|
Plagegeister aller Art und deren Bekämpfung: Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.05.2014, 15:33 | #1 |
| Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Hallo, ich nutze Win7 64bit Home Edition Virensoftware ist Zonealarm und als Malewareschutz SuperAntispyware(free edition) seit einigen Tagen findet Zonealarm immer wieder folgende Maleware Trojan.Win32.Vague.cg in C:\Windows\Temp\41560_updater.exe Der Fehler wird mir in Zonealarm immer als behoben angezeigt und die Datei befindet sich in Quarantäne, leider lässt sich diese Malware nicht endgültig löschen sondern taucht nach jedem neustart wieder auf. Kann mir jemand sagen wie ich das endgültig entfernen kann, möchte wenn möglich ein Neuaufsetzen des Systems vermeiden. |
20.05.2014, 15:34 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
20.05.2014, 16:56 | #3 |
| Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Hallo Cosinus
__________________ausser dem ZOnealarm VIrenscanner schlägt ncihts an, ich hab schon zig Malewarescanner ausprobiert die kostenfreien Superspyware, SpyBot etc. finden aber nichts. ältere logs habe ich leider nicht bzw finde sie nicht :-( FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Sascha (ATTENTION: The logged in user is not administrator) on SCHUSSEL on 20-05-2014 16:43:56 Running from C:\Users\Sascha\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (DAZ 3D, Inc) C:\DAZ 3D\DAZStudio3\DAZStudio.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73984 2013-01-02] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3344588163-4229223017-3211320431-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot HKU\S-1-5-21-3344588163-4229223017-3211320431-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray HKU\S-1-5-21-3344588163-4229223017-3211320431-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 SearchScopes: HKCU - DefaultScope {C454681D-3332-41BD-A463-285910563C27} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275 SearchScopes: HKCU - {C454681D-3332-41BD-A463-285910563C27} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: TubeSaver-1 - {11111111-1111-1111-1111-110411151160} - C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-bho64.dll (YTSsaver) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: No Name - {11111111-1111-1111-1111-110411151160} - No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\j327c08o.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.99 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: TubeSaver-1 - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\j327c08o.default\Extensions\951bb5c8-a6ed-4af6-a53c-1d3eec03d6dd@b61ef5da-5b52-4500-a9b4-273eca044964.com [2014-05-20] FF Extension: German Dictionary - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\j327c08o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-05-20] FF Extension: United States English Spellchecker - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\j327c08o.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-05-18] FF Extension: DVDVideoSoft Menu - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\j327c08o.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010-05-22] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-05-26] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011-11-20] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-01-24] FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5 [2013-01-12] FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5 [2013-01-12] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) S3 DAUpdaterSvc; D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare) S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-26] () S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2448032 2013-01-02] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin) R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [43888 2008-02-22] (Roxio) R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41712 2008-02-22] (Roxio) R1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15864 2007-02-08] (Roxio) R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10096 2008-02-22] (Roxio) R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141296 2008-02-22] (Roxio) R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33904 2008-02-22] (Roxio) R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [17776 2008-02-22] (Roxio) R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39160 2007-02-08] (Roxio) R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136816 2008-02-22] (Roxio) R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [142832 2008-02-22] (Roxio) R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions) R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2007-02-09] (Roxio) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] () S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 TBPanel; No ImagePath R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-20 16:43 - 2014-05-20 16:44 - 00017821 _____ () C:\Users\Sascha\Desktop\FRST.txt 2014-05-20 16:43 - 2014-05-20 16:43 - 00000000 ____D () C:\FRST 2014-05-20 16:42 - 2014-05-20 16:42 - 02067456 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64(1).exe 2014-05-20 16:38 - 2014-05-20 16:38 - 02067456 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe 2014-05-20 12:27 - 2014-05-20 12:27 - 00002203 _____ () C:\Users\Sascha\.recently-used.xbel 2014-05-19 19:02 - 2014-05-19 19:02 - 00000358 _____ () C:\Users\Sascha\Documents\OuProxy.log 2014-05-16 18:53 - 2014-05-16 18:53 - 00000000 ____D () C:\Users\Sascha\AppData\Local\AAV 2014-05-16 16:08 - 2014-05-16 16:08 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\AAV 2014-05-16 16:04 - 2014-05-16 18:51 - 00002205 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk 2014-05-16 16:04 - 2014-05-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps 2014-05-16 15:59 - 2014-05-16 16:09 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft 2014-05-16 15:56 - 2014-05-19 18:33 - 00000000 ____D () C:\ProgramData\AAV 2014-05-16 00:40 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-16 00:40 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-16 00:40 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-16 00:40 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-16 00:40 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-16 00:40 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 19:22 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 19:22 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 19:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 19:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 19:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 19:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 19:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 19:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 19:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 19:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 19:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 19:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 19:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 19:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 19:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-12 19:47 - 2014-05-12 19:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\ProgramData\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 19:45 - 2014-05-12 19:45 - 00283144 _____ (Mozilla) C:\Users\Sascha\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-10 16:45 - 2014-05-16 14:54 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-09 15:32 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SUPERAntiSpyware.com 2014-05-09 15:31 - 2014-05-09 15:32 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00001808 _____ () C:\Users\Sascha\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-05-04 21:27 - 2014-05-04 21:18 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-212702.backup 2014-05-04 21:18 - 2011-02-22 22:24 - 00430078 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-211817.backup 2014-05-04 19:38 - 2014-05-04 19:44 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00001231 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-05-04 19:13 - 2014-05-04 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter 2014-05-03 14:38 - 2013-11-27 01:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-05-03 14:38 - 2013-11-27 00:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-05-03 14:32 - 2014-05-20 07:19 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-03 14:32 - 2014-05-20 07:19 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-03 14:32 - 2014-05-03 14:32 - 00000552 _____ () C:\Windows\system32\spsys.log 2014-04-28 20:22 - 2014-04-28 20:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-28 20:22 - 2014-04-28 20:22 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-28 20:22 - 2014-04-28 20:22 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-28 20:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-04-28 18:41 - 2014-04-28 18:41 - 00000000 _____ () C:\autoexec.bat 2014-04-28 18:40 - 2014-05-04 19:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-04-28 18:40 - 2014-04-28 18:40 - 00002266 _____ () C:\Users\Sascha AD\Desktop\SpyHunter.lnk 2014-04-28 18:40 - 2014-04-28 18:40 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-04-28 18:40 - 2014-04-28 18:40 - 00000000 ____D () C:\sh4ldr 2014-04-28 18:40 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieUserList 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieSiteList 2014-04-26 09:05 - 2014-04-26 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-26 09:03 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-26 09:03 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-26 09:03 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-04-26 09:03 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-04-26 08:56 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-26 08:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-04-26 08:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-26 08:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-26 08:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-26 08:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-26 08:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-26 08:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-26 08:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-26 08:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-04-26 08:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-04-26 08:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-26 08:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-26 08:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-04-26 08:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-26 08:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-04-26 08:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-04-26 08:43 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-04-26 08:43 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-04-26 08:43 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-04-26 08:43 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2014-04-26 08:43 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2014-04-26 08:43 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-04-26 08:41 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-04-26 08:41 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-04-26 08:41 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-04-26 08:41 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-04-26 08:30 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2014-04-26 08:30 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2014-04-26 08:30 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2014-04-26 08:30 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2014-04-26 08:30 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2014-04-26 08:30 - 2012-04-07 14:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-04-26 08:30 - 2012-04-07 13:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-04-26 08:29 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-26 08:29 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-26 08:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-26 08:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-26 08:29 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-26 08:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-26 08:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-26 08:29 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-26 08:29 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-26 08:29 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-04-26 08:29 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-04-26 