:\Users\Xplosion\Desktop\Addition.txt
2013-07-22 17:44 - 2013-07-22 17:44 - 00000000 ____D C:\FRST
2013-07-22 17:42 - 2013-07-22 17:42 - 01779363 _____ (Farbar) C:\Users\Xplosion\Desktop\FRST64.exe
2013-07-21 23:05 - 2013-07-21 23:05 - 00000746 _____ C:\Users\Xplosion\Desktop\Kaspersky.txt
2013-07-21 23:00 - 2013-07-21 23:00 - 00002761 _____ C:\Users\Xplosion\Desktop\Gmer.txt
2013-07-21 22:31 - 2013-07-21 22:31 - 00043718 _____ C:\Users\Xplosion\Desktop\Extras.Txt
2013-07-21 22:30 - 2013-07-21 22:30 - 00377856 _____ C:\Users\Xplosion\Desktop\gmer_2.1.19163.exe
2013-07-21 22:30 - 2013-07-21 22:30 - 00071480 _____ C:\Users\Xplosion\Desktop\OTL.Txt
2013-07-21 22:24 - 2013-07-21 22:24 - 00000478 _____ C:\Users\Xplosion\Desktop\defogger_disable.log
2013-07-21 22:24 - 2013-07-21 22:24 - 00000000 _____ C:\Users\Xplosion\defogger_reenable
2013-07-21 22:24 - 2012-10-27 23:31 - 00000000 ____D C:\Users\Xplosion
2013-07-21 22:22 - 2013-07-21 22:22 - 00050477 _____ C:\Users\Xplosion\Desktop\Defogger.exe
2013-07-21 22:11 - 2013-07-21 22:11 - 00602112 _____ (OldTimer Tools) C:\Users\Xplosion\Desktop\OTL.exe
2013-07-21 22:03 - 2012-10-28 02:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:12 - 2013-05-16 07:27 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-07-21 15:05 - 2013-07-21 15:05 - 00002336 _____ C:\Users\Xplosion\Desktop\Sicherer Zahlungsverkehr.lnk
2013-07-21 15:04 - 2013-07-21 15:04 - 00001146 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-21 14:58 - 2012-10-28 01:48 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-20 23:44 - 2012-10-28 03:48 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\.purple
2013-07-17 18:35 - 2013-07-16 21:56 - 00000000 ____D C:\ProgramData\Origin
2013-07-17 18:35 - 2013-07-16 21:56 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-17 18:31 - 2013-07-17 18:31 - 00001242 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2013-07-17 18:30 - 2013-07-17 18:29 - 00017627 _____ C:\Windows\DirectX.log
2013-07-16 22:50 - 2013-07-16 21:58 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-16 22:49 - 2013-07-16 21:58 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\Origin
2013-07-16 22:37 - 2013-07-16 21:58 - 00000000 ____D C:\Users\Xplosion\AppData\Local\Origin
2013-07-16 21:56 - 2013-07-16 21:56 - 00000975 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-16 21:55 - 2013-07-16 21:55 - 00000000 ____D C:\Users\Xplosion\Desktop\FIFA 13
2013-07-16 20:57 - 2013-07-16 20:57 - 00000000 _____ C:\Windows\setuperr.log
2013-07-16 20:57 - 2012-10-28 00:18 - 00000000 ____D C:\Windows\Panther
2013-07-16 20:57 - 2009-07-14 06:45 - 00294848 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 20:56 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 20:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 20:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-14 17:59 - 2012-10-31 18:58 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-14 17:52 - 2012-10-28 01:57 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\AIMP3
2013-07-14 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-14 16:01 - 2013-03-16 01:52 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\vlc
2013-07-14 15:59 - 2013-07-14 15:59 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\dvdcss
2013-07-14 15:38 - 2013-07-14 15:38 - 00000000 ____D C:\Users\Xplosion\Desktop\Die.vielen.Abenteuer.von.Winnie.Pooh.1977.German.DL.Untouched.DVD9
2013-07-14 14:54 - 2012-10-28 02:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-08 22:24 - 2012-10-30 22:58 - 00000000 ____D C:\Program Files\CCleaner
2013-07-08 22:21 - 2012-10-28 02:16 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-08 20:51 - 2013-07-08 20:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-01 21:25 - 2013-07-01 21:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-01 21:25 - 2012-10-28 01:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-01 21:09 - 2013-07-01 21:09 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 21:09 - 2013-01-22 22:47 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-01 21:09 - 2013-01-22 22:47 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-01 21:06 - 2013-07-01 21:06 - 00000000 ____D C:\Users\Xplosion\AppData\Local\NVIDIA
2013-07-01 21:01 - 2012-10-28 01:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-06-29 10:38 - 2012-10-27 23:32 - 00001405 _____ C:\Users\Xplosion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-27 22:24 - 2013-06-27 22:24 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-27 22:23 - 2013-06-27 22:23 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-24 21:34 - 2012-10-28 01:57 - 00000000 ____D C:\Program Files (x86)\AIMP3
2013-06-24 21:30 - 2012-10-31 22:13 - 00268952 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-24 21:30 - 2012-10-31 22:12 - 00268952 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-14 16:47

