| |
| |||||||
Log-Analyse und Auswertung: loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.03.2014, 18:27
| #1 |
| |  loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt Seit einem Usenet.nl download gestern abend taucht immer wieder ein Fenster auf, das besagt, dass diese Version der Datei nicht mit der ausgeführten Windowsversion kompatibel ist. Das Programm kann wohl nicht starten und damit auch keinen Schaden anrichten. Es liegt unter c:\users.....\appdata\roaming Allerdings erscheint es nach jedem Löschen wieder neu und erzählzt die gleiche Geschichte wie oben beschrieben.  Gesichert ist mein System mit Trend Micro Titanium Maximun Security (kein Fund angezeigt) Habe bereits MalwareBytes über die Platte laufen lassen, keine Threads... Meine Frage ist jetzt, wo sich die Quelldatei versteckt, die die loadit.exe immer wieder re-animiert. Hier die notwendigen Logs: FRST.LOG Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014 Ran by Marten (ATTENTION: The logged in user is not administrator) on DRACONIS7 on 04-03-2014 18:06:32 Running from C:\Users\Marten\Downloads Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (Spotify Ltd) C:\Users\Marten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Dell) C:\Users\Marten\AppData\Local\Apps\2.0\NK0CTZP8.AGW\6OK15EXD.KCA\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\ Extreme Torture Tits Needles Torture 3.exe (Dropbox, Inc.) C:\Users\Marten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Facebook) C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.) HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.) HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [326760 2011-05-21] (NVIDIA Corporation) HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1692264 2011-05-05] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe [2080768 2009-08-23] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF6 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-07-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Nuance PDF Professional 6-reminder] - C:\Program Files (x86)\Nuance\PDF Professional 6\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [451072 2013-12-05] (IVT Corporation) HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM\...\RunOnce: [DCERegBootClean64] - C:\Windows\RegBootClean64.exe [238128 2014-03-03] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [Spotify Web Helper] - C:\Users\Marten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-11] (Spotify Ltd) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [DellSystemDetect] - C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [Facebook Update] - C:\Users\Marten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-27] (Facebook Inc.) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {4ccf2fc1-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {4ccf3001-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {780920ab-3310-11e3-b9e8-001c23543895} - H:\AutoRun.exe HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {8d9320ec-e995-11e2-a37c-001c2301c021} - G:\setup.exe Lsa: [Notification Packages] scecli IVTCredentialProvider Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk ShortcutTarget: AutoStarter.lnk -> C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\ Extreme Torture Tits Needles Torture 3.exe () Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MG4200 series Printer.lnk ShortcutTarget: Canon IJ Status Monitor Canon MG4200 series Printer.lnk -> C:\Users\Marten\CNMSSC~1.DLL,SMStarterEntryPoint CNBJNP_180CACF31932;Canon MG4200 series Printer;cnmss Canon MG4200 series Printer (Local).dll;Canon IJ Status Monitor Canon MG4200 series Printer.lnk (No File) Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Marten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x67E81BD1A27DCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{43984D79-143C-4611-A099-09FB894FA2AE}: [NameServer]85.214.20.141,213.73.91.35 FireFox: ======== FF ProfilePath: C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Marten\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF Extension: Garmin Communicator - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-26] FF Extension: EPUBReader - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-03-01] FF Extension: DownloadHelper - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-27] FF Extension: Ghostery - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\firefox@ghostery.com.xpi [2014-02-27] FF Extension: Download YouTube Videos as MP4 - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-02-27] FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-04] FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-04] FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-07-10] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [] FF HKLM-x32\...\Firefox\Extensions: [isend@www.bluesoleil.com] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com FF Extension: BlueSoleil Extension - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com [2013-12-25] FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked FF Extension: PHPEdit Xdebug Extension - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked [2014-02-21] Chrome: ======= CHR Extension: (Google Drive) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20] CHR Extension: (TrendMicro BEP Extension) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-09-19] CHR Extension: (TrendMicro Toolbar) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj [2013-09-19] CHR Extension: (Ghostery) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-02-27] CHR Extension: (Google Wallet) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20] CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08] CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2013-12-04] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Marten\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-20] CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08] CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx [2013-07-10] ==================== Services (Whitelisted) ================= R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3214216 2013-12-06] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2013-12-05] (IVT Corporation) R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [266752 2013-12-04] (IVT Corporation) S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] () S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.) R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) R2 TorchCrashHandler; C:\Users\Admin\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205760 2013-12-21] (TorchMedia Inc.) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X] ==================== Drivers (Whitelisted) ==================== S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation) S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation) S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.) S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43104 2013-10-10] (IVT Corporation.) R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-10] (DT Soft Ltd) R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.) R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25568 2013-04-26] (IVT Corporation.) R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.) R1 NvtSp50; C:\Windows\System32\DRIVERS\NvtSp50.sys [27648 2008-06-10] (Printing Novatel Wireless Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.) S3 athr; system32\DRIVERS\athrx.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-04 18:06 - 2014-03-04 18:07 - 00024538 _____ () C:\Users\Marten\Downloads\FRST.txt 2014-03-04 18:06 - 2014-03-04 18:06 - 00000000 ____D () C:\FRST 2014-03-04 18:05 - 2014-03-04 18:05 - 02156544 _____ (Farbar) C:\Users\Marten\Downloads\FRST64.exe 2014-03-03 22:39 - 2014-03-03 23:10 - 00024088 _____ () C:\Users\Marten\AppData\Roaming\loadit.exe 2014-03-03 22:30 - 2014-03-03 22:30 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-03 22:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-03 22:28 - 2014-03-03 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marten\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-03 22:21 - 2014-03-03 22:21 - 00035939 _____ () C:\Users\Marten\Downloads\torture (1).nzb 2014-03-03 22:15 - 2014-03-03 22:15 - 00023905 _____ () C:\Users\Marten\Downloads\torture.nzb 2014-03-03 22:10 - 2014-03-03 22:39 - 00004056 _____ () C:\Windows\RegBootClean64.CFG 2014-03-03 21:58 - 2014-03-03 21:58 - 00017484 _____ () C:\Users\Marten\Downloads\Rape-and-Abuse-Movies-grope449.avi-104087kbytes.nzb 2014-03-03 21:57 - 2014-03-03 21:57 - 00024587 _____ () C:\Users\Marten\Downloads\Spontaneously raped his sister in the bathroom.rar.nzb 2014-03-03 21:50 - 2014-03-03 21:50 - 00023941 _____ () C:\Users\Marten\Downloads\Extreme Torture Tits Needles Torture 3.rar.nzb 2014-03-03 21:47 - 2014-03-03 21:47 - 00017335 _____ () C:\Users\Marten\Downloads\slave-c-Huge-needles-in-tits-then-hung-by-rope-of-them.rar.nzb 2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin.epub 2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin (1).epub 2014-02-28 15:12 - 2014-02-28 15:12 - 00009326 _____ () C:\Users\Marten\Documents\Marten_KPdatabase.kdbx 2014-02-27 22:32 - 2014-02-27 22:32 - 02079423 _____ () C:\Users\Marten\Downloads\mplayerc_20100214.zip 2014-02-27 19:48 - 2014-02-27 19:48 - 03782822 _____ (DownloadHelper ) C:\Users\Marten\Downloads\ConvertHelperSetup.exe 2014-02-26 21:24 - 2012-03-26 05:00 - 00105472 _____ (CANON INC.) C:\Users\Marten\cnmss Canon MG4200 series Printer (Local).dll 2014-02-25 23:17 - 2014-02-25 23:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit 2014-02-23 18:52 - 2014-02-23 18:53 - 11360969 _____ () C:\Users\Marten\Downloads\neXt Launcher 3D v3.06 Patched.apk 2014-02-23 15:24 - 2014-02-23 15:24 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann (1).epub 2014-02-23 15:21 - 2014-02-23 15:22 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann.epub 2014-02-22 01:50 - 2014-02-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-21 23:41 - 2014-02-21 23:41 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\WaterProof 2014-02-21 23:37 - 2014-02-21 23:37 - 00000955 _____ () C:\Users\Admin\Desktop\PHPEdit 5.0.0.lnk 2014-02-21 14:15 - 2014-02-21 14:15 - 00006104 _____ () C:\Users\Marten\Downloads\Der_Turm_HD-b5fqopmrbl3sf.dlc 2014-02-17 20:47 - 2014-03-04 17:07 - 00002121 _____ () C:\Windows\setupact.log 2014-02-17 20:47 - 2014-02-17 20:47 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-17 20:46 - 2014-03-04 17:07 - 00002558 _____ () C:\Windows\PFRO.log 2014-02-15 21:30 - 2014-02-15 21:31 - 00001127 _____ () C:\Users\Marten\Desktop\KPdatabase.lnk 2014-02-15 21:26 - 2014-02-15 21:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2 2014-02-15 21:09 - 2014-02-15 21:26 - 00001105 _____ () C:\Users\Admin\Desktop\KeePass 2.lnk 2014-02-15 21:08 - 2014-02-15 21:08 - 02537151 _____ (Dominik Reichl ) C:\Users\Marten\Downloads\KeePass-2.25-Setup.exe 2014-02-15 11:44 - 2014-02-15 11:44 - 04458384 _____ () C:\Users\Marten\Downloads\xirrus-wi-fi-monitor-win7gadgets-com.zip 2014-02-13 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 03:03 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 03:03 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 03:03 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-13 03:03 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 03:03 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-13 03:03 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-13 03:03 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 03:03 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-13 03:03 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 03:03 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 03:03 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-13 03:03 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-13 03:03 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 03:03 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-13 03:03 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 03:03 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-13 03:03 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 03:03 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-13 03:03 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-13 03:03 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 03:03 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 03:03 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 03:03 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-13 03:03 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 03:03 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 03:03 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 03:03 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-13 03:03 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 03:03 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-13 03:03 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 03:03 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 03:03 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 03:03 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 03:03 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-13 03:03 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 03:03 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 03:03 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-13 03:03 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 03:03 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-12 22:59 - 2014-02-18 23:27 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-02-12 15:57 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 15:57 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 15:21 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 15:21 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 15:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 15:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 14:50 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 14:50 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 14:50 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 14:50 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 14:50 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 14:50 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 14:50 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 14:50 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 14:50 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 14:50 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 14:50 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 14:50 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 14:50 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 14:50 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 14:50 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 14:50 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 14:50 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 14:50 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 12:57 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 12:57 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 12:57 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 12:57 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Mauton 2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Erxim 2014-02-11 23:13 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Yfwaix 2014-02-11 23:13 - 2014-02-11 23:16 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Afadd 2014-02-11 22:22 - 2014-02-11 22:22 - 00000872 _____ () C:\Users\Marten\Desktop\Load.lnk 2014-02-11 18:06 - 2014-02-11 18:06 - 00127080 _____ (Spotify Ltd) C:\Users\Marten\Downloads\SpotifySetup.exe 2014-02-11 17:20 - 2014-02-11 17:22 - 13166565 _____ () C:\Users\Marten\Downloads\CandiSoft_Load!_0.7.4.rar 2014-02-08 21:44 - 2014-02-08 21:44 - 00001176 _____ () C:\7259909nbg3334n.dlc 2014-02-08 20:51 - 2014-02-08 20:51 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-02-05 16:21 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-05 16:21 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-02-05 16:21 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-02-05 16:21 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-02-05 16:20 - 2014-02-05 16:21 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-04 22:23 - 2014-02-04 22:23 - 00000000 ____D () C:\Users\Marten\AppData\Local\BlueSoleil BLE 2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\RapidSolution 2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\CrashRpt 2014-02-04 21:34 - 2014-02-04 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt 2014-02-04 21:31 - 2014-02-04 21:31 - 00000000 ____D () C:\ProgramData\RapidSolution 2014-02-04 21:29 - 2014-02-04 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\RapidSolution 2014-02-04 18:32 - 2014-02-27 22:27 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Skype 2014-02-04 18:32 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Local\Skype 2014-02-04 18:31 - 2014-02-11 18:42 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-02-04 18:31 - 2014-02-11 18:42 - 00000000 ____D () C:\ProgramData\Skype 2014-02-04 18:31 - 2014-02-04 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-02 15:45 - 2014-02-02 15:47 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-02 15:45 - 2014-02-02 15:45 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-02 15:43 - 2014-02-16 22:30 - 00110176 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-02 13:23 - 2014-02-02 13:26 - 00000000 ____D () C:\Users\Admin\.JBinUp ==================== One Month Modified Files and Folders ======= 2014-03-04 18:07 - 2014-03-04 18:06 - 00024538 _____ () C:\Users\Marten\Downloads\FRST.txt 2014-03-04 18:06 - 2014-03-04 18:06 - 00000000 ____D () C:\FRST 2014-03-04 18:05 - 2014-03-04 18:05 - 02156544 _____ (Farbar) C:\Users\Marten\Downloads\FRST64.exe 2014-03-04 18:01 - 2013-12-27 23:03 - 00000000 ___RD () C:\Users\Marten\Dropbox 2014-03-04 18:01 - 2013-12-27 22:59 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Dropbox 2014-03-04 17:48 - 2013-08-12 20:55 - 00000000 ___RD () C:\Users\Marten\Google Drive 2014-03-04 17:47 - 2013-07-10 20:01 - 01100540 _____ () C:\Windows\WindowsUpdate.log 2014-03-04 17:43 - 2013-07-17 07:20 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\vlc 2014-03-04 17:30 - 2013-07-30 17:24 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Media Player Classic 2014-03-04 17:27 - 2013-07-25 16:14 - 00000000 ____D () C:\Users\Marten\AppData\Local\Deployment 2014-03-04 17:25 - 2013-08-12 20:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-04 17:24 - 2013-08-12 20:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-04 17:13 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-04 17:13 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-04 17:11 - 2013-09-24 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-04 17:08 - 2013-12-09 10:22 - 00001197 _____ () C:\Windows\SysWOW64\bscs.ini 2014-03-04 17:08 - 2013-10-02 17:29 - 00000000 ____D () C:\ProgramData\TorchCrashHandler 2014-03-04 17:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-04 17:07 - 2014-02-17 20:47 - 00002121 _____ () C:\Windows\setupact.log 2014-03-04 17:07 - 2014-02-17 20:46 - 00002558 _____ () C:\Windows\PFRO.log 2014-03-04 17:07 - 2013-09-16 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-04 16:49 - 2013-08-27 21:43 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000UA.job 2014-03-04 02:00 - 2013-09-19 18:42 - 00000000 ____D () C:\Users\Marten\AppData\Local\Adobe 2014-03-03 23:10 - 2014-03-03 22:39 - 00024088 _____ () C:\Users\Marten\AppData\Roaming\loadit.exe 2014-03-03 22:48 - 2013-08-27 21:43 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000Core.job 2014-03-03 22:39 - 2014-03-03 22:10 - 00004056 _____ () C:\Windows\RegBootClean64.CFG 2014-03-03 22:39 - 2013-07-10 20:53 - 00238128 _____ () C:\Windows\RegBootClean64.exe 2014-03-03 22:30 - 2014-03-03 22:30 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-03 22:29 - 2013-07-10 20:20 - 00000000 ____D () C:\Users\Admin 2014-03-03 22:28 - 2014-03-03 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marten\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-03 22:28 - 2014-01-12 11:52 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Usenet.nl 2014-03-03 22:21 - 2014-03-03 22:21 - 00035939 _____ () C:\Users\Marten\Downloads\torture (1).nzb 2014-03-03 22:15 - 2014-03-03 22:15 - 00023905 _____ () C:\Users\Marten\Downloads\torture.nzb 2014-03-03 22:10 - 2013-07-10 20:05 - 00000000 ___RD () C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-03 22:03 - 2013-03-12 20:24 - 00000000 ____D () C:\Windows\Panther 2014-03-03 21:58 - 2014-03-03 21:58 - 00017484 _____ () C:\Users\Marten\Downloads\Rape-and-Abuse-Movies-grope449.avi-104087kbytes.nzb 2014-03-03 21:57 - 2014-03-03 21:57 - 00024587 _____ () C:\Users\Marten\Downloads\Spontaneously raped his sister in the bathroom.rar.nzb 2014-03-03 21:50 - 2014-03-03 21:50 - 00023941 _____ () C:\Users\Marten\Downloads\Extreme Torture Tits Needles Torture 3.rar.nzb 2014-03-03 21:47 - 2014-03-03 21:47 - 00017335 _____ () C:\Users\Marten\Downloads\slave-c-Huge-needles-in-tits-then-hung-by-rope-of-them.rar.nzb 2014-03-03 21:16 - 2013-07-10 22:56 - 00000000 ____D () C:\Users\Marten\Documents\Outlook-Dateien 2014-03-02 21:54 - 2014-01-14 19:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-03-02 21:54 - 2013-07-10 22:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader v2.0 2014-03-02 19:58 - 2011-04-12 08:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat 2014-03-02 19:58 - 2011-04-12 08:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat 2014-03-02 19:58 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-02 19:54 - 2013-09-07 11:53 - 00000600 _____ () C:\Users\Marten\AppData\Roaming\winscp.rnd 2014-03-02 16:58 - 2013-08-12 18:56 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\MyPhoneExplorer 2014-03-02 14:44 - 2013-07-25 15:50 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\KeePass 2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin.epub 2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin (1).epub 2014-02-28 15:12 - 2014-02-28 15:12 - 00009326 _____ () C:\Users\Marten\Documents\Marten_KPdatabase.kdbx 2014-02-27 22:32 - 2014-02-27 22:32 - 02079423 _____ () C:\Users\Marten\Downloads\mplayerc_20100214.zip 2014-02-27 22:27 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Skype 2014-02-27 19:48 - 2014-02-27 19:48 - 03782822 _____ (DownloadHelper ) C:\Users\Marten\Downloads\ConvertHelperSetup.exe 2014-02-27 17:45 - 2013-09-13 11:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment 2014-02-27 03:22 - 2013-07-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-27 03:03 - 2013-03-12 20:39 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-26 21:26 - 2014-01-21 21:22 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Canon 2014-02-26 21:24 - 2013-07-10 20:05 - 00000000 ____D () C:\Users\Marten 2014-02-25 23:17 - 2014-02-25 23:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit 2014-02-24 23:33 - 2013-12-25 23:45 - 00000000 ____D () C:\Users\Marten\AppData\Local\bluesoleil 2014-02-24 23:14 - 2013-12-25 23:45 - 00006176 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-02-24 23:14 - 2013-12-25 23:45 - 00000101 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-02-23 18:53 - 2014-02-23 18:52 - 11360969 _____ () C:\Users\Marten\Downloads\neXt Launcher 3D v3.06 Patched.apk 2014-02-23 15:24 - 2014-02-23 15:24 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann (1).epub 2014-02-23 15:22 - 2014-02-23 15:21 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann.epub 2014-02-22 01:50 - 2014-02-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-21 23:41 - 2014-02-21 23:41 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\WaterProof 2014-02-21 23:37 - 2014-02-21 23:37 - 00000955 _____ () C:\Users\Admin\Desktop\PHPEdit 5.0.0.lnk 2014-02-21 20:12 - 2013-07-11 17:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 20:12 - 2013-07-11 17:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-21 17:45 - 2013-07-10 22:39 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\DAEMON Tools Lite 2014-02-21 14:15 - 2014-02-21 14:15 - 00006104 _____ () C:\Users\Marten\Downloads\Der_Turm_HD-b5fqopmrbl3sf.dlc 2014-02-18 23:27 - 2014-02-12 22:59 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-02-17 20:47 - 2014-02-17 20:47 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-16 22:36 - 2013-07-13 11:05 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner 2014-02-16 22:30 - 2014-02-02 15:43 - 00110176 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-16 22:28 - 2013-12-16 20:25 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro 2014-02-15 23:04 - 2013-07-15 18:39 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Spotify 2014-02-15 22:17 - 2013-07-15 18:40 - 00000000 ____D () C:\Users\Marten\AppData\Local\Spotify 2014-02-15 21:31 - 2014-02-15 21:30 - 00001127 _____ () C:\Users\Marten\Desktop\KPdatabase.lnk 2014-02-15 21:27 - 2014-02-15 21:26 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2 2014-02-15 21:26 - 2014-02-15 21:09 - 00001105 _____ () C:\Users\Admin\Desktop\KeePass 2.lnk 2014-02-15 21:08 - 2014-02-15 21:08 - 02537151 _____ (Dominik Reichl ) C:\Users\Marten\Downloads\KeePass-2.25-Setup.exe 2014-02-15 17:50 - 2013-11-10 15:14 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-02-15 17:50 - 2013-11-10 15:14 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-02-15 11:44 - 2014-02-15 11:44 - 04458384 _____ () C:\Users\Marten\Downloads\xirrus-wi-fi-monitor-win7gadgets-com.zip 2014-02-14 16:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-13 19:01 - 2013-07-11 17:56 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-02-13 18:21 - 2013-07-23 17:20 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\XnView 2014-02-13 04:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-13 03:28 - 2014-01-31 20:19 - 05036800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-13 03:10 - 2013-07-10 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-13 03:05 - 2009-07-14 03:34 - 00000551 _____ () C:\Windows\win.ini 2014-02-12 23:00 - 2013-07-13 12:29 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\TeamViewer 2014-02-12 22:59 - 2013-07-13 11:13 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-02-12 15:40 - 2014-01-17 23:12 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\tor 2014-02-11 23:38 - 2014-02-11 23:13 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Yfwaix 2014-02-11 23:16 - 2014-02-11 23:13 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Afadd 2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Mauton 2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Erxim 2014-02-11 22:22 - 2014-02-11 22:22 - 00000872 _____ () C:\Users\Marten\Desktop\Load.lnk 2014-02-11 18:42 - 2014-02-04 18:31 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-02-11 18:42 - 2014-02-04 18:31 - 00000000 ____D () C:\ProgramData\Skype 2014-02-11 18:06 - 2014-02-11 18:06 - 00127080 _____ (Spotify Ltd) C:\Users\Marten\Downloads\SpotifySetup.exe 2014-02-11 17:22 - 2014-02-11 17:20 - 13166565 _____ () C:\Users\Marten\Downloads\CandiSoft_Load!