08:29 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-26 08:29 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-26 08:29 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-26 08:29 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-26 08:29 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-26 08:29 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-04-26 08:29 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-04-26 08:29 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-04-26 08:29 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-26 08:29 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-04-26 08:29 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2014-04-26 08:29 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2014-04-26 08:29 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2014-04-26 08:29 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2014-04-26 08:29 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2014-04-26 08:29 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2014-04-26 08:29 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2014-04-26 08:29 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys 2014-04-26 08:29 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2014-04-26 08:29 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2014-04-26 08:28 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-26 08:28 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-04-26 08:28 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-26 08:28 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-04-26 08:28 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-26 08:28 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-26 08:28 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-04-26 08:28 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-26 08:28 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-26 08:28 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-26 08:28 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-04-26 08:28 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-04-26 08:28 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-26 08:28 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-04-26 08:28 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-04-26 08:28 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll 2014-04-26 08:28 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2014-04-26 08:28 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-04-26 08:28 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-04-26 08:28 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe 2014-04-26 08:28 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-04-26 08:28 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-04-26 08:28 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2014-04-26 08:28 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2014-04-26 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-26 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-26 08:26 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-26 08:26 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-04-26 08:26 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-04-26 08:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-26 08:17 - 2014-04-26 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-04-26 08:11 - 2014-04-26 08:11 - 00000000 ____D () C:\Users\Sascha AD\Documents\ForceField Shared Files 2014-04-23 20:48 - 2014-04-27 07:29 - 00000000 ____D () C:\clrav 2014-04-22 23:42 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-22 23:42 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-22 23:42 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-22 23:42 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-22 23:42 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-22 23:42 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-22 23:42 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-22 23:42 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-22 23:42 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-22 23:42 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-22 23:42 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-22 23:42 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-22 23:42 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-22 23:42 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-22 23:42 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-22 23:42 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-22 23:42 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-22 23:42 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-22 23:42 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-22 23:42 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-22 23:42 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-22 23:42 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-22 23:42 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-22 23:42 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-22 23:42 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-22 23:42 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-22 23:42 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-22 23:42 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-22 23:42 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-22 23:42 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-22 23:42 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-22 23:42 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-22 23:42 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-22 23:42 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-22 23:42 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-22 23:42 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-22 23:42 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-22 23:42 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-22 23:42 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-22 23:42 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-22 23:42 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-22 23:42 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-22 23:42 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-22 23:42 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-20 16:44 - 2014-05-20 16:43 - 00017821 _____ () C:\Users\Sascha\Desktop\FRST.txt 2014-05-20 16:43 - 2014-05-20 16:43 - 00000000 ____D () C:\FRST 2014-05-20 16:43 - 2012-11-25 15:18 - 00000000 ____D () C:\DAZ 3D 2014-05-20 16:42 - 2014-05-20 16:42 - 02067456 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64(1).exe 2014-05-20 16:38 - 2014-05-20 16:38 - 02067456 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe 2014-05-20 16:34 - 2012-04-18 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-20 15:38 - 2011-02-21 13:19 - 00125144 _____ () C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-20 15:13 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-05-20 15:13 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-05-20 15:13 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-20 14:16 - 2013-09-15 08:16 - 00001834 _____ () C:\Windows\Tasks\TubeSaver-1-firefoxinstaller.job 2014-05-20 14:16 - 2013-09-15 08:16 - 00001298 _____ () C:\Windows\Tasks\TubeSaver-1-updater.job 2014-05-20 14:16 - 2013-09-15 08:16 - 00001202 _____ () C:\Windows\Tasks\TubeSaver-1-codedownloader.job 2014-05-20 14:16 - 2013-09-15 08:16 - 00001102 _____ () C:\Windows\Tasks\TubeSaver-1-enabler.job 2014-05-20 12:27 - 2014-05-20 12:27 - 00002203 _____ () C:\Users\Sascha\.recently-used.xbel 2014-05-20 12:27 - 2012-07-04 18:31 - 00000000 ____D () C:\Users\Sascha\.gimp-2.6 2014-05-20 12:27 - 2011-02-20 02:16 - 00000000 ____D () C:\Users\Sascha 2014-05-20 12:27 - 2008-09-04 18:35 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\gtk-2.0 2014-05-20 08:08 - 2014-04-05 15:09 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-20 08:08 - 2014-04-05 14:39 - 00000000 ____D () C:\ProgramData\Origin 2014-05-20 07:38 - 2011-02-20 01:12 - 01375026 _____ () C:\Windows\WindowsUpdate.log 2014-05-20 07:19 - 2014-05-03 14:32 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-20 07:19 - 2014-05-03 14:32 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-20 07:10 - 2011-02-19 21:35 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-20 07:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-20 07:10 - 2009-07-14 06:51 - 00186640 _____ () C:\Windows\setupact.log 2014-05-19 19:07 - 2010-05-16 11:11 - 00000000 ____D () C:\Users\Sascha\Documents\Steuerfälle 2014-05-19 19:02 - 2014-05-19 19:02 - 00000358 _____ () C:\Users\Sascha\Documents\OuProxy.log 2014-05-19 18:33 - 2014-05-16 15:56 - 00000000 ____D () C:\ProgramData\AAV 2014-05-19 15:21 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-18 20:26 - 2012-06-27 19:03 - 00000000 ____D () C:\Program Files (x86)\The Secret World 2014-05-18 20:26 - 2011-08-10 20:24 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client 2014-05-18 19:34 - 2011-02-20 02:08 - 00000000 ____D () C:\Users\Sascha AD 2014-05-18 18:52 - 2011-02-19 23:28 - 00140898 _____ () C:\Windows\PFRO.log 2014-05-17 07:29 - 2009-07-14 06:45 - 00457320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-16 18:53 - 2014-05-16 18:53 - 00000000 ____D () C:\Users\Sascha\AppData\Local\AAV 2014-05-16 18:51 - 2014-05-16 16:04 - 00002205 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk 2014-05-16 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-16 16:09 - 2014-05-16 15:59 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft 2014-05-16 16:08 - 2014-05-16 16:08 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\AAV 2014-05-16 16:04 - 2014-05-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps 2014-05-16 14:54 - 2014-05-10 16:45 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 14:54 - 2011-02-20 02:16 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 00:39 - 2013-08-16 23:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-16 00:37 - 2011-02-20 09:52 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-13 22:34 - 2012-04-18 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 22:34 - 2011-05-17 12:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 19:04 - 2011-02-19 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-12 20:01 - 2011-02-20 18:25 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\ProgramData\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 19:45 - 2014-05-12 19:45 - 00283144 _____ (Mozilla) C:\Users\Sascha\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-11 11:09 - 2012-06-07 13:05 - 00000000 ____D () C:\Users\Sascha\AppData\Local\.elfohilfe 2014-05-09 15:32 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SUPERAntiSpyware.com 2014-05-09 15:32 - 2014-05-09 15:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00001808 _____ () C:\Users\Sascha\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-05-06 06:40 - 2014-05-16 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-16 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-16 00:40 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-16 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-16 00:40 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-16 00:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-04 21:22 - 2011-02-21 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D 2014-05-04 21:18 - 2014-05-04 21:27 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-212702.backup 2014-05-04 19:44 - 2014-05-04 19:38 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00001231 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-05-04 19:13 - 2014-05-04 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter 2014-05-04 19:13 - 2014-04-28 18:40 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-03 14:32 - 2014-05-03 14:32 - 00000552 _____ () C:\Windows\system32\spsys.log 2014-04-28 20:35 - 2011-02-19 23:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-28 20:30 - 2014-04-28 20:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-28 20:22 - 2014-04-28 20:22 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-28 20:22 - 2014-04-28 20:22 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-28 20:22 - 2011-02-19 23:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2014-04-28 19:10 - 2011-08-10 20:16 - 00001407 _____ () C:\Users\Sascha\Desktop\TeamSpeak 3 Client.lnk 2014-04-28 18:41 - 2014-04-28 18:41 - 00000000 _____ () C:\autoexec.bat 2014-04-28 18:41 - 2011-02-20 18:03 - 00125144 _____ () C:\Users\Sascha AD\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-28 18:40 - 2014-04-28 18:40 - 00002266 _____ () C:\Users\Sascha AD\Desktop\SpyHunter.lnk 2014-04-28 18:40 - 2014-04-28 18:40 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-04-28 18:40 - 2014-04-28 18:40 - 00000000 ____D () C:\sh4ldr 2014-04-28 00:03 - 2013-01-26 10:29 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieUserList 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieSiteList 2014-04-27 07:38 - 2011-02-19 23:25 - 00000000 ____D () C:\Program Files (x86)\Vuze 2014-04-27 07:29 - 2014-04-23 20:48 - 00000000 ____D () C:\clrav 2014-04-26 09:36 - 2010-05-12 22:24 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\vlc 2014-04-26 09:30 - 2013-11-23 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-04-26 09:28 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-26 09:05 - 2014-04-26 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-26 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-26 08:55 - 2011-02-19 21:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-26 08:17 - 2014-04-26 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-04-26 08:17 - 2011-02-19 21:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-04-26 08:14 - 2009-06-17 18:54 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\DAZ 3D 2014-04-26 08:13 - 2014-01-18 11:04 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\NVIDIA Corporation 2014-04-26 08:12 - 2011-02-20 02:08 - 00000000 ___RD () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-26 08:12 - 2011-02-20 02:08 - 00000000 ___RD () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-26 08:11 - 2014-04-26 08:11 - 00000000 ____D () C:\Users\Sascha AD\Documents\ForceField Shared Files 2014-04-26 08:11 - 2011-02-20 02:08 - 00001425 _____ () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-26 07:12 - 2011-02-19 22:15 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-04-21 21:36 - 2011-02-19 23:06 - 00000000 ____D () C:\Program Files (x86)\Steam Files to move or delete: ==================== C:\Users\Sascha AD\wand.