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Bevor ich diese o.g. Proggis von dir starte und Kaspersky beende sagt er mir immer es sind 16 oder 8 Netzwerkverbindung aktiv, diese werden nach so und so vielen Sekunden automatisch getrennt oder man kann sie sofort trennen? Was hat das auf sich?

Warum gibt es jetzt bei Frst keine Addition.log ???

Danke im voraus!

MFG Xplosion

Alt 24.07.2013, 11:40   #12
schrauber
/// the machine
/// TB-Ausbilder
 

HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Die wird nur beim ersten Mal erstellt.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.07.2013, 21:01   #13
Xplosion
 
HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Hi Schrauber,

hier die logs!

Eset online scanner:

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2ee10679aa6f7940a7ab8da4af401f99
# engine=14518
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-24 04:47:12
# local_time=2013-07-24 06:47:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777214 100 98 3324 29454354 0 0
# compatibility_mode=5893 16776573 100 94 73469 126314282 0 0
# scanned=40837
# found=1
# cleaned=0
# scan_time=2811
sh=D58DF295F8494D2A47ED06BBCE71260ADC006FC9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Xplosion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\54ce3ba-34856fb8"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2ee10679aa6f7940a7ab8da4af401f99
# engine=14518
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-24 06:44:27
# local_time=2013-07-24 08:44:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777214 100 98 10359 29461389 0 0
# compatibility_mode=5893 16776573 100 94 9746 126321317 0 0
# scanned=155911
# found=1
# cleaned=0
# scan_time=6985
sh=D58DF295F8494D2A47ED06BBCE71260ADC006FC9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Xplosion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\54ce3ba-34856fb8"
Security Check:

Zitat:
Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Thunderbird (17.0.7)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Xplosion (administrator) on 24-07-2013 20:52:44
Running from C:\Users\Xplosion\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-05-16] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\Xplosion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-16] (Kaspersky Lab ZAO)
R2 Brother XP spl Service; C:\Windows\SysWow64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-31] ()