_0.7.4.rar 2014-02-08 21:44 - 2014-02-08 21:44 - 00001176 _____ () C:\7259909nbg3334n.dlc 2014-02-08 20:52 - 2013-09-07 15:27 - 00000000 ____D () C:\ProgramData\Package Cache 2014-02-08 20:51 - 2014-02-08 20:51 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-02-08 20:51 - 2013-09-07 15:28 - 00000000 ____D () C:\ProgramData\Garmin 2014-02-08 20:51 - 2013-09-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Garmin 2014-02-06 13:16 - 2014-02-13 03:03 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 13:11 - 2013-07-25 16:18 - 00000000 ____D () C:\ProgramData\PCDr 2014-02-06 13:11 - 2013-07-25 16:17 - 00000000 ____D () C:\Program Files\My Dell 2014-02-06 12:30 - 2014-02-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 12:30 - 2014-02-13 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 12:12 - 2014-02-13 03:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 12:07 - 2014-02-13 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 12:06 - 2014-02-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 11:57 - 2014-02-13 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 11:56 - 2014-02-13 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 11:52 - 2014-02-13 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 11:49 - 2014-02-13 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 11:48 - 2014-02-13 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 11:48 - 2014-02-13 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 11:38 - 2014-02-13 03:03 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-06 11:32 - 2014-02-13 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 11:20 - 2014-02-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-06 11:17 - 2014-02-13 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 11:11 - 2014-02-13 03:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 11:01 - 2014-02-13 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-06 11:00 - 2014-02-13 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-13 03:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-06 10:57 - 2014-02-13 03:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:52 - 2014-02-13 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-06 10:52 - 2014-02-13 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-06 10:50 - 2014-02-13 03:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:49 - 2014-02-13 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-06 10:47 - 2014-02-13 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-06 10:46 - 2014-02-13 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-06 10:25 - 2014-02-13 03:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-06 10:25 - 2014-02-13 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-06 10:24 - 2014-02-13 03:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 10:22 - 2014-02-13 03:03 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 10:13 - 2014-02-13 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-06 10:09 - 2014-02-13 03:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-06 10:03 - 2014-02-13 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-06 09:55 - 2014-02-13 03:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:41 - 2014-02-13 03:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-06 09:40 - 2014-02-13 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-06 09:36 - 2014-02-13 03:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-06 09:34 - 2014-02-13 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-05 16:21 - 2014-02-05 16:20 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-05 16:21 - 2013-07-10 22:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-04 22:42 - 2013-07-11 17:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-02-04 22:26 - 2013-12-31 16:39 - 00001734 _____ () C:\Windows\SysWOW64\SHORTCUT.INI 2014-02-04 22:23 - 2014-02-04 22:23 - 00000000 ____D () C:\Users\Marten\AppData\Local\BlueSoleil BLE 2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\RapidSolution 2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\CrashRpt 2014-02-04 21:34 - 2014-02-04 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt 2014-02-04 21:31 - 2014-02-04 21:31 - 00000000 ____D () C:\ProgramData\RapidSolution 2014-02-04 21:29 - 2014-02-04 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\RapidSolution 2014-02-04 19:09 - 2013-03-12 21:48 - 88567024 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-04 18:32 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Local\Skype 2014-02-04 18:31 - 2014-02-04 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-03 17:23 - 2013-07-10 20:05 - 00000000 ___RD () C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-03 16:50 - 2013-12-31 16:39 - 00000289 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI 2014-02-02 15:47 - 2014-02-02 15:45 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-02 15:45 - 2014-02-02 15:45 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-02 15:42 - 2013-07-11 19:38 - 00000000 ____D () C:\Users\Downloader 2014-02-02 13:26 - 2014-02-02 13:23 - 00000000 ____D () C:\Users\Admin\.JBinUp Files to move or delete: ==================== C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\ProgramData\PKP_DLeo.DAT C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT C:\Users\Marten\cnmss Canon MG4200 series Printer (Local).dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2014
Ran by Marten at 2014-03-04 18:08:08
Running from C:\Users\Marten\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Altap Salamander 2.52 (HKLM-x32\...\Altap Salamander 2.52) (Version: 2.52 - ALTAP)
BlueSoleil 10.0.470.0 (HKLM\...\{A2564C04-D65E-47FA-B611-128627C060C2}) (Version: 10.0.470.0 - IVT Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.6.2 - Dell)
Dell Mobile Broadband Utility (HKLM-x32\...\Dell Mobile Broadband Utility) (Version: 3.00.25.003 - Novatel Wireless)
Dell Mobile Broadband Utility (x32 Version: 3.00.25.003 - Novatel Wireless Inc.) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EasyGPS 4.93.0.0 (HKLM-x32\...\EasyGPS_is1) (Version: 4.93.0.0 - TopoGrafix)
Elevated Installer (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FlashFXP (HKLM-x32\...\FlashFXP) (Version: 4.3.1.1960 - OpenSight Software LLC)
Garmin Express (HKLM-x32\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth (HKLM-x32\...\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}) (Version: 7.0.2.8415 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D4C4A751-F7F3-4DCA-B825-9AC391BFFC3F}) (Version: 1.0.19.76 - Google)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
LeechFTP (HKLM-x32\...\LeechFTP) (Version: - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (x32 Version: 11.0.60830 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (x32 Version: 11.0.60830 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 7.0 - Heiko Schröder)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NfoDiz 6.0 Setup (HKLM-x32\...\NfoDiz 6.0 Setup) (Version: 6.0 - Cristian Zaharia)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
Nuance PDF Professional 6 (HKLM\...\{A39BDD06-3F65-43B7-8C85-28FDC6F0982C}) (Version: 6.00.6401 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9716 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.80.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7533 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 275.33 (Version: 275.33 - NVIDIA Corporation) Hidden
One-click FLAC to MP3 Converter (x64 add-on) (HKLM\...\{64DFC00F-2502-41AE-8E92-B6E7F10F9A62}) (Version: 4.3.0 - Streamware Development)
Opera Stable 19.0.1326.63 (HKCU\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Opera Stable 19.0.1326.63 (HKLM-x32\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Passware Kit Professional 12.3 (HKLM-x32\...\{FFFF4FFA-3CC9-4EC1-845A-8B24027820E3}) (Version: 12.3.6332 - Passware)
PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Photo to Cartoon (HKLM-x32\...\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}) (Version: 1.0.0 - Caricature Software)
PHPEdit 5.0.0 (HKLM-x32\...\PHPEdit) (Version: 5.0.0 - WaterProof SARL)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.14 - Nikon)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SigmaTel Audio (HKLM-x32\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)
UnLock Root Pro 4.12 (HKLM-x32\...\UnLock Root Pro) (Version: 4.12 - Unlcokroot)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - )
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.1 - Nikon)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX Free WMV to AVI Converter 2.0.5 (HKLM-x32\...\WinX Free WMV to AVI Converter_is1) (Version: - Digiarty Software,Inc.)
Wireshark 1.10.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.3 - The Wireshark developer community, hxxp://www.wireshark.org)
XMedia Recode Version 3.1.6.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.9 - XMedia Recode)
XnView 2.04 (HKLM-x32\...\XnView_is1) (Version: 2.04 - Gougelet Pierre-e)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-02-08 12:09 - 00001414 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.retdube.net
127.0.0.1 www.retdube.com
127.0.0.1 retdube.net
127.0.0.1 retdube.com
127.0.0.1 movfile.net
127.0.0.1 trafficholder.com
127.0.0.1 www.trafficholder.com
127.0.0.1 www.pornup.me
127.0.0.1 optimizely.com
127.0.0.1 yieldlab.net
127.0.0.1 doubleclick.net
127.0.0.1 wunderloop.net
127.0.0.1 plista.com
127.0.0.1 chartbeat.com
127.0.0.1 ligatus.com
127.0.0.1 xing-share.com
127.0.0.1 agitos.de
127.0.0.1 cloudfront.net
127.0.0.1 nuggad.com
127.0.0.1 intellitxt.com
127.0.0.1 webtrekk.net
127.0.0.1 krxd.net
127.0.0.1 llnwd.net
127.0.0.1 adition.com
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000Core.job => C:\Users\Marten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000UA.job => C:\Users\Marten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2013-07-10 20:43 - 2012-05-02 20:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2013-07-10 20:43 - 2012-05-02 20:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2014-03-03 21:55 - 2014-03-02 23:56 - 81646269 _____ () C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\ Extreme Torture Tits Needles Torture 3.exe
2013-12-04 18:19 - 2013-12-04 18:19 - 00022016 _____ () C:\Windows\system32\BsTrace.dll
2013-07-26 07:58 - 2011-10-26 16:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2009-09-15 02:56 - 2009-09-15 02:56 - 00167936 _____ () D:\Program Files (x86)\File Renamer Turbo\shell.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:8E55808C
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2014 05:29:54 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3920700807-174084792-717808922-1000}/">.