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 19:19] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Sascha at 2014-05-20 16:44:27 Running from C:\Users\Sascha\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== 3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.1 - Futuremark Corporation) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated) Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version: - Funcom) aniMate 2 DS3 (HKLM-x32\...\aniMate 2 DS3 2.0.0.7) (Version: 2.0.0.7 - DAZ 3D) ASRock IES v2.0.92 (HKLM-x32\...\ASRock IES_is1) (Version: - ) Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal) ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Barbarian Invasion (HKLM-x32\...\{4905C2C7-96CB-4DD9-A706-C427913DE5AE}) (Version: 1.4 - ) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CPUID ROG CPU-Z 1.65 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.65 - CPUID, Inc.) Dawn of War - Soulstorm (HKCU\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ) Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623p) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen) Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EXPERTool 7.20 (HKLM-x32\...\MySSID_is1) (Version: - Gainward Co., Ltd) Fraps (HKLM-x32\...\Fraps) (Version: - ) Free Audio CD Burner version 1.4.7 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.) FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) Freedom Force (HKLM-x32\...\Steam App 8880) (Version: - Irrational Games) Freedom Force vs. the 3rd Reich (HKLM-x32\...\Steam App 8890) (Version: - Irrational Games) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Fresco Logic USB3.0 Host Controller (HKLM\...\{6E9E1B70-59C4-403E-ABFB-C08012BC7F8A}) (Version: 3.0.89.14 - Fresco Logic Inc.) FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - ) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - ) GimPhoto 1.4.3 (HKLM-x32\...\GimPhoto) (Version: 1.4.3 - Ek kian) GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version: - ) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar) Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.02.10112 - Sony Corporation) inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek) LightScribe System Software 1.12.29.2 (HKLM-x32\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - hxxp://www.lightscribe.com) Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.) Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts) Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig) Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly) Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera 10.00 (HKLM-x32\...\{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}) (Version: 10.00 - Opera Software ASA) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Photo Viewer (HKLM-x32\...\{67183F00-3DDC-497B-A090-4E2B79EAF1CD}) (Version: 1.00.0000 - Photo Viewer) PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation) Port Royale 3 (HKLM-x32\...\Steam App 205610) (Version: - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) RegHunter (HKLM\...\{7AE5C776-8742-4874-B53B-941190171E6D}) (Version: 1.0.59.1480 - Enigma Software Group USA, LLC) Remote Camera Control (HKLM-x32\...\{F4346E8D-1F90-4B07-92B9-2155C07D7D0F}) (Version: 3.1.02190 - Sony Corporation) Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname) Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio) Roxio Creator Basic v9 (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio) Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio) Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio) Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio) Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio) Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio) Roxio MyDVD Basic v9 (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.117 - Roxio) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis) Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis) Sid Meier's Civilization IV: Colonization (HKLM-x32\...\Steam App 16810) (Version: - Firaxis) Sid Meier's Civilization IV: Warlords (HKLM-x32\...\Steam App 3990) (Version: - Firaxis) Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - ) Sins of a Solar Empire: Trinity (HKLM-x32\...\Steam App 201290) (Version: - ) SiSoftware Sandra Lite 2013.SP6 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.66.2013.10 - SiSoftware) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) SpyHunter (HKLM\...\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC) Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com) Sweet Home 3D version 4.0 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly) Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly) Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - ) TubeSaver-1 (HKLM-x32\...\TubeSaver-1) (Version: 1.28.153.3 - YTSsaver) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Vallen JPegger (HKLM-x32\...\{73182AC3-5CC3-4161-AE97-F23E09B13147}) (Version: V5.62 (Build: 9.1221) - Vallen Systeme GmbH) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN) Warhammer® 40,000â„¢: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic) Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.) XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - ) ZoneAlarm Antivirus (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (x32 Version: 11.0.000.038 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.038 - Check Point) ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies) ZoneAlarm Security (x32 Version: 11.0.000.038 - Check Point Software Technologies Ltd.) Hidden ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-05-04 21:27 - 00450770 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? Task: C:\Windows\Tasks\TubeSaver-1-codedownloader.job => ? Task: C:\Windows\Tasks\TubeSaver-1-enabler.job => ? Task: C:\Windows\Tasks\TubeSaver-1-firefoxinstaller.job => ? Task: C:\Windows\Tasks\TubeSaver-1-updater.job => ? ==================== Loaded Modules (whitelisted) ============= 2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2011-02-19 22:38 - 2008-02-22 11:22 - 00049648 _____ () C:\Windows\system32\DLAAPI_W.DLL ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/20/2014 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc015000f Fehleroffset: 0x000000000006f7ba ID des fehlerhaften Prozesses: 0x96c Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/20/2014 03:11:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18429, Zeitstempel: 0x5330ecd9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000050506 ID des fehlerhaften Prozesses: 0x96c Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/20/2014 01:30:21 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/20/2014 01:28:04 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error: (05/19/2014 04:19:41 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/19/2014 04:17:33 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error: (05/18/2014 06:50:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.2.18.91, Zeitstempel: 0x51949fc0 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x12c0 Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0 Pfad der fehlerhaften Anwendung: SDUpdate.exe1 Pfad des fehlerhaften Moduls: SDUpdate.exe2 Berichtskennung: SDUpdate.exe3 Error: (05/18/2014 06:45:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.2.18.91, Zeitstempel: 0x51949fc0 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x614 Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0 Pfad der fehlerhaften Anwendung: SDUpdate.exe1 Pfad des fehlerhaften Moduls: SDUpdate.exe2 Berichtskennung: SDUpdate.exe3 Error: (05/18/2014 07:38:20 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/18/2014 07:35:56 AM) (Source: SideBySide) (EventID: 75) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. System errors: ============= Error: (05/18/2014 10:39:17 PM) (Source: Disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error: (05/17/2014 08:22:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 17.05.2014 um 17:17:10 unerwartet heruntergefahren. Error: (05/17/2014 01:00:44 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 17.05.2014 um 12:21:32 unerwartet heruntergefahren. Error: (05/16/2014 02:58:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (05/15/2014 07:22:13 PM) (Source: Disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (05/15/2014 07:22:05 PM) (Source: Disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (05/15/2014 06:19:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/15/2014 06:19:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (05/15/2014 06:17:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/15/2014 06:17:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht. Microsoft Office Sessions: ========================= Error: (05/20/2014 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c015000f000000000006f7ba96c01cf73ecacbb6750C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll4e2654a7-e020-11e3-b10c-001c4af6a97b Error: (05/20/2014 03:11:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.184295330ecd9c0000005000000000005050696c01cf73ecacbb6750C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll4c7c4e75-e020-11e3-b10c-001c4af6a97b Error: (05/20/2014 01:30:21 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8 Error: (05/20/2014 01:28:04 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2 Error: (05/19/2014 04:19:41 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8 Error: (05/19/2014 04:17:33 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2 Error: (05/18/2014 06:50:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDUpdate.exe2.2.18.9151949fc0KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d12c001cf72b94ad7ce77C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll89bf10b9-deac-11e3-a249-001c4af6a97b Error: (05/18/2014 06:45:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDUpdate.exe2.2.18.9151949fc0KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d61401cf72b898077077C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dlld71013a5-deab-11e3-a249-001c4af6a97b Error: (05/18/2014 07:38:20 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8 Error: (05/18/2014 07:35:56 AM) (Source: SideBySide) (EventID: 75) (User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2 CodeIntegrity Errors: =================================== Date: 2014-05-20 16:33:50.708 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 16:25:17.630 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 15:49:12.016 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 15:44:04.648 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 15:31:34.247 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 15:23:17.679 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 15:10:51.438 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 12:19:40.495 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 11:41:50.420 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 08:09:06.866 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 12287.3 MB Available physical RAM: 8041.47 MB Total Pagefile: 36860.09 MB Available Pagefile: 32080.21 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:431.5 GB) (Free:89.72 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (SH1_2) (Fixed) (Total:500.01 GB) (Free:93.45 GB) NTFS Drive e: (SH2) (Fixed) (Total:596.17 GB) (Free:110.82 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ |
20.05.2014, 22:21 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.05.2014, 10:22 | #5 |
| Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe So hab mir das Admin Paswort besorgt und das Programm nochmal ausgeführt: FRST.Txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Sascha AD (administrator) on SCHUSSEL on 21-05-2014 11:16:13 Running from C:\Users\Sascha AD\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73984 2013-01-02] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3344588163-4229223017-3211320431-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot HKU\S-1-5-21-3344588163-4229223017-3211320431-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray HKU\S-1-5-21-3344588163-4229223017-3211320431-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware) HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2265416 2011-04-08] (Gainward Co.) HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung) HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.) HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\MountPoints2: {0b2eb4f4-3c77-11e0-ae56-806e6f6e6963} - G:\autorun.exe -auto HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\MountPoints2: {0b2eb4f5-3c77-11e0-ae56-806e6f6e6963} - H:\CDSETUP.EXE ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File SearchScopes: HKCU - DefaultScope {1245A68F-115A-4355-8FF6-80F3C3B4B0FB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKCU - {1245A68F-115A-4355-8FF6-80F3C3B4B0FB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: TubeSaver-1 - {11111111-1111-1111-1111-110411151160} - C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-bho64.dll No File BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: No Name - {11111111-1111-1111-1111-110411151160} - No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sascha AD\AppData\Roaming\Mozilla\Firefox\Profiles\j327c08o.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.99 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-05-26] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011-11-20] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-01-24] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) S3 DAUpdaterSvc; D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare) S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.) U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-26] () S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2448032 2013-01-02] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin) R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [43888 2008-02-22] (Roxio) R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41712 2008-02-22] (Roxio) R1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15864 2007-02-08] (Roxio) R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10096 2008-02-22] (Roxio) R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141296 2008-02-22] (Roxio) R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33904 2008-02-22] (Roxio) R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [17776 2008-02-22] (Roxio) R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39160 2007-02-08] (Roxio) R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136816 2008-02-22] (Roxio) R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [142832 2008-02-22] (Roxio) R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions) R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2007-02-09] (Roxio) R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] () S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 TBPanel; No ImagePath R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-21 11:04 - 2014-05-21 11:16 - 00019898 _____ () C:\Users\Sascha AD\Desktop\FRST.txt 2014-05-21 11:04 - 2014-05-21 10:45 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-110424.backup 2014-05-21 10:45 - 2014-05-04 21:27 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-104509.backup 2014-05-21 10:35 - 2014-05-20 16:38 - 02067456 _____ (Farbar) C:\Users\Sascha AD\Desktop\FRST64.exe 2014-05-20 18:01 - 2014-05-20 18:06 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\WiseUpdate 2014-05-20 16:44 - 2014-05-20 16:59 - 00033833 _____ () C:\Users\Sascha\Desktop\Addition.txt 2014-05-20 16:43 - 2014-05-21 11:16 - 00000000 ____D () C:\FRST 2014-05-20 16:43 - 2014-05-21 11:11 - 00066587 _____ () C:\Users\Sascha\Desktop\FRST.txt 2014-05-20 16:42 - 2014-05-20 16:42 - 02067456 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64(1).exe 2014-05-20 16:38 - 2014-05-20 16:38 - 02067456 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe 2014-05-20 12:27 - 2014-05-20 12:27 - 00002203 _____ () C:\Users\Sascha\.recently-used.xbel 2014-05-19 19:02 - 2014-05-19 19:02 - 00000358 _____ () C:\Users\Sascha\Documents\OuProxy.log 2014-05-16 18:53 - 2014-05-16 18:53 - 00000000 ____D () C:\Users\Sascha\AppData\Local\AAV 2014-05-16 16:08 - 2014-05-16 16:08 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\AAV 2014-05-16 16:04 - 2014-05-16 18:51 - 00002205 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk 2014-05-16 16:04 - 2014-05-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps 2014-05-16 15:59 - 2014-05-16 16:09 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft 2014-05-16 15:56 - 2014-05-19 18:33 - 00000000 ____D () C:\ProgramData\AAV 2014-05-16 00:40 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-16 00:40 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-16 00:40 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-16 00:40 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-16 00:40 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-16 00:40 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 19:22 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 19:22 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 19:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 19:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 19:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 19:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 19:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 19:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 19:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 19:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 19:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 19:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 19:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 19:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 19:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-12 19:47 - 2014-05-12 19:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\ProgramData\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 19:45 - 2014-05-12 19:45 - 00283144 _____ (Mozilla) C:\Users\Sascha\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-10 16:45 - 2014-05-16 14:54 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-09 15:32 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SUPERAntiSpyware.com 2014-05-09 15:31 - 2014-05-09 15:32 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00001808 _____ () C:\Users\Sascha\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-05-04 21:27 - 2014-05-04 21:18 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-212702.backup 2014-05-04 21:18 - 2011-02-22 22:24 - 00430078 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-211817.backup 2014-05-04 19:38 - 2014-05-04 19:44 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00001231 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-05-04 19:13 - 2014-05-04 19:13 - 00003356 _____ () C:\Windows\System32\Tasks\RegHunterStartup 2014-05-04 19:13 - 2014-05-04 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter 2014-05-03 14:38 - 2013-11-27 01:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-05-03 14:38 - 2013-11-27 00:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-05-03 14:32 - 2014-05-21 07:26 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-03 14:32 - 2014-05-21 07:26 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-03 14:32 - 2014-05-03 14:32 - 00000552 _____ () C:\Windows\system32\spsys.log 2014-04-28 20:23 - 2014-04-28 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-04-28 20:22 - 2014-05-20 17:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-28 20:22 - 2014-04-28 20:22 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-28 20:22 - 2014-04-28 20:22 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-28 20:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-04-28 18:41 - 2014-04-28 18:41 - 00000000 _____ () C:\autoexec.bat 2014-04-28 18:40 - 2014-05-04 19:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-04-28 18:40 - 2014-04-28 18:40 - 00003342 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2014-04-28 18:40 - 2014-04-28 18:40 - 00002266 _____ () C:\Users\Sascha AD\Desktop\SpyHunter.lnk 2014-04-28 18:40 - 2014-04-28 18:40 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-04-28 18:40 - 2014-04-28 18:40 - 00000000 ____D () C:\sh4ldr 2014-04-28 18:40 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieUserList 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieSiteList 2014-04-26 09:05 - 2014-04-26 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-26 09:03 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-26 09:03 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-26 09:03 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-04-26 09:03 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-04-26 08:56 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-26 08:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-04-26 08:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-26 08:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-26 08:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-26 08:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-26 08:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-26 08:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-26 08:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-26 08:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-04-26 08:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-04-26 08:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-26 08:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-26 08:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-04-26 08:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-26 08:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-04-26 08:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-04-26 08:43 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-04-26 08:43 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-04-26 08:43 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-04-26 08:43 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2014-04-26 08:43 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2014-04-26 08:43 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-04-26 08:41 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-04-26 08:41 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-04-26 08:41 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-04-26 08:41 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-04-26 08:30 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2014-04-26 08:30 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2014-04-26 08:30 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2014-04-26 08:30 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2014-04-26 08:30 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2014-04-26 08:30 - 2012-04-07 14:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-04-26 08:30 - 2012-04-07 13:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-04-26 08:29 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-26 08:29 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-26 08:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-26 08:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-26 08:29 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-26 08:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-26 08:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-26 08:29 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-26 08:29 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-26 08:29 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-04-26 08:29 