==================== Drivers (Whitelisted) ====================

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-28] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-05-16] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-05-16] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-16] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-24 18:40 - 2013-07-24 18:40 - 00891062 _____ C:\Users\Xplosion\Desktop\SecurityCheck.exe
2013-07-24 17:55 - 2013-07-24 17:55 - 02347384 _____ (ESET) C:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe
2013-07-23 22:20 - 2013-07-23 22:20 - 00000832 _____ C:\Users\Xplosion\Desktop\JRT.txt
2013-07-23 22:15 - 2013-07-23 22:15 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 22:14 - 2013-07-23 22:14 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Xplosion\Desktop\JRT.exe
2013-07-23 22:10 - 2013-07-23 22:11 - 00001055 _____ C:\AdwCleaner[S1].txt
2013-07-23 22:09 - 2013-07-23 22:09 - 00666633 _____ C:\Users\Xplosion\Desktop\adwcleaner.exe
2013-07-23 16:56 - 2013-07-23 16:56 - 00019710 _____ C:\ComboFix.txt
2013-07-23 16:50 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-23 16:50 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-23 16:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-23 16:50 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-23 16:48 - 2013-07-23 16:56 - 00000000 ____D C:\Qoobox
2013-07-23 16:48 - 2013-07-23 16:55 - 00000000 ____D C:\Windows\erdnt
2013-07-23 16:47 - 2013-07-23 16:48 - 05092552 ____R (Swearware) C:\Users\Xplosion\Desktop\ComboFix.exe
2013-07-22 17:45 - 2013-07-22 17:50 - 00017044 _____ C:\Users\Xplosion\Desktop\Addition.txt
2013-07-22 17:44 - 2013-07-22 17:44 - 00000000 ____D C:\FRST
2013-07-22 17:42 - 2013-07-22 17:42 - 01779363 _____ (Farbar) C:\Users\Xplosion\Desktop\FRST64.exe
2013-07-21 23:05 - 2013-07-21 23:05 - 00000746 _____ C:\Users\Xplosion\Desktop\Kaspersky.txt
2013-07-21 23:00 - 2013-07-21 23:00 - 00002761 _____ C:\Users\Xplosion\Desktop\Gmer.txt
2013-07-21 22:31 - 2013-07-21 22:31 - 00043718 _____ C:\Users\Xplosion\Desktop\Extras.Txt
2013-07-21 22:30 - 2013-07-21 22:30 - 00377856 _____ C:\Users\Xplosion\Desktop\gmer_2.1.19163.exe
2013-07-21 22:30 - 2013-07-21 22:30 - 00071480 _____ C:\Users\Xplosion\Desktop\OTL.Txt
2013-07-21 22:24 - 2013-07-21 22:24 - 00000478 _____ C:\Users\Xplosion\Desktop\defogger_disable.log
2013-07-21 22:24 - 2013-07-21 22:24 - 00000000 _____ C:\Users\Xplosion\defogger_reenable
2013-07-21 22:22 - 2013-07-21 22:22 - 00050477 _____ C:\Users\Xplosion\Desktop\Defogger.exe
2013-07-21 22:11 - 2013-07-21 22:11 - 00602112 _____ (OldTimer Tools) C:\Users\Xplosion\Desktop\OTL.exe
2013-07-21 15:05 - 2013-07-21 15:05 - 00002336 _____ C:\Users\Xplosion\Desktop\Sicherer Zahlungsverkehr.lnk
2013-07-21 15:04 - 2013-07-21 15:04 - 00001146 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-21 15:04 - 2013-05-16 07:27 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-07-21 15:02 - 2013-07-24 17:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-21 15:02 - 2013-05-16 07:27 - 00620128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-21 15:02 - 2013-05-16 07:27 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-17 18:31 - 2013-07-17 18:31 - 00001242 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2013-07-17 18:29 - 2013-07-17 18:30 - 00017627 _____ C:\Windows\DirectX.log
2013-07-16 21:58 - 2013-07-16 22:50 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-16 21:58 - 2013-07-16 22:49 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\Origin
2013-07-16 21:58 - 2013-07-16 22:37 - 00000000 ____D C:\Users\Xplosion\AppData\Local\Origin
2013-07-16 21:56 - 2013-07-22 19:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-16 21:56 - 2013-07-17 18:35 - 00000000 ____D C:\ProgramData\Origin
2013-07-16 21:56 - 2013-07-17 18:35 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-16 21:56 - 2013-07-16 21:56 - 00000975 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-16 21:55 - 2013-07-16 21:55 - 00000000 ____D C:\Users\Xplosion\Desktop\FIFA 13
2013-07-16 20:57 - 2013-07-24 20:26 - 00001344 _____ C:\Windows\setupact.log
2013-07-16 20:57 - 2013-07-16 20:57 - 00000000 _____ C:\Windows\setuperr.log
2013-07-16 20:56 - 2013-07-23 22:06 - 00003138 _____ C:\Windows\PFRO.log
2013-07-14 17:58 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 17:58 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-14 17:58 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 17:58 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-14 17:58 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 17:58 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-14 17:58 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-14 17:58 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-14 17:58 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 17:58 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 15:59 - 2013-07-14 15:59 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\dvdcss
2013-07-14 15:41 - 2012-11-07 14:36 - 733327360 _____ C:\Users\Xplosion\Desktop\Winnie_Puuh-Honigsuesse_Abenteuer-Die_kleinen_Entdecker-German-2004-AC3-DVDRiP-XviD-oNePiEcE.avi
2013-07-14 15:41 - 2012-11-07 11:35 - 733898752 _____ C:\Users\Xplosion\Desktop\Winnie_Puuh-Unzertrennliche_Freunde-German-2004-AC3-DVDRiP-XviD-oNePiEcE.avi
2013-07-14 15:41 - 2009-01-11 05:21 - 698928204 _____ C:\Users\Xplosion\Desktop\Winnie.Puuh.auf.großer.Reise.German.2006.MP3.DVDRip.DivX.-.iND.avi
2013-07-14 15:38 - 2013-07-14 15:38 - 00000000 ____D C:\Users\Xplosion\Desktop\Die.vielen.Abenteuer.von.Winnie.Pooh.1977.German.DL.Untouched.DVD9
2013-07-14 15:06 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 15:06 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 15:06 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 15:06 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 15:05 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 15:05 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 15:05 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 20:50 - 2013-07-08 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-01 21:25 - 2013-07-01 21:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-01 21:17 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-07-01 21:17 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-07-01 21:17 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 21:06 - 2013-07-01 21:06 - 00000000 ____D C:\Users\Xplosion\AppData\Local\NVIDIA
2013-06-29 10:43 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-29 10:43 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-27 22:23 - 2013-06-27 22:23 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