Error: (03/04/2014 05:28:17 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7d0
Startzeit: 01cf37c6554fab27
Endzeit: 140
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: f84f68f8-a3b9-11e3-923b-001c23543895
Error: (03/04/2014 05:09:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 04:49:58 PM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2014 01:49:58 PM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2014 10:50:18 AM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2014 07:50:21 AM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2014 04:52:13 AM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2
Error: (03/04/2014 00:31:09 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (03/04/2014 00:31:09 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
System errors:
=============
Error: (03/03/2014 09:21:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Samsung AllShare PC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/03/2014 09:21:41 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Samsung AllShare PC erreicht.
Error: (02/26/2014 07:53:12 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (02/26/2014 07:53:11 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (02/26/2014 07:53:10 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (02/26/2014 06:05:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (02/26/2014 06:05:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (02/26/2014 06:05:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (02/25/2014 04:44:53 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error: (02/25/2014 04:44:53 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Microsoft Office Sessions:
=========================
Error: (03/04/2014 05:29:54 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3920700807-174084792-717808922-1000}/
Error: (03/04/2014 05:28:17 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175677d001cf37c6554fab27140C:\Windows\Explorer.EXEf84f68f8-a3b9-11e3-923b-001c23543895
Error: (03/04/2014 05:09:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 04:49:58 PM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2014 01:49:58 PM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2014 10:50:18 AM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2014 07:50:21 AM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2014 04:52:13 AM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2
Error: (03/04/2014 00:31:09 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ivt corporation\bluesoleil\MAP_BsSMSEditor.exe
Error: (03/04/2014 00:31:09 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ivt corporation\bluesoleil\BsSMSEditor.exe
CodeIntegrity Errors:
===================================
Date: 2014-02-24 18:27:41.263
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\daa31c31e88b2dd22a0fa0\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-12 07:24:31.364
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-12 07:19:02.060
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-12 07:08:11.436
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-12 07:01:51.976
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-12 06:56:19.427
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-12 06:50:09.175
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-12 06:00:46.418
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-12 05:21:15.246
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-11 18:06:23.391
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 4093.96 MB
Available physical RAM: 1832.55 MB
Total Pagefile: 8186.1 MB
Available Pagefile: 5478.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:102.17 GB) (Free:48.97 GB) NTFS
Drive d: (Laufwerk) (Fixed) (Total:363.49 GB) (Free:201.9 GB) NTFS
Drive g: (WIN7) (CDROM) (Total:4 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
04.03.2014, 18:37
| #2 |
| /// the machine /// TB-Ausbilder    | loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt Hi,
__________________FRST bitte nochmal. Unsere Tools brauchen immer Adminrechte.
__________________ |
|
04.03.2014, 18:51
| #3 |
| | loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt Als Admin ausgeführt, ok so?
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014 Ran by Admin (administrator) on DRACONIS7 on 04-03-2014 18:50:32 Running from C:\Users\Marten\Downloads Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe (Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TorchMedia Inc.) C:\Users\Admin\AppData\Local\Torch\Update\TorchCrashHandler.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (Spotify Ltd) C:\Users\Marten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Dell) C:\Users\Marten\AppData\Local\Apps\2.0\NK0CTZP8.AGW\6OK15EXD.KCA\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\ Extreme Torture Tits Needles Torture 3.exe (Dropbox, Inc.) C:\Users\Marten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Facebook) C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\system32\SnippingTool.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.) HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.) HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [326760 2011-05-21] (NVIDIA Corporation) HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1692264 2011-05-05] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe [2080768 2009-08-23] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF6 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-07-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Nuance PDF Professional 6-reminder] - C:\Program Files (x86)\Nuance\PDF Professional 6\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [451072 2013-12-05] (IVT Corporation) HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM\...\RunOnce: [DCERegBootClean64] - C:\Windows\RegBootClean64.exe [238128 2014-03-03] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [Spotify Web Helper] - C:\Users\Marten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-11] (Spotify Ltd) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [DellSystemDetect] - C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [Facebook Update] - C:\Users\Marten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-27] (Facebook Inc.) HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {4ccf2fc1-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {4ccf3001-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {780920ab-3310-11e3-b9e8-001c23543895} - H:\AutoRun.exe HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {8d9320ec-e995-11e2-a37c-001c2301c021} - G:\setup.exe HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [DellSystemDetect] - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6087448 2014-01-21] (Piriform Ltd) HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\MountPoints2: {4ccf2fc1-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\MountPoints2: {4ccf3001-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\MountPoints2: {8d9320ec-e995-11e2-a37c-001c2301c021} - G:\setup.exe Lsa: [Notification Packages] scecli IVTCredentialProvider Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk ShortcutTarget: AutoStarter.lnk -> C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\ Extreme Torture Tits Needles Torture 3.exe () Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MG4200 series Printer.lnk ShortcutTarget: Canon IJ Status Monitor Canon MG4200 series Printer.lnk -> C:\Users\Marten\CNMSSC~1.DLL,SMStarterEntryPoint CNBJNP_180CACF31932;Canon MG4200 series Printer;cnmss Canon MG4200 series Printer (Local).dll;Canon IJ Status Monitor Canon MG4200 series Printer.lnk (No File) Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Marten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x67E81BD1A27DCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{43984D79-143C-4611-A099-09FB894FA2AE}: [NameServer]85.214.20.141,213.73.91.35 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ef7zloa1.default FF Homepage: hxxp://www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Garmin Communicator - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ef7zloa1.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-12-14] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ef7zloa1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-10] FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-04] FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-04] FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-07-10] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [] FF HKLM-x32\...\Firefox\Extensions: [isend@www.bluesoleil.com] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com FF Extension: BlueSoleil Extension - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com [2013-12-25] FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked FF Extension: PHPEdit Xdebug Extension - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked [2014-02-21] FF HKCU\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked FF Extension: PHPEdit Xdebug Extension - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked [2014-02-21] Chrome: ======= CHR Extension: (TrendMicro BEP Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-11-30] CHR Extension: (TrendMicro Toolbar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj [2013-11-30] CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30] CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08] CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2013-12-04] CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08] CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx [2013-07-10] ==================== Services (Whitelisted) ================= R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3214216 2013-12-06] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2013-12-05] (IVT Corporation) R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [266752 2013-12-04] (IVT Corporation) S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] () S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.) R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) R2 TorchCrashHandler; C:\Users\Admin\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205760 2013-12-21] (TorchMedia Inc.) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X] ==================== Drivers (Whitelisted) ==================== S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation) S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation) S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.) S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43104 2013-10-10] (IVT Corporation.) R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-10] (DT Soft Ltd) R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.) R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25568 2013-04-26] (IVT Corporation.) R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.) R1 NvtSp50; C:\Windows\System32\DRIVERS\NvtSp50.sys [27648 2008-06-10] (Printing Novatel Wireless Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.) S3 athr; system32\DRIVERS\athrx.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-04 18:18 - 2014-03-04 18:18 - 00110176 _____ () C:\Users\Marten\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-04 18:08 - 2014-03-04 18:08 - 00045931 _____ () C:\Users\Marten\Downloads\Addition.txt 2014-03-04 18:06 - 2014-03-04 18:50 - 00026640 _____ () C:\Users\Marten\Downloads\FRST.txt 2014-03-04 18:06 - 2014-03-04 18:50 - 00000000 ____D () C:\FRST 2014-03-04 18:05 - 2014-03-04 18:05 - 02156544 _____ (Farbar) C:\Users\Marten\Downloads\FRST64.exe 2014-03-03 22:39 - 2014-03-04 18:17 - 00024089 _____ () C:\Users\Marten\AppData\Roaming\loadit.exe 2014-03-03 22:30 - 2014-03-03 22:30 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-03 22:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-03 22:28 - 2014-03-03 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marten\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-03 22:21 - 2014-03-03 22:21 - 00035939 _____ () C:\Users\Marten\Downloads\torture (1).nzb 2014-03-03 22:15 - 2014-03-03 22:15 - 00023905 _____ () C:\Users\Marten\Downloads\torture.nzb 2014-03-03 22:11 - 2014-03-03 22:11 - 00003062 _____ () C:\Windows\System32\Tasks\{C6524D39-E9B8-48CB-A29C-BE2DB6DD7229} 2014-03-03 22:10 - 2014-03-03 22:39 - 00004056 _____ () C:\Windows\RegBootClean64.CFG 2014-03-03 21:58 - 2014-03-03 21:58 - 00017484 _____ () C:\Users\Marten\Downloads\Rape-and-Abuse-Movies-grope449.avi-104087kbytes.nzb 2014-03-03 21:57 - 2014-03-03 21:57 - 00024587 _____ () C:\Users\Marten\Downloads\Spontaneously raped his sister in the bathroom.rar.nzb 2014-03-03 21:50 - 2014-03-03 21:50 - 00023941 _____ () C:\Users\Marten\Downloads\Extreme Torture Tits Needles Torture 3.rar.nzb 2014-03-03 21:47 - 2014-03-03 21:47 - 00017335 _____ () C:\Users\Marten\Downloads\slave-c-Huge-needles-in-tits-then-hung-by-rope-of-them.rar.nzb 2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin.epub 2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin (1).epub 2014-02-28 15:12 - 2014-02-28 15:12 - 00009326 _____ () C:\Users\Marten\Documents\Marten_KPdatabase.kdbx 2014-02-27 22:32 - 2014-02-27 22:32 - 02079423 _____ () C:\Users\Marten\Downloads\mplayerc_20100214.zip 2014-02-27 19:48 - 2014-02-27 19:48 - 03782822 _____ (DownloadHelper ) C:\Users\Marten\Downloads\ConvertHelperSetup.exe 2014-02-26 21:24 - 2012-03-26 05:00 - 00105472 _____ (CANON INC.) C:\Users\Marten\cnmss Canon MG4200 series Printer (Local).dll 2014-02-25 23:17 - 2014-02-25 23:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit 2014-02-23 18:52 - 2014-02-23 18:53 - 11360969 _____ () C:\Users\Marten\Downloads\neXt Launcher 3D v3.06 Patched.apk 2014-02-23 15:24 - 2014-02-23 15:24 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann (1).epub 2014-02-23 15:21 - 2014-02-23 15:22 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann.epub 2014-02-22 01:50 - 2014-02-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-21 23:41 - 2014-02-21 23:41 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\WaterProof 2014-02-21 23:37 - 2014-02-21 23:37 - 00000955 _____ () C:\Users\Admin\Desktop\PHPEdit 5.0.0.lnk 2014-02-21 14:15 - 2014-02-21 14:15 - 00006104 _____ () C:\Users\Marten\Downloads\Der_Turm_HD-b5fqopmrbl3sf.dlc 2014-02-17 20:47 - 2014-03-04 17:07 - 00002121 _____ () C:\Windows\setupact.log 2014-02-17 20:47 - 2014-02-17 20:47 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-17 20:46 - 2014-03-04 17:07 - 00002558 _____ () C:\Windows\PFRO.log 2014-02-15 21:30 - 2014-02-15 21:31 - 00001127 _____ () C:\Users\Marten\Desktop\KPdatabase.lnk 2014-02-15 21:26 - 2014-02-15 21:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2 2014-02-15 21:09 - 2014-02-15 21:26 - 00001105 _____ () C:\Users\Admin\Desktop\KeePass 2.lnk 2014-02-15 21:08 - 2014-02-15 21:08 - 02537151 _____ (Dominik Reichl ) C:\Users\Marten\Downloads\KeePass-2.25-Setup.exe 2014-02-15 11:44 - 2014-02-15 11:44 - 04458384 _____ () C:\Users\Marten\Downloads\xirrus-wi-fi-monitor-win7gadgets-com.zip 2014-02-13 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 03:03 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 03:03 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 03:03 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-13 03:03 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 03:03 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-13 03:03 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-13 03:03 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 03:03 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-13 03:03 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 03:03 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 03:03 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-13 03:03 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-13 03:03 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 03:03 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-13 03:03 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 03:03 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-13 03:03 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 03:03 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-13 03:03 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-13 03:03 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 03:03 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 03:03 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 03:03 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-13 03:03 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 03:03 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 03:03 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 03:03 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-13 03:03 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 03:03 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-13 03:03 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 03:03 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 03:03 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 03:03 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 03:03 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-13 03:03 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 03:03 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 03:03 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-13 03:03 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 03:03 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-12 22:59 - 2014-02-18 23:27 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-02-12 15:57 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 15:57 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 15:21 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 15:21 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 15:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 15:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 14:50 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 14:50 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 14:50 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 14:50 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 14:50 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 14:50 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 14:50 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 14:50 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 14:50 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 14:50 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 14:50 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 14:50 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 14:50 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 14:50 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 14:50 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 14:50 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 14:50 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 14:50 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 12:57 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 12:57 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 12:57 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 12:57 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Mauton 2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Erxim 2014-02-11 23:13 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Yfwaix 2014-02-11 23:13 - 2014-02-11 23:16 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Afadd 2014-02-11 22:22 - 2014-02-11 22:22 - 00000872 _____ () C:\Users\Marten\Desktop\Load.lnk 2014-02-11 18:06 - 2014-02-11 18:06 - 00127080 _____ (Spotify Ltd) C:\Users\Marten\Downloads\SpotifySetup.exe 2014-02-11 17:20 - 2014-02-11 17:22 - 13166565 _____ () C:\Users\Marten\Downloads\CandiSoft_Load!