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-04-26 08:29 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-26 08:29 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-26 08:29 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-26 08:29 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-26 08:29 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-26 08:29 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-04-26 08:29 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-04-26 08:29 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-04-26 08:29 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-26 08:29 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-04-26 08:29 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2014-04-26 08:29 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2014-04-26 08:29 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2014-04-26 08:29 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2014-04-26 08:29 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2014-04-26 08:29 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2014-04-26 08:29 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2014-04-26 08:29 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys 2014-04-26 08:29 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2014-04-26 08:29 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2014-04-26 08:28 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-26 08:28 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-04-26 08:28 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-26 08:28 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-04-26 08:28 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-26 08:28 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-26 08:28 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-04-26 08:28 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-26 08:28 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-26 08:28 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-26 08:28 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-04-26 08:28 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-04-26 08:28 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-26 08:28 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-04-26 08:28 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-04-26 08:28 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll 2014-04-26 08:28 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2014-04-26 08:28 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-04-26 08:28 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-04-26 08:28 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe 2014-04-26 08:28 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-04-26 08:28 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-04-26 08:28 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2014-04-26 08:28 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2014-04-26 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-26 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-26 08:26 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-26 08:26 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-04-26 08:26 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-04-26 08:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-26 08:17 - 2014-04-26 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-04-26 08:11 - 2014-04-26 08:11 - 00000000 ____D () C:\Users\Sascha AD\Documents\ForceField Shared Files 2014-04-23 20:48 - 2014-04-27 07:29 - 00000000 ____D () C:\clrav 2014-04-22 23:42 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-22 23:42 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-22 23:42 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-22 23:42 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-22 23:42 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-22 23:42 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-22 23:42 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-22 23:42 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-22 23:42 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-22 23:42 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-22 23:42 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-22 23:42 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-22 23:42 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-22 23:42 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-22 23:42 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-22 23:42 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-22 23:42 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-22 23:42 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-22 23:42 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-22 23:42 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-22 23:42 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-22 23:42 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-22 23:42 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-22 23:42 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-22 23:42 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-22 23:42 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-22 23:42 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-22 23:42 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-22 23:42 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-22 23:42 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-22 23:42 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-22 23:42 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-22 23:42 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-22 23:42 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-22 23:42 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-22 23:42 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-22 23:42 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-22 23:42 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-22 23:42 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-22 23:42 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-22 23:42 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-22 23:42 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-22 23:42 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-22 23:42 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-21 11:16 - 2014-05-21 11:04 - 00019898 _____ () C:\Users\Sascha AD\Desktop\FRST.txt 2014-05-21 11:16 - 2014-05-20 16:43 - 00000000 ____D () C:\FRST 2014-05-21 11:13 - 2011-02-20 01:12 - 01414203 _____ () C:\Windows\WindowsUpdate.log 2014-05-21 11:11 - 2014-05-20 16:43 - 00066587 _____ () C:\Users\Sascha\Desktop\FRST.txt 2014-05-21 10:45 - 2014-05-21 11:04 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-110424.backup 2014-05-21 10:34 - 2012-04-18 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-21 10:31 - 2013-09-15 08:16 - 00001834 _____ () C:\Windows\Tasks\TubeSaver-1-firefoxinstaller.job 2014-05-21 10:31 - 2013-09-15 08:16 - 00001298 _____ () C:\Windows\Tasks\TubeSaver-1-updater.job 2014-05-21 10:31 - 2013-09-15 08:16 - 00001202 _____ () C:\Windows\Tasks\TubeSaver-1-codedownloader.job 2014-05-21 10:31 - 2013-09-15 08:16 - 00001102 _____ () C:\Windows\Tasks\TubeSaver-1-enabler.job 2014-05-21 10:31 - 2011-02-20 18:03 - 00125144 _____ () C:\Users\Sascha AD\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-21 10:31 - 2011-02-20 02:08 - 00000000 ___RD () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-21 10:31 - 2011-02-20 02:08 - 00000000 ___RD () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-21 10:30 - 2014-04-05 14:39 - 00000000 ____D () C:\ProgramData\Origin 2014-05-21 08:18 - 2014-04-05 15:09 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-21 07:26 - 2014-05-03 14:32 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-21 07:26 - 2014-05-03 14:32 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-21 07:25 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-05-21 07:25 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-05-21 07:25 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-21 07:18 - 2009-07-14 06:51 - 00186976 _____ () C:\Windows\setupact.log 2014-05-21 07:17 - 2011-02-19 21:35 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-21 07:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-20 18:06 - 2014-05-20 18:01 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\WiseUpdate 2014-05-20 17:57 - 2014-04-28 20:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-05-20 16:59 - 2014-05-20 16:44 - 00033833 _____ () C:\Users\Sascha\Desktop\Addition.txt 2014-05-20 16:42 - 2014-05-20 16:42 - 02067456 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64(1).exe 2014-05-20 16:38 - 2014-05-21 10:35 - 02067456 _____ (Farbar) C:\Users\Sascha AD\Desktop\FRST64.exe 2014-05-20 16:38 - 2014-05-20 16:38 - 02067456 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe 2014-05-20 15:38 - 2011-02-21 13:19 - 00125144 _____ () C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-20 12:27 - 2014-05-20 12:27 - 00002203 _____ () C:\Users\Sascha\.recently-used.xbel 2014-05-20 12:27 - 2012-07-04 18:31 - 00000000 ____D () C:\Users\Sascha\.gimp-2.6 2014-05-20 12:27 - 2011-02-20 02:16 - 00000000 ____D () C:\Users\Sascha 2014-05-20 12:27 - 2008-09-04 18:35 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\gtk-2.0 2014-05-19 19:07 - 2010-05-16 11:11 - 00000000 ____D () C:\Users\Sascha\Documents\Steuerfälle 2014-05-19 19:02 - 2014-05-19 19:02 - 00000358 _____ () C:\Users\Sascha\Documents\OuProxy.log 2014-05-19 18:33 - 2014-05-16 15:56 - 00000000 ____D () C:\ProgramData\AAV 2014-05-19 15:21 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-18 20:26 - 2012-06-27 19:03 - 00000000 ____D () C:\Program Files (x86)\The Secret World 2014-05-18 20:26 - 2011-08-10 20:24 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client 2014-05-18 19:34 - 2011-02-20 02:08 - 00000000 ____D () C:\Users\Sascha AD 2014-05-18 18:52 - 2011-02-19 23:28 - 00140898 _____ () C:\Windows\PFRO.log 2014-05-17 07:29 - 2009-07-14 06:45 - 00457320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-16 18:53 - 2014-05-16 18:53 - 00000000 ____D () C:\Users\Sascha\AppData\Local\AAV 2014-05-16 18:51 - 2014-05-16 16:04 - 00002205 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk 2014-05-16 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-16 16:09 - 2014-05-16 15:59 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft 2014-05-16 16:08 - 2014-05-16 16:08 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\AAV 2014-05-16 16:04 - 2014-05-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps 2014-05-16 14:54 - 2014-05-10 16:45 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 14:54 - 2011-02-20 02:16 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 00:39 - 2013-08-16 23:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-16 00:37 - 2011-02-20 09:52 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-13 22:34 - 2012-04-18 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 22:34 - 2012-04-18 18:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 22:34 - 2011-05-17 12:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 19:04 - 2011-02-19 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-12 20:01 - 2011-02-20 18:25 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\ProgramData\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 19:45 - 2014-05-12 19:45 - 00283144 _____ (Mozilla) C:\Users\Sascha\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-11 11:09 - 2012-06-07 13:05 - 00000000 ____D () C:\Users\Sascha\AppData\Local\.elfohilfe 2014-05-09 15:32 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SUPERAntiSpyware.com 2014-05-09 15:32 - 2014-05-09 15:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00001808 _____ () C:\Users\Sascha\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-05-06 06:40 - 2014-05-16 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-16 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-16 00:40 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-16 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-16 00:40 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-16 00:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-04 21:27 - 2014-05-21 10:45 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-104509.backup 2014-05-04 21:22 - 2011-02-21 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D 2014-05-04 21:18 - 2014-05-04 21:27 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-212702.backup 2014-05-04 19:44 - 2014-05-04 19:38 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00001231 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-05-04 19:13 - 2014-05-04 19:13 - 00003356 _____ () C:\Windows\System32\Tasks\RegHunterStartup 2014-05-04 19:13 - 2014-05-04 