==================== One Month Modified Files and Folders =======

2013-07-24 20:27 - 2013-03-13 22:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 20:27 - 2012-10-27 23:22 - 01191304 _____ C:\Windows\WindowsUpdate.log
2013-07-24 20:26 - 2013-07-16 20:57 - 00001344 _____ C:\Windows\setupact.log
2013-07-24 18:47 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-07-24 18:47 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-07-24 18:47 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 18:40 - 2013-07-24 18:40 - 00891062 _____ C:\Users\Xplosion\Desktop\SecurityCheck.exe
2013-07-24 17:59 - 2009-07-14 06:45 - 00018608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 17:59 - 2009-07-14 06:45 - 00018608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 17:55 - 2013-07-24 17:55 - 02347384 _____ (ESET) C:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe
2013-07-24 17:52 - 2013-07-21 15:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-24 17:51 - 2012-10-28 01:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-24 17:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 22:20 - 2013-07-23 22:20 - 00000832 _____ C:\Users\Xplosion\Desktop\JRT.txt
2013-07-23 22:15 - 2013-07-23 22:15 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 22:14 - 2013-07-23 22:14 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Xplosion\Desktop\JRT.exe
2013-07-23 22:11 - 2013-07-23 22:10 - 00001055 _____ C:\AdwCleaner[S1].txt
2013-07-23 22:09 - 2013-07-23 22:09 - 00666633 _____ C:\Users\Xplosion\Desktop\adwcleaner.exe
2013-07-23 22:06 - 2013-07-16 20:56 - 00003138 _____ C:\Windows\PFRO.log
2013-07-23 16:56 - 2013-07-23 16:56 - 00019710 _____ C:\ComboFix.txt
2013-07-23 16:56 - 2013-07-23 16:48 - 00000000 ____D C:\Qoobox
2013-07-23 16:55 - 2013-07-23 16:48 - 00000000 ____D C:\Windows\erdnt
2013-07-23 16:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-23 16:48 - 2013-07-23 16:47 - 05092552 ____R (Swearware) C:\Users\Xplosion\Desktop\ComboFix.exe
2013-07-22 20:00 - 2012-10-28 02:04 - 00000000 ____D C:\Users\Xplosion\Documents\FIFA 13
2013-07-22 19:58 - 2013-07-16 21:56 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-22 17:50 - 2013-07-22 17:45 - 00017044 _____ C:\Users\Xplosion\Desktop\Addition.txt
2013-07-22 17:44 - 2013-07-22 17:44 - 00000000 ____D C:\FRST
2013-07-22 17:42 - 2013-07-22 17:42 - 01779363 _____ (Farbar) C:\Users\Xplosion\Desktop\FRST64.exe
2013-07-21 23:05 - 2013-07-21 23:05 - 00000746 _____ C:\Users\Xplosion\Desktop\Kaspersky.txt
2013-07-21 23:00 - 2013-07-21 23:00 - 00002761 _____ C:\Users\Xplosion\Desktop\Gmer.txt
2013-07-21 22:31 - 2013-07-21 22:31 - 00043718 _____ C:\Users\Xplosion\Desktop\Extras.Txt
2013-07-21 22:30 - 2013-07-21 22:30 - 00377856 _____ C:\Users\Xplosion\Desktop\gmer_2.1.19163.exe
2013-07-21 22:30 - 2013-07-21 22:30 - 00071480 _____ C:\Users\Xplosion\Desktop\OTL.Txt
2013-07-21 22:24 - 2013-07-21 22:24 - 00000478 _____ C:\Users\Xplosion\Desktop\defogger_disable.log
2013-07-21 22:24 - 2013-07-21 22:24 - 00000000 _____ C:\Users\Xplosion\defogger_reenable
2013-07-21 22:24 - 2012-10-27 23:31 - 00000000 ____D C:\Users\Xplosion
2013-07-21 22:22 - 2013-07-21 22:22 - 00050477 _____ C:\Users\Xplosion\Desktop\Defogger.exe
2013-07-21 22:11 - 2013-07-21 22:11 - 00602112 _____ (OldTimer Tools) C:\Users\Xplosion\Desktop\OTL.exe
2013-07-21 22:03 - 2012-10-28 02:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:12 - 2013-05-16 07:27 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-07-21 15:05 - 2013-07-21 15:05 - 00002336 _____ C:\Users\Xplosion\Desktop\Sicherer Zahlungsverkehr.lnk
2013-07-21 15:04 - 2013-07-21 15:04 - 00001146 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-21 15:02 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-21 14:58 - 2012-10-28 01:48 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-20 23:44 - 2012-10-28 03:48 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\.purple