_0.7.4.rar 2014-02-08 21:44 - 2014-02-08 21:44 - 00001176 _____ () C:\7259909nbg3334n.dlc 2014-02-08 20:51 - 2014-02-08 20:51 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-02-05 16:21 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-05 16:21 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-02-05 16:21 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-02-05 16:21 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-02-05 16:20 - 2014-02-05 16:21 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-04 22:23 - 2014-02-04 22:23 - 00000000 ____D () C:\Users\Marten\AppData\Local\BlueSoleil BLE 2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\RapidSolution 2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\CrashRpt 2014-02-04 21:34 - 2014-02-04 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt 2014-02-04 21:31 - 2014-02-04 21:31 - 00000000 ____D () C:\ProgramData\RapidSolution 2014-02-04 21:29 - 2014-02-04 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\RapidSolution 2014-02-04 18:32 - 2014-02-27 22:27 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Skype 2014-02-04 18:32 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Local\Skype 2014-02-04 18:31 - 2014-02-11 18:42 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-02-04 18:31 - 2014-02-11 18:42 - 00000000 ____D () C:\ProgramData\Skype 2014-02-04 18:31 - 2014-02-04 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-02 15:45 - 2014-02-02 15:47 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-02 15:45 - 2014-02-02 15:45 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-02-02 15:45 - 2014-02-02 15:45 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-02 15:43 - 2014-02-16 22:30 - 00110176 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-02 13:23 - 2014-02-02 13:26 - 00000000 ____D () C:\Users\Admin\.JBinUp ==================== One Month Modified Files and Folders ======= 2014-03-04 18:50 - 2014-03-04 18:06 - 00026640 _____ () C:\Users\Marten\Downloads\FRST.txt 2014-03-04 18:50 - 2014-03-04 18:06 - 00000000 ____D () C:\FRST 2014-03-04 18:27 - 2013-08-12 20:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-04 18:18 - 2014-03-04 18:18 - 00110176 _____ () C:\Users\Marten\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-04 18:17 - 2014-03-03 22:39 - 00024089 _____ () C:\Users\Marten\AppData\Roaming\loadit.exe 2014-03-04 18:11 - 2013-09-24 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-04 18:09 - 2013-07-10 22:56 - 00000000 ____D () C:\Users\Marten\Documents\Outlook-Dateien 2014-03-04 18:08 - 2014-03-04 18:08 - 00045931 _____ () C:\Users\Marten\Downloads\Addition.txt 2014-03-04 18:05 - 2014-03-04 18:05 - 02156544 _____ (Farbar) C:\Users\Marten\Downloads\FRST64.exe 2014-03-04 18:01 - 2013-12-27 23:03 - 00000000 ___RD () C:\Users\Marten\Dropbox 2014-03-04 18:01 - 2013-12-27 22:59 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Dropbox 2014-03-04 17:48 - 2013-08-12 20:55 - 00000000 ___RD () C:\Users\Marten\Google Drive 2014-03-04 17:47 - 2013-07-10 20:01 - 01100635 _____ () C:\Windows\WindowsUpdate.log 2014-03-04 17:43 - 2013-07-17 07:20 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\vlc 2014-03-04 17:30 - 2013-07-30 17:24 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Media Player Classic 2014-03-04 17:27 - 2013-07-25 16:14 - 00000000 ____D () C:\Users\Marten\AppData\Local\Deployment 2014-03-04 17:25 - 2013-08-12 20:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-04 17:13 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-04 17:13 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-04 17:08 - 2013-12-09 10:22 - 00001197 _____ () C:\Windows\SysWOW64\bscs.ini 2014-03-04 17:08 - 2013-10-02 17:29 - 00000000 ____D () C:\ProgramData\TorchCrashHandler 2014-03-04 17:08 - 2013-08-07 15:12 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS 2014-03-04 17:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-04 17:07 - 2014-02-17 20:47 - 00002121 _____ () C:\Windows\setupact.log 2014-03-04 17:07 - 2014-02-17 20:46 - 00002558 _____ () C:\Windows\PFRO.log 2014-03-04 17:07 - 2013-09-16 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-04 16:49 - 2013-08-27 21:43 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000UA.job 2014-03-04 02:00 - 2013-09-19 18:42 - 00000000 ____D () C:\Users\Marten\AppData\Local\Adobe 2014-03-03 22:48 - 2013-08-27 21:43 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000Core.job 2014-03-03 22:39 - 2014-03-03 22:10 - 00004056 _____ () C:\Windows\RegBootClean64.CFG 2014-03-03 22:39 - 2013-07-10 20:53 - 00238128 _____ () C:\Windows\RegBootClean64.exe 2014-03-03 22:30 - 2014-03-03 22:30 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-03 22:29 - 2013-07-10 20:20 - 00000000 ____D () C:\Users\Admin 2014-03-03 22:28 - 2014-03-03 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marten\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-03 22:28 - 2014-01-12 11:52 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Usenet.nl 2014-03-03 22:21 - 2014-03-03 22:21 - 00035939 _____ () C:\Users\Marten\Downloads\torture (1).nzb 2014-03-03 22:15 - 2014-03-03 22:15 - 00023905 _____ () C:\Users\Marten\Downloads\torture.nzb 2014-03-03 22:11 - 2014-03-03 22:11 - 00003062 _____ () C:\Windows\System32\Tasks\{C6524D39-E9B8-48CB-A29C-BE2DB6DD7229} 2014-03-03 22:10 - 2013-07-10 20:05 - 00000000 ___RD () C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-03 22:03 - 2013-03-12 20:24 - 00000000 ____D () C:\Windows\Panther 2014-03-03 21:58 - 2014-03-03 21:58 - 00017484 _____ () C:\Users\Marten\Downloads\Rape-and-Abuse-Movies-grope449.avi-104087kbytes.nzb 2014-03-03 21:57 - 2014-03-03 21:57 - 00024587 _____ () C:\Users\Marten\Downloads\Spontaneously raped his sister in the bathroom.rar.nzb 2014-03-03 21:50 - 2014-03-03 21:50 - 00023941 _____ () C:\Users\Marten\Downloads\Extreme Torture Tits Needles Torture 3.rar.nzb 2014-03-03 21:47 - 2014-03-03 21:47 - 00017335 _____ () C:\Users\Marten\Downloads\slave-c-Huge-needles-in-tits-then-hung-by-rope-of-them.rar.nzb 2014-03-02 21:54 - 2014-01-14 19:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-03-02 21:54 - 2013-07-10 22:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader v2.0 2014-03-02 19:58 - 2011-04-12 08:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat 2014-03-02 19:58 - 2011-04-12 08:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat 2014-03-02 19:58 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-02 19:54 - 2013-09-07 11:53 - 00000600 _____ () C:\Users\Marten\AppData\Roaming\winscp.rnd 2014-03-02 16:58 - 2013-08-12 18:56 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\MyPhoneExplorer 2014-03-02 14:44 - 2013-07-25 15:50 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\KeePass 2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin.epub 2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin (1).epub 2014-02-28 15:12 - 2014-02-28 15:12 - 00009326 _____ () C:\Users\Marten\Documents\Marten_KPdatabase.kdbx 2014-02-27 22:32 - 2014-02-27 22:32 - 02079423 _____ () C:\Users\Marten\Downloads\mplayerc_20100214.zip 2014-02-27 22:27 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Skype 2014-02-27 19:48 - 2014-02-27 19:48 - 03782822 _____ (DownloadHelper ) C:\Users\Marten\Downloads\ConvertHelperSetup.exe 2014-02-27 17:45 - 2013-09-13 11:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment 2014-02-27 03:22 - 2013-07-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-27 03:03 - 2013-03-12 20:39 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-26 21:26 - 2014-01-21 21:22 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Canon 2014-02-26 21:24 - 2013-07-10 20:05 - 00000000 ____D () C:\Users\Marten 2014-02-25 23:17 - 2014-02-25 23:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit 2014-02-24 23:33 - 2013-12-25 23:45 - 00000000 ____D () C:\Users\Marten\AppData\Local\bluesoleil 2014-02-24 23:14 - 2013-12-25 23:45 - 00006176 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-02-24 23:14 - 2013-12-25 23:45 - 00000101 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-02-23 18:53 - 2014-02-23 18:52 - 11360969 _____ () C:\Users\Marten\Downloads\neXt Launcher 3D v3.06 Patched.apk 2014-02-23 15:24 - 2014-02-23 15:24 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann (1).epub 2014-02-23 15:22 - 2014-02-23 15:21 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann.epub 2014-02-22 01:50 - 2014-02-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-21 23:41 - 2014-02-21 23:41 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\WaterProof 2014-02-21 23:37 - 2014-02-21 23:37 - 00000955 _____ () C:\Users\Admin\Desktop\PHPEdit 5.0.0.lnk 2014-02-21 20:13 - 2013-09-24 22:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-21 20:12 - 2013-07-11 17:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 20:12 - 2013-07-11 17:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-21 17:45 - 2013-07-10 22:39 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\DAEMON Tools Lite 2014-02-21 14:15 - 2014-02-21 14:15 - 00006104 _____ () C:\Users\Marten\Downloads\Der_Turm_HD-b5fqopmrbl3sf.dlc 2014-02-18 23:27 - 2014-02-12 22:59 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-02-17 20:47 - 2014-02-17 20:47 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-16 22:36 - 2013-07-13 11:05 