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter 2014-05-04 19:13 - 2014-04-28 18:40 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-03 14:32 - 2014-05-03 14:32 - 00000552 _____ () C:\Windows\system32\spsys.log 2014-04-28 20:35 - 2011-02-19 23:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-28 20:23 - 2014-04-28 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-04-28 20:22 - 2014-04-28 20:22 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-28 20:22 - 2014-04-28 20:22 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-28 20:22 - 2014-04-28 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-28 19:10 - 2011-08-10 20:16 - 00001407 _____ () C:\Users\Sascha\Desktop\TeamSpeak 3 Client.lnk 2014-04-28 18:41 - 2014-04-28 18:41 - 00000000 _____ () C:\autoexec.bat 2014-04-28 18:40 - 2014-04-28 18:40 - 00003342 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2014-04-28 18:40 - 2014-04-28 18:40 - 00002266 _____ () C:\Users\Sascha AD\Desktop\SpyHunter.lnk 2014-04-28 18:40 - 2014-04-28 18:40 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-04-28 18:40 - 2014-04-28 18:40 - 00000000 ____D () C:\sh4ldr 2014-04-28 00:03 - 2013-01-26 10:29 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieUserList 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieSiteList 2014-04-27 07:38 - 2011-02-19 23:25 - 00000000 ____D () C:\Program Files (x86)\Vuze 2014-04-27 07:29 - 2014-04-23 20:48 - 00000000 ____D () C:\clrav 2014-04-26 09:36 - 2010-05-12 22:24 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\vlc 2014-04-26 09:30 - 2013-11-23 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-04-26 09:28 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-26 09:05 - 2014-04-26 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-26 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-26 08:55 - 2011-02-19 21:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-26 08:17 - 2014-04-26 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-04-26 08:17 - 2011-02-19 21:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-04-26 08:14 - 2009-06-17 18:54 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\DAZ 3D 2014-04-26 08:13 - 2014-01-18 11:04 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\NVIDIA Corporation 2014-04-26 08:11 - 2014-04-26 08:11 - 00000000 ____D () C:\Users\Sascha AD\Documents\ForceField Shared Files 2014-04-26 08:11 - 2011-02-20 02:08 - 00001425 _____ () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-26 07:12 - 2011-02-19 22:15 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-04-21 21:36 - 2011-02-19 23:06 - 00000000 ____D () C:\Program Files (x86)\Steam Files to move or delete: ==================== C:\Users\Sascha AD\wand.dat Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\AskSLib.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 19:19] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 16:17 ==================== End Of Log ============================ --- --- --- --- --- --- und Addition.Txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Sascha AD at 2014-05-21 11:16:35 Running from C:\Users\Sascha AD\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== 3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.1 - Futuremark Corporation) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated) Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version: - Funcom) aniMate 2 DS3 (HKLM-x32\...\aniMate 2 DS3 2.0.0.7) (Version: 2.0.0.7 - DAZ 3D) ASRock IES v2.0.92 (HKLM-x32\...\ASRock IES_is1) (Version: - ) Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal) ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Barbarian Invasion (HKLM-x32\...\{4905C2C7-96CB-4DD9-A706-C427913DE5AE}) (Version: 1.4 - ) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CPUID ROG CPU-Z 1.65 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.65 - CPUID, Inc.) Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623p) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen) Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EXPERTool 7.20 (HKLM-x32\...\MySSID_is1) (Version: - Gainward Co., Ltd) Fraps (HKLM-x32\...\Fraps) (Version: - ) Free Audio CD Burner version 1.4.7 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.) FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) Freedom Force (HKLM-x32\...\Steam App 8880) (Version: - Irrational Games) Freedom Force vs. the 3rd Reich (HKLM-x32\...\Steam App 8890) (Version: - Irrational Games) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Fresco Logic USB3.0 Host Controller (HKLM\...\{6E9E1B70-59C4-403E-ABFB-C08012BC7F8A}) (Version: 3.0.89.14 - Fresco Logic Inc.) FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - ) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - ) GimPhoto 1.4.3 (HKLM-x32\...\GimPhoto) (Version: 1.4.3 - Ek kian) GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version: - ) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar) Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.02.10112 - Sony Corporation) inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek) LightScribe System Software 1.12.29.2 (HKLM-x32\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - hxxp://www.lightscribe.com) Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.) Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts) Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly) Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera 10.00 (HKLM-x32\...\{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}) (Version: 10.00 - Opera Software ASA) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Photo Viewer (HKLM-x32\...\{67183F00-3DDC-497B-A090-4E2B79EAF1CD}) (Version: 1.00.0000 - Photo Viewer) PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation) Port Royale 3 (HKLM-x32\...\Steam App 205610) (Version: - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) RegHunter (HKLM\...\{7AE5C776-8742-4874-B53B-941190171E6D}) (Version: 1.0.59.1480 - Enigma Software Group USA, LLC) Remote Camera Control (HKLM-x32\...\{F4346E8D-1F90-4B07-92B9-2155C07D7D0F}) (Version: 3.1.02190 - Sony Corporation) Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname) Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio) Roxio Creator Basic v9 (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio) Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio) Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio) Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio) Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio) Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio) Roxio MyDVD Basic v9 (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.117 - Roxio) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis) Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis) Sid Meier's Civilization IV: Colonization (HKLM-x32\...\Steam App 16810) (Version: - Firaxis) Sid Meier's Civilization IV: Warlords (HKLM-x32\...\Steam App 3990) (Version: - Firaxis) Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - ) Sins of a Solar Empire: Trinity (HKLM-x32\...\Steam App 201290) (Version: - ) SiSoftware Sandra Lite 2013.SP6 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.66.2013.10 - SiSoftware) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) SpyHunter (HKLM\...\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC) Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com) Sweet Home 3D version 4.0 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly) Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly) Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - ) TubeSaver-1 (HKLM-x32\...\TubeSaver-1) (Version: 1.28.153.3 - YTSsaver) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Vallen JPegger (HKLM-x32\...\{73182AC3-5CC3-4161-AE97-F23E09B13147}) (Version: V5.62 (Build: 9.1221) - Vallen Systeme GmbH) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN) Warhammer® 40,000â„¢: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic) Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.) XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - ) ZoneAlarm Antivirus (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (x32 Version: 11.0.000.038 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.038 - Check Point) ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies) ZoneAlarm Security (x32 Version: 11.0.000.038 - Check Point Software Technologies Ltd.) Hidden ==================== Restore Points ========================= 15-05-2014 17:04:08 Windows Update 15-05-2014 22:36:39 Windows Update 16-05-2014 13:58:19 SteuerSparErklärung 2014 wurde installiert. 16-05-2014 14:08:28 Installed AAVUpdateManager. 21-05-2014 05:35:07 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-05-21 10:45 - 00450770 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {3E4B222F-A869-4966-BABF-42DD1C42D160} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.) Task: {420AD760-7EFA-47F1-A5A2-A92A93C705E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {4956C6B7-225B-4A9F-A9A1-79DAE74C847B} - System32\Tasks\TubeSaver-1-codedownloader => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-codedownloader.exe Task: {5A8A5C1A-0D1E-4F8C-8AD6-C00191168743} - System32\Tasks\RegHunterStartup => C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe [2011-08-30] (Enigma Software Group USA, LLC.) Task: {5ED678B3-879C-465A-9E93-ABFDAEB2E1C7} - System32\Tasks\{1CBDE1F8-DE00-45CF-A69C-456A176EF84D} => C:\DAZ\DAZStudio3\DAZStudio.exe Task: {87249EB7-E8E6-4E00-95E1-72542DF2BFA3} - System32\Tasks\TubeSaver-1-updater => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-updater.exe Task: {9003D439-7603-42BF-AA39-359346E3408F} - System32\Tasks\{F2765E5B-840D-40C4-AE32-2A063B7390FD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {A3C86436-71F0-4C0C-B3C8-8D3AC370200B} - System32\Tasks\{3C29E2AC-2DFE-44B9-A786-15EC245DD216} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12007&installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered Task: {B4D8F6A2-8FF6-4587-9A35-15C9F2E03A6E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C1E2FD4A-0D57-4E3F-8234-CFC0BA9474B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {C4F0ABA4-2173-4BD9-B713-C54263F5BD6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {CD5EEE73-E86F-406C-AA17-F59BEC9B3618} - System32\Tasks\TubeSaver-1-firefoxinstaller => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-firefoxinstaller.exe Task: {FC6176CF-1E48-4AF6-A06A-F9579B42E8C0} - System32\Tasks\TubeSaver-1-enabler => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-enabler.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\TubeSaver-1-codedownloader.job => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-codedownloader.exe Task: C:\Windows\Tasks\TubeSaver-1-enabler.job => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-enabler.exe Task: C:\Windows\Tasks\TubeSaver-1-firefoxinstaller.job => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-firefoxinstaller.exe Task: C:\Windows\Tasks\TubeSaver-1-updater.job => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-updater.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-07 23:19 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-02-20 10:58 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2014-02-26 19:44 - 2014-02-26 19:44 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2011-02-19 22:38 - 2008-02-22 11:22 - 00049648 _____ () C:\Windows\system32\DLAAPI_W.DLL 2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2011-08-30 17:04 - 2011-08-30 17:04 - 00899584 _____ () C:\Program Files\Enigma Software Group\RegHunter\Acp.dll 2011-08-30 17:03 - 2011-08-30 17:03 - 00192000 _____ () C:\Program Files\Enigma Software Group\RegHunter\SystemInformation.dll 2014-04-28 20:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-04-28 20:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-04-28 20:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-04-28 20:22 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-04-28 20:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00901120 _____ () C:\DAZ 3D\DAZStudio3\QtNetwork4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 02076672 _____ () C:\DAZ 3D\DAZStudio3\QtCore4.dll 2012-11-25 15:19 - 2010-12-17 02:42 - 02408448 _____ () C:\DAZ 3D\DAZStudio3\Qt3Support4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00528384 _____ () C:\DAZ 3D\DAZStudio3\QtSql4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00364544 _____ () C:\DAZ 3D\DAZStudio3\QtXml4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 07745536 _____ () C:\DAZ 3D\DAZStudio3\QtGui4.dll 2012-11-25 15:19 - 2010-12-17 02:42 - 00442368 _____ () C:\DAZ 3D\DAZStudio3\QtOpenGL4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00708608 _____ () C:\DAZ 3D\DAZStudio3\QtScript4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00022016 _____ () C:\DAZ 3D\DAZStudio3\imageformats\qgif4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00025600 _____ () C:\DAZ 3D\DAZStudio3\imageformats\qico4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00135168 _____ () C:\DAZ 3D\DAZStudio3\imageformats\qjpeg4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00233472 _____ () C:\DAZ 3D\DAZStudio3\imageformats\qmng4.dll 2012-11-25 15:19 - 2010-12-17 02:43 - 00282624 _____ () C:\DAZ 3D\DAZStudio3\imageformats\qtiff4.dll 2012-11-25 15:20 - 2010-09-07 16:49 - 01654784 _____ () C:\DAZ 3D\DAZStudio3\plugins\aniMate2.dll 2012-11-25 15:19 - 2010-12-17 02:36 - 01933312 _____ () C:\DAZ 3D\DAZStudio3\DazCollada.dll 2012-11-25 15:19 - 2010-12-17 02:36 - 02191360 _____ () C:\DAZ 3D\DAZStudio3\dz3delight.dll 2012-11-25 15:19 - 2010-12-17 03:32 - 00122880 _____ () C:\DAZ 3D\DAZStudio3\plugins\dzsceneinfo.dll 2012-11-25 15:19 - 2010-12-17 03:25 - 00208896 _____ () C:\DAZ 3D\DAZStudio3\plugins\dzscriptedrenderer.dll 2012-11-25 15:19 - 2010-12-17 03:25 - 01740800 _____ () C:\DAZ 3D\DAZStudio3\plugins\dzshaderbuilder.dll 2012-11-25 15:19 - 2010-12-17 03:26 - 01363968 _____ () C:\DAZ 3D\DAZStudio3\plugins\dzshadermixerbase.dll 2012-11-25 15:19 - 2010-12-17 03:24 - 00393216 _____ () C:\DAZ 3D\DAZStudio3\plugins\dzshadermixergui.dll 2011-08-23 17:49 - 1998-10-31 10:55 - 00005120 _____ () C:\Program Files (x86)\EXPERTool\TBManage.