2013-07-17 18:35 - 2013-07-16 21:56 - 00000000 ____D C:\ProgramData\Origin
2013-07-17 18:35 - 2013-07-16 21:56 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-17 18:31 - 2013-07-17 18:31 - 00001242 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2013-07-17 18:30 - 2013-07-17 18:29 - 00017627 _____ C:\Windows\DirectX.log
2013-07-16 22:50 - 2013-07-16 21:58 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-16 22:49 - 2013-07-16 21:58 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\Origin
2013-07-16 22:37 - 2013-07-16 21:58 - 00000000 ____D C:\Users\Xplosion\AppData\Local\Origin
2013-07-16 21:56 - 2013-07-16 21:56 - 00000975 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-16 21:55 - 2013-07-16 21:55 - 00000000 ____D C:\Users\Xplosion\Desktop\FIFA 13
2013-07-16 20:57 - 2013-07-16 20:57 - 00000000 _____ C:\Windows\setuperr.log
2013-07-16 20:57 - 2012-10-28 00:18 - 00000000 ____D C:\Windows\Panther
2013-07-16 20:57 - 2009-07-14 06:45 - 00294848 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 20:56 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 20:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 20:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-14 17:59 - 2012-10-31 18:58 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-14 17:52 - 2012-10-28 01:57 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\AIMP3
2013-07-14 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-14 16:01 - 2013-03-16 01:52 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\vlc
2013-07-14 15:59 - 2013-07-14 15:59 - 00000000 ____D C:\Users\Xplosion\AppData\Roaming\dvdcss
2013-07-14 15:38 - 2013-07-14 15:38 - 00000000 ____D C:\Users\Xplosion\Desktop\Die.vielen.Abenteuer.von.Winnie.Pooh.1977.German.DL.Untouched.DVD9
2013-07-14 14:54 - 2012-10-28 02:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-08 22:24 - 2012-10-30 22:58 - 00000000 ____D C:\Program Files\CCleaner
2013-07-08 22:21 - 2012-10-28 02:16 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-08 20:51 - 2013-07-08 20:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-01 21:25 - 2013-07-01 21:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-01 21:25 - 2012-10-28 01:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-01 21:09 - 2013-07-01 21:09 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 21:09 - 2013-07-01 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 21:09 - 2013-07-01 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 21:09 - 2013-01-22 22:47 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-01 21:09 - 2013-01-22 22:47 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-01 21:06 - 2013-07-01 21:06 - 00000000 ____D C:\Users\Xplosion\AppData\Local\NVIDIA
2013-07-01 21:01 - 2012-10-28 01:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-06-29 10:38 - 2012-10-27 23:32 - 00001405 _____ C:\Users\Xplosion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-06-29 10:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-27 22:24 - 2013-06-27 22:24 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-06-27 22:24 - 2013-06-27 22:24 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-27 22:24 - 2013-06-27 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-27 22:24 - 2013-06-27 22:24 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-27 22:24 - 2013-06-27 22:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-06-27 22:24 - 2013-06-27 22:24 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-27 22:23 - 2013-06-27 22:23 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-27 22:23 - 2013-06-27 22:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-24 21:34 - 2012-10-28 01:57 - 00000000 ____D C:\Program Files (x86)\AIMP3
2013-06-24 21:30 - 2012-10-31 22:13 - 00268952 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-24 21:30 - 2012-10-31 22:12 - 00268952 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-14 16:47