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner 2014-02-16 22:30 - 2014-02-02 15:43 - 00110176 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-16 22:28 - 2013-12-16 20:25 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro 2014-02-15 23:04 - 2013-07-15 18:39 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Spotify 2014-02-15 22:17 - 2013-07-15 18:40 - 00000000 ____D () C:\Users\Marten\AppData\Local\Spotify 2014-02-15 21:31 - 2014-02-15 21:30 - 00001127 _____ () C:\Users\Marten\Desktop\KPdatabase.lnk 2014-02-15 21:27 - 2014-02-15 21:26 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2 2014-02-15 21:26 - 2014-02-15 21:09 - 00001105 _____ () C:\Users\Admin\Desktop\KeePass 2.lnk 2014-02-15 21:08 - 2014-02-15 21:08 - 02537151 _____ (Dominik Reichl ) C:\Users\Marten\Downloads\KeePass-2.25-Setup.exe 2014-02-15 17:50 - 2013-11-10 15:14 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-02-15 17:50 - 2013-11-10 15:14 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-02-15 11:44 - 2014-02-15 11:44 - 04458384 _____ () C:\Users\Marten\Downloads\xirrus-wi-fi-monitor-win7gadgets-com.zip 2014-02-14 16:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-13 19:01 - 2013-07-11 17:56 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-02-13 18:21 - 2013-07-23 17:20 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\XnView 2014-02-13 07:16 - 2013-08-12 20:52 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-13 07:16 - 2013-08-12 20:52 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-13 04:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-13 03:28 - 2014-01-31 20:19 - 05036800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-13 03:10 - 2013-07-10 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-13 03:05 - 2009-07-14 03:34 - 00000551 _____ () C:\Windows\win.ini 2014-02-12 23:00 - 2013-07-13 12:29 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\TeamViewer 2014-02-12 22:59 - 2013-07-13 11:13 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-02-12 15:40 - 2014-01-17 23:12 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\tor 2014-02-11 23:38 - 2014-02-11 23:13 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Yfwaix 2014-02-11 23:16 - 2014-02-11 23:13 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Afadd 2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Mauton 2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Erxim 2014-02-11 22:22 - 2014-02-11 22:22 - 00000872 _____ () C:\Users\Marten\Desktop\Load.lnk 2014-02-11 18:42 - 2014-02-04 18:31 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-02-11 18:42 - 2014-02-04 18:31 - 00000000 ____D () C:\ProgramData\Skype 2014-02-11 18:06 - 2014-02-11 18:06 - 00127080 _____ (Spotify Ltd) C:\Users\Marten\Downloads\SpotifySetup.exe 2014-02-11 17:22 - 2014-02-11 17:20 - 13166565 _____ () C:\Users\Marten\Downloads\CandiSoft_Load!_0.7.4.rar 2014-02-08 21:44 - 2014-02-08 21:44 - 00001176 _____ () C:\7259909nbg3334n.dlc 2014-02-08 20:52 - 2013-09-07 15:27 - 00000000 ____D () C:\ProgramData\Package Cache 2014-02-08 20:51 - 2014-02-08 20:51 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-02-08 20:51 - 2013-09-07 15:28 - 00000000 ____D () C:\ProgramData\Garmin 2014-02-08 20:51 - 2013-09-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Garmin 2014-02-06 13:16 - 2014-02-13 03:03 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 13:11 - 2013-07-25 16:18 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-02-06 13:11 - 2013-07-25 16:18 - 00000000 ____D () C:\ProgramData\PCDr 2014-02-06 13:11 - 2013-07-25 16:17 - 00000000 ____D () C:\Program Files\My Dell 2014-02-06 12:30 - 2014-02-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 12:30 - 2014-02-13 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 12:12 - 2014-02-13 03:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 12:07 - 2014-02-13 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 12:06 - 2014-02-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 11:57 - 2014-02-13 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 11:56 - 2014-02-13 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 11:52 - 2014-02-13 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 11:49 - 2014-02-13 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 11:48 - 2014-02-13 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 11:48 - 2014-02-13 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 11:38 - 2014-02-13 03:03 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-06 11:32 - 2014-02-13 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 11:20 - 2014-02-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-06 11:17 - 2014-02-13 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 11:11 - 2014-02-13 03:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 11:01 - 2014-02-13 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-06 11:00 - 2014-02-13 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-13 03:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-06 10:57 - 2014-02-13 03:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:52 - 2014-02-13 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-06 10:52 - 2014-02-13 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-06 10:50 - 2014-02-13 03:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:49 - 2014-02-13 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-06 10:47 - 2014-02-13 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-06 10:46 - 2014-02-13 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-06 10:25 - 2014-02-13 03:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-06 10:25 - 2014-02-13 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-06 10:24 - 2014-02-13 03:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 10:22 - 2014-02-13 03:03 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 10:13 - 2014-02-13 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-06 10:09 - 2014-02-13 03:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-06 10:03 - 2014-02-13 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-06 09:55 - 2014-02-13 03:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:41 - 2014-02-13 03:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-06 09:40 - 2014-02-13 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-06 09:36 - 2014-02-13 03:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-06 09:34 - 2014-02-13 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-05 16:21 - 2014-02-05 16:20 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-05 16:21 - 2013-07-10 22:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-04 22:42 - 2013-07-11 17:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-02-04 22:26 - 2013-12-31 16:39 - 00001734 _____ () C:\Windows\SysWOW64\SHORTCUT.INI 2014-02-04 22:23 - 2014-02-04 22:23 - 00000000 ____D () C:\Users\Marten\AppData\Local\BlueSoleil BLE 2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\RapidSolution 2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\CrashRpt 2014-02-04 21:34 - 2014-02-04 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt 2014-02-04 21:31 - 2014-02-04 21:31 - 00000000 ____D () C:\ProgramData\RapidSolution 2014-02-04 21:29 - 2014-02-04 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\RapidSolution 2014-02-04 19:09 - 2013-03-12 21:48 - 88567024 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-04 18:32 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Local\Skype 2014-02-04 18:31 - 2014-02-04 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-03 17:23 - 2013-07-10 20:05 - 00000000 ___RD () C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-03 16:50 - 2013-12-31 16:39 - 00000289 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI 2014-02-02 15:47 - 2014-02-02 15:45 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-02 15:45 - 2014-02-02 15:45 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-02-02 15:45 - 2014-02-02 15:45 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-02 15:42 - 2013-07-11 19:38 - 00000000 ____D () C:\Users\Downloader 2014-02-02 13:26 - 2014-02-02 13:23 - 00000000 ____D () C:\Users\Admin\.JBinUp Files to move or delete: ==================== C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\PKP_DLeo.DAT C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT C:\Users\Marten\cnmss Canon MG4200 series Printer (Local).dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-28 15:30 ==================== End Of Log ============================ |
|
05.03.2014, 16:43
| #4 |
| /// the machine /// TB-Ausbilder | loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt Ja  Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.03.2014, 22:19
| #5 |
| | loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt Fehler gefunden, war keine Infektion... eine self-extract datei hatte sich beim auspacken irgendwie verheddert. Als Admin den Prozess gestoppt, Datei gelöscht  , alles gut!Vielen Dank für Eure Mühe!  Gruß \/essel |
|
06.03.2014, 19:45
| #6 |
| /// the machine /// TB-Ausbilder | loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt ok
__________________ --> loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt |
|
| Themen zu loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt |
| 4d36e972-e325-11ce-bfc1-08002be10318, canon, converter, cyberghost, defender, error, excel, failed, fehler, flash player, frage, google, inkompatibel, kein fund, lightning, loadit.exe, malware, malware / spyware / system care, monitor, mozilla, mp3, programm, realtek, registry, rundll, scan, security, services.exe, software, spotify web helper, starten, svchost.exe, system, teredo, usb, vista |
WARNUNG an die MITLESER: 
Linear-Darstellung