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll 2011-12-08 19:37 - 2014-04-26 07:12 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/20/2014 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc015000f Fehleroffset: 0x000000000006f7ba ID des fehlerhaften Prozesses: 0x96c Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/20/2014 03:11:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18429, Zeitstempel: 0x5330ecd9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000050506 ID des fehlerhaften Prozesses: 0x96c Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/20/2014 01:30:21 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/20/2014 01:28:04 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error: (05/19/2014 04:19:41 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/19/2014 04:17:33 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error: (05/18/2014 06:50:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.2.18.91, Zeitstempel: 0x51949fc0 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x12c0 Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0 Pfad der fehlerhaften Anwendung: SDUpdate.exe1 Pfad des fehlerhaften Moduls: SDUpdate.exe2 Berichtskennung: SDUpdate.exe3 Error: (05/18/2014 06:45:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.2.18.91, Zeitstempel: 0x51949fc0 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x614 Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0 Pfad der fehlerhaften Anwendung: SDUpdate.exe1 Pfad des fehlerhaften Moduls: SDUpdate.exe2 Berichtskennung: SDUpdate.exe3 Error: (05/18/2014 07:38:20 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/18/2014 07:35:56 AM) (Source: SideBySide) (EventID: 75) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. System errors: ============= Error: (05/18/2014 10:39:17 PM) (Source: Disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error: (05/17/2014 08:22:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 17.05.2014 um 17:17:10 unerwartet heruntergefahren. Error: (05/17/2014 01:00:44 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 17.05.2014 um 12:21:32 unerwartet heruntergefahren. Error: (05/16/2014 02:58:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (05/15/2014 07:22:13 PM) (Source: Disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (05/15/2014 07:22:05 PM) (Source: Disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (05/15/2014 06:19:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/15/2014 06:19:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (05/15/2014 06:17:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/15/2014 06:17:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht. Microsoft Office Sessions: ========================= Error: (05/20/2014 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c015000f000000000006f7ba96c01cf73ecacbb6750C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll4e2654a7-e020-11e3-b10c-001c4af6a97b Error: (05/20/2014 03:11:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.184295330ecd9c0000005000000000005050696c01cf73ecacbb6750C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll4c7c4e75-e020-11e3-b10c-001c4af6a97b Error: (05/20/2014 01:30:21 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8 Error: (05/20/2014 01:28:04 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2 Error: (05/19/2014 04:19:41 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8 Error: (05/19/2014 04:17:33 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2 Error: (05/18/2014 06:50:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDUpdate.exe2.2.18.9151949fc0KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d12c001cf72b94ad7ce77C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll89bf10b9-deac-11e3-a249-001c4af6a97b Error: (05/18/2014 06:45:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDUpdate.exe2.2.18.9151949fc0KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d61401cf72b898077077C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dlld71013a5-deab-11e3-a249-001c4af6a97b Error: (05/18/2014 07:38:20 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8 Error: (05/18/2014 07:35:56 AM) (Source: SideBySide) (EventID: 75) (User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2 CodeIntegrity Errors: =================================== Date: 2014-05-21 11:11:06.834 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 08:19:21.939 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 07:59:30.334 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 07:32:40.500 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 01:27:22.507 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 22:24:45.405 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 22:08:12.935 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 21:42:24.351 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 18:21:38.969 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-20 17:47:53.976 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 12287.3 MB Available physical RAM: 8921.36 MB Total Pagefile: 36860.09 MB Available Pagefile: 32378.6 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:431.5 GB) (Free:95.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (SH1_2) (Fixed) (Total:500.01 GB) (Free:93.46 GB) NTFS Drive e: (SH2) (Fixed) (Total:596.17 GB) (Free:110.83 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Geändert von SH001 (21.05.2014 um 10:28 Uhr) |
21.05.2014, 11:07 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Unauffällig. Deinstalliere ZoneAlarm und Spybot, ZoneAlarm hab ich noch nie empfohlen, allein diese unsägliche Firewall die das Teil hat ist schon Grund genug, mehr als die Windows-Firewall (als Software-Firewall auf dem laufenden System selbst) benötigt man nicht. Und Spybot ist so gut wie wirkungslos, da gibt es weitaus bessere Tools. Anti-Virusprogramme
__________________ --> Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe |
21.05.2014, 20:03 | #7 |
| Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Heißt also der Trojaner Fund von Zonealarm ist wahrscheinlich ein Fehlalarm? Danke für die Hilfe hab mir jetzt Avira installiert und Zonealarm und Spybot rausgeworfen. |
21.05.2014, 21:31 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exeZitat:
Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2014, 11:31 | #9 |
| Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Meinte natürlich Avast nicht Avira So AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.210 - Bericht erstellt am 21/05/2014 um 23:19:04 # Aktualisiert 19/05/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Sascha AD - SCHUSSEL # Gestartet von : C:\Users\Sascha AD\Desktop\adwcleaner_3.210.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar [!] Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\kikin [!] Ordner Gelöscht : C:\Users\Sascha AD\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Ordner Gelöscht : C:\Users\Sascha AD\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Sascha AD\AppData\Roaming\kikin Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vva842z9.default\.autoreg ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041560.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041560.BHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041560.Sandbox Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041560.Sandbox.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152260} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455155560} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156660} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444154460} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151160} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151160} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411151160} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411151160} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152260} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411151160} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455155560} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156660} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151160} Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vva842z9.default\prefs.js ] ************************* AdwCleaner[R0].txt - [7153 octets] - [21/05/2014 23:18:14] AdwCleaner[S0].txt - [6190 octets] - [21/05/2014 23:19:04] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6250 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Sascha AD on 23.05.2014 at 12:14:55,22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.05.2014 at 12:20:46,71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Sascha AD (administrator) on SCHUSSEL on 23-05-2014 12:24:04 Running from C:\Users\Sascha AD\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-21] (AVAST Software) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2265416 2011-04-08] (Gainward Co.) HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung) HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\MountPoints2: {0b2eb4f4-3c77-11e0-ae56-806e6f6e6963} - G:\autorun.exe -auto HKU\S-1-5-21-3344588163-4229223017-3211320431-1003\...\MountPoints2: {0b2eb4f5-3c77-11e0-ae56-806e6f6e6963} - H:\CDSETUP.EXE ==================== Internet (Whitelisted) ==================== ProxyServer: localhost:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File SearchScopes: HKCU - {1245A68F-115A-4355-8FF6-80F3C3B4B0FB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sascha AD\AppData\Roaming\Mozilla\Firefox\Profiles\j327c08o.