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Anbei einmal ein Bild was auftaucht, sofern ich Kaspersky beende, ist das normal mit den ganzen Netzwerkverbindungen?

Gruß Xplosion
Miniaturansicht angehängter Grafiken
HEUR:Exploit.Java.CVE-2013-2423.gen-verbindungen.jpg  

Alt 25.07.2013, 08:27   #14
schrauber
/// the machine
/// TB-Ausbilder
 

HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Normal nicht. Deinstalliere mal KAV und installiere es neu.


Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2013, 19:41   #15
Xplosion
 
HEUR:Exploit.Java.CVE-2013-2423.gen - Standard

HEUR:Exploit.Java.CVE-2013-2423.gen



Hier die log


Zitat:
MiniToolBox by Farbar Version: 13-07-2013
Ran by Xplosion (administrator) on 25-07-2013 at 19:40:12
Running from "C:\Users\Xplosion\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Drahtlosnetzwerkverbindung (Connected)
Marvell Yukon 88E8056 PCI-E-Gigabit-Ethernet-Controller = LAN-Verbindung 2 (Hardware not present)
Realtek RTL8169/8110-Familie-PCI-Gigabit-Ethernet-NIC (NDIS 6.20) = LAN-Verbindung (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Drahtlosnetzwerkverbindung 2 (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

Hostname . . . . . . . . . . . . : Xplosion-PC
Prim„res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : fritz.box

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physikalische Adresse . . . . . . : 00-15-AF-64-EF-6E
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Verbindungsspezifisches DNS-Suffix: fritz.box
Beschreibung. . . . . . . . . . . : Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Physikalische Adresse . . . . . . : 00-15-AF-64-EF-6E
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::9c90:8ea6:9450:ad0d%13(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.178.21(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Donnerstag, 25. Juli 2013 19:30:51
Lease l„uft ab. . . . . . . . . . : Sonntag, 4. August 2013 19:37:29
Standardgateway . . . . . . . . . : 192.168.178.1
DHCP-Server . . . . . . . . . . . : 192.168.178.1
DHCPv6-IAID . . . . . . . . . . . : 385881519
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-18-1E-08-F0-00-1F-C6-0B-21-B5
DNS-Server . . . . . . . . . . . : 192.168.178.1
NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Realtek RTL8169/8110-Familie-PCI-Gigabit-Ethernet-NIC (NDIS 6.20)
Physikalische Adresse . . . . . . : 00-1F-C6-0B-21-B5
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.fritz.box:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: fritz.box
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 4:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fd:18f4:11a0:a86b:be1(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::18f4:11a0:a86b:be1%12(Bevorzugt)
Standardgateway . . . . . . . . . : ::
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
Server: fritz.box
Address: 192.168.178.1

Name: google.com
Addresses: 2a00:1450:4001:c02::8a
173.194.70.101
173.194.70.113
173.194.70.139
173.194.70.100
173.194.70.138
173.194.70.102


Ping wird ausgefhrt fr google.com [173.194.70.101] mit 32 Bytes Daten:
Antwort von 173.194.70.101: Bytes=32 Zeit=32ms TTL=50
Antwort von 173.194.70.101: Bytes=32 Zeit=30ms TTL=50

Ping-Statistik fr 173.194.70.101:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 30ms, Maximum = 32ms, Mittelwert = 31ms
Server: fritz.box
Address: 192.168.178.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45


Ping wird ausgefhrt fr yahoo.com [98.138.253.109] mit 32 Bytes Daten:
Antwort von 98.138.253.109: Bytes=32 Zeit=156ms TTL=53
Antwort von 98.138.253.109: Bytes=32 Zeit=157ms TTL=52

Ping-Statistik fr 98.138.253.109:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 156ms, Maximum = 157ms, Mittelwert = 156ms

Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik fr 127.0.0.1:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
15...00 15 af 64 ef 6e ......Microsoft Virtual WiFi Miniport Adapter
13...00 15 af 64 ef 6e ......Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
10...00 1f c6 0b 21 b5 ......Realtek RTL8169/8110-Familie-PCI-Gigabit-Ethernet-NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.178.1 192.168.178.21 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
192.168.178.0 255.255.255.0 Auf Verbindung 192.168.178.21 281
192.168.178.21 255.255.255.255 Auf Verbindung 192.168.178.21 281
192.168.178.255 255.255.255.255 Auf Verbindung 192.168.178.21 281
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.178.21 281
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.178.21 281
===========================================================================
St„ndige Routen:
Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
12 58 ::/0 Auf Verbindung
1 306 ::1/128 Auf Verbindung
12 58 2001::/32 Auf Verbindung
12 306 2001:0:5ef5:79fd:18f4:11a0:a86b:be1/128
Auf Verbindung
13 281 fe80::/64 Auf Verbindung
12 306 fe80::/64 Auf Verbindung
12 306 fe80::18f4:11a0:a86b:be1/128
Auf Verbindung
13 281 fe80::9c90:8ea6:9450:ad0d/128
Auf Verbindung
1 306 ff00::/8 Auf Verbindung
12 306 ff00::/8 Auf Verbindung
13 281 ff00::/8 Auf Verbindung
===========================================================================
St„ndige Routen:
Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/24/2013 09:27:30 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2013 09:27:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2013 09:27:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2013 08:46:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2013 06:47:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2013 05:58:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2013 05:57:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2013 05:55:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/25/2013 07:36:35 PM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/25/2013 07:30:21 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2013 05:52:52 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (07/24/2013 09:27:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe

Error: (07/24/2013 09:27:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe

Error: (07/24/2013 09:27:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe

Error: (07/24/2013 08:46:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/24/2013 06:47:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe

Error: (07/24/2013 05:58:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe

Error: (07/24/2013 05:57:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe

Error: (07/24/2013 05:55:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Xplosion\Desktop\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
Date: 2013-07-24 21:27:03.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-24 21:27:03.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-24 21:27:03.763
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-24 21:27:03.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-24 21:27:03.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-24 21:27:03.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-23 16:54:40.134
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-07-23 16:54:40.072
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-07-22 18:23:24.856
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-22 18:23:24.856
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


=========================== Installed Programs ============================

7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AIMP3 (Version: v3.50.1277, 19.06.2013)
Brother MFL-Pro Suite MFC-J5910DW (Version: 1.0.5.0)
CCleaner (Version: 4.03)
CDBurnerXP (Version: 4.5.0.3717)
DAEMON Tools Lite (Version: 4.45.4.0316)
ElsterFormular (Version: 14.0.0.10899)
FIFA 13 (Version: 1.8.0.0)
FreePDF (Remove only)
GPL Ghostscript (Version: 9.04)
IrfanView (remove only) (Version: 4.35)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Maintenance Service (Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.125.816)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 6.4.23 (Version: 6.4.23)
NVIDIA Update Components (Version: 6.4.23)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Opera 12.16 (Version: 12.16.1860)
Origin (Version: 9.2.1.4399)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
Pidgin (Version: 2.10.6)
RedMon - Redirection Port Monitor
Scansoft PDF Professional
TrueCrypt (Version: 7.1a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VLC media player 2.0.7 (Version: 2.0.7)

========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 8191.11 MB
Available physical RAM: 6721.56 MB
Total Pagefile: 16380.41 MB
Available Pagefile: 14829.51 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.19 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:302.83 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\XPLOSION-PC

Administrator Gast UpdatusUser
Xplosion
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Antwort

Themen zu HEUR:Exploit.Java.CVE-2013-2423.gen
7-zip, adobe reader xi, bho, ebanking, error, fehler, firefox, flash player, google, helper, heur, home, homepage, iexplore.exe, install.exe, logfile, mozilla, object, origin, programm, realtek, registry, scan, security, software, svchost.exe, taskhost.exe, tastatur, trojaner, trojaner board, windows



Ähnliche Themen: HEUR:Exploit.Java.CVE-2013-2423.gen


  1. Gemeiner Trojaner HEUR:Exploit.Java.CVE-2013-2423.gen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2015 (15)
  2. ZoneAlarm hat zwei Viren gefunden: HEUR:Exploit.Script.Generic und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 21.02.2014 (15)
  3. Windows 7: Kaspersky Internet Security 2013 findet Trojaner HEUR:Exploit.Java.CVE-2013-1493.gen
    Log-Analyse und Auswertung - 20.11.2013 (57)
  4. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  5. Win XP HEUR:Exploit.Java.CVE-2013/2423.gen
    Log-Analyse und Auswertung - 07.09.2013 (1)
  6. HEUR:Exploit.Java.CVE-2013-0413.gen
    Log-Analyse und Auswertung - 02.09.2013 (19)
  7. HEUR:EXPLOIT.Java.CVE-2013-1493a - 3 Mal Maleware von Kaspersky gefunden
    Log-Analyse und Auswertung - 23.08.2013 (23)
  8. Trojaner: HEUR:Exploit.Java.CVE-2013-0431.gen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (84)
  9. AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27
    Log-Analyse und Auswertung - 24.07.2013 (13)
  10. Exploit:Java/CVE-2013 etc.
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (23)
  11. Deinstallieren von : HEUR: Exploit.Java.CVE-2013-2423.gen
    Log-Analyse und Auswertung - 19.06.2013 (7)
  12. Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?
    Log-Analyse und Auswertung - 09.06.2013 (19)
  13. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  14. variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus
    Log-Analyse und Auswertung - 12.05.2013 (15)
  15. Kaspersky meldet "Gefunden: HEUR:Exploit.Java.CVE-2013-0422.gen"
    Log-Analyse und Auswertung - 14.04.2013 (12)
  16. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  17. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)

Zum Thema HEUR:Exploit.Java.CVE-2013-2423.gen - Hallo Trojaner board, mich hat es erwischt. Kaspersky Internet Security 2013 (Testversion) hat bei mir das Tjojanische Pferd HEUR:Exploit.Java.CVE-2013-2423.gen gefunden und kann es nicht löschen oder reparieren. Ich hatte vorher - HEUR:Exploit.Java.CVE-2013-2423.gen...
Archiv
Du betrachtest: HEUR:Exploit.Java.CVE-2013-2423.gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.