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.99 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-05-26] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-21] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-21] (AVAST Software) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) S3 DAUpdaterSvc; D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare) S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.) U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-26] () ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-21] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-21] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-21] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-21] () S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin) R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [43888 2008-02-22] (Roxio) R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41712 2008-02-22] (Roxio) R1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15864 2007-02-08] (Roxio) R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10096 2008-02-22] (Roxio) R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141296 2008-02-22] (Roxio) R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33904 2008-02-22] (Roxio) R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [17776 2008-02-22] (Roxio) R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39160 2007-02-08] (Roxio) R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136816 2008-02-22] (Roxio) R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [142832 2008-02-22] (Roxio) R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions) R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2007-02-09] (Roxio) R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 TBPanel; No ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X] S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-23 12:24 - 2014-05-23 12:24 - 00015179 _____ () C:\Users\Sascha AD\Desktop\FRST.txt 2014-05-23 12:20 - 2014-05-23 12:20 - 00000788 _____ () C:\Users\Sascha AD\Desktop\JRT.txt 2014-05-23 12:12 - 2014-05-23 12:12 - 00000000 ____D () C:\Windows\ERUNT 2014-05-21 14:09 - 2014-05-21 14:09 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\AVAST Software 2014-05-21 14:00 - 2014-05-23 08:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-21 14:00 - 2014-05-21 14:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-21 14:00 - 2014-05-21 14:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-21 14:00 - 2014-05-21 14:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-21 14:00 - 2014-05-21 14:00 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\AVAST Software 2014-05-21 14:00 - 2014-05-21 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-05-21 14:00 - 2014-05-21 13:59 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400673648500 2014-05-21 14:00 - 2014-05-21 13:59 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400673648500 2014-05-21 14:00 - 2014-05-21 13:59 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-05-21 14:00 - 2014-05-21 13:59 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-05-21 14:00 - 2014-05-21 13:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-05-21 14:00 - 2014-05-21 13:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-05-21 14:00 - 2014-05-21 13:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-05-21 14:00 - 2014-05-21 13:59 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-21 13:59 - 2014-05-21 13:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-21 13:59 - 2014-05-21 13:59 - 00000000 ____D () C:\Program Files\AVAST Software 2014-05-21 13:37 - 2014-05-21 13:37 - 00000074 _____ () C:\Windows\avast5.ini 2014-05-21 13:26 - 2014-05-21 13:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-21 13:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-21 13:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-21 13:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-21 13:16 - 2014-05-21 13:16 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-05-21 13:15 - 2014-05-21 13:15 - 01326389 _____ () C:\Users\Sascha AD\Desktop\adwcleaner_3.210.exe 2014-05-21 13:15 - 2014-05-21 13:15 - 01016261 _____ (Thisisu) C:\Users\Sascha AD\Desktop\JRT.exe 2014-05-21 13:11 - 2014-05-21 13:11 - 00000000 ____D () C:\Windows\7AE5C77687424874B53B941190171E6D.TMP 2014-05-21 12:29 - 2014-05-21 12:29 - 00448512 _____ (OldTimer Tools) C:\Users\Sascha AD\Desktop\TFC.exe 2014-05-21 11:55 - 2014-05-21 11:56 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\FreshDiagnose 2014-05-21 11:43 - 2014-05-23 11:58 - 00000000 ____D () C:\AdwCleaner 2014-05-21 11:04 - 2014-05-21 10:45 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-110424.backup 2014-05-21 10:45 - 2014-05-04 21:27 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-104509.backup 2014-05-21 10:35 - 2014-05-20 16:38 - 02067456 _____ (Farbar) C:\Users\Sascha AD\Desktop\FRST64.exe 2014-05-20 16:43 - 2014-05-23 12:24 - 00000000 ____D () C:\FRST 2014-05-20 16:42 - 2014-05-20 16:42 - 02067456 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64(1).exe 2014-05-20 12:27 - 2014-05-20 12:27 - 00002203 _____ () C:\Users\Sascha\.recently-used.xbel 2014-05-19 19:02 - 2014-05-19 19:02 - 00000358 _____ () C:\Users\Sascha\Documents\OuProxy.log 2014-05-16 18:53 - 2014-05-16 18:53 - 00000000 ____D () C:\Users\Sascha\AppData\Local\AAV 2014-05-16 16:08 - 2014-05-16 16:08 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\AAV 2014-05-16 16:04 - 2014-05-16 18:51 - 00002205 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk 2014-05-16 16:04 - 2014-05-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps 2014-05-16 15:59 - 2014-05-16 16:09 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft 2014-05-16 15:56 - 2014-05-19 18:33 - 00000000 ____D () C:\ProgramData\AAV 2014-05-16 00:40 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-16 00:40 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-16 00:40 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-16 00:40 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-16 00:40 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-16 00:40 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 19:22 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 19:22 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 19:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 19:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 19:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 19:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 19:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 19:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 19:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 19:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 19:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 19:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 19:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 19:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 19:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 19:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 19:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 19:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 19:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-12 19:47 - 2014-05-12 19:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\ProgramData\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 19:45 - 2014-05-12 19:45 - 00283144 _____ (Mozilla) C:\Users\Sascha\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-10 16:45 - 2014-05-16 14:54 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-09 15:32 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SUPERAntiSpyware.com 2014-05-09 15:31 - 2014-05-09 15:32 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-05-04 21:27 - 2014-05-04 21:18 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-212702.backup 2014-05-04 21:18 - 2011-02-22 22:24 - 00430078 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-211817.backup 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-05-03 14:38 - 2013-11-27 01:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-05-03 14:38 - 2013-11-27 00:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-05-03 14:32 - 2014-05-23 12:08 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-03 14:32 - 2014-05-23 12:08 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-03 14:32 - 2014-05-03 14:32 - 00000552 _____ () C:\Windows\system32\spsys.log 2014-04-28 20:23 - 2014-04-28 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-04-28 18:41 - 2014-04-28 18:41 - 00000000 _____ () C:\autoexec.bat 2014-04-28 18:40 - 2014-05-04 19:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieUserList 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieSiteList 2014-04-26 09:05 - 2014-04-26 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-26 09:03 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-26 09:03 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-26 09:03 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-04-26 09:03 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-04-26 08:56 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-26 08:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-04-26 08:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-26 08:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-26 08:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-26 08:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-26 08:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-26 08:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-26 08:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-26 08:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-04-26 08:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-04-26 08:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-26 08:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-26 08:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-04-26 08:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-26 08:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-04-26 08:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-04-26 08:43 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-04-26 08:43 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-04-26 08:43 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-04-26 08:43 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2014-04-26 08:43 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2014-04-26 08:43 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-04-26 08:41 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-04-26 08:41 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-04-26 08:41 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-04-26 08:41 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-04-26 08:41 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-04-26 08:30 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2014-04-26 08:30 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2014-04-26 08:30 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2014-04-26 08:30 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2014-04-26 08:30 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2014-04-26 08:30 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2014-04-26 08:30 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2014-04-26 08:30 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2014-04-26 08:30 - 2012-04-07 14:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-04-26 08:30 - 2012-04-07 13:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-04-26 08:29 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-26 08:29 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-26 08:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-26 08:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-26 08:29 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-26 08:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-26 08:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-26 08:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-26 08:29 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-26 08:29 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-26 08:29 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-26 08:29 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-04-26 08:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-04-26 08:29 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-04-26 08:29 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-04-26 08:29 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-26 08:29 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-26 08:29 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-26 08:29 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-26 08:29 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-26 08:29 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-04-26 08:29 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-04-26 08:29 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-04-26 08:29 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-26 08:29 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-04-26 08:29 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2014-04-26 08:29 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2014-04-26 08:29 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2014-04-26 08:29 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2014-04-26 08:29 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2014-04-26 08:29 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2014-04-26 08:29 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2014-04-26 08:29 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2014-04-26 08:29 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2014-04-26 08:29 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys 2014-04-26 08:29 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2014-04-26 08:29 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2014-04-26 08:28 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-26 08:28 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-04-26 08:28 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-26 08:28 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-04-26 08:28 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-26 08:28 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-26 08:28 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-04-26 08:28 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-26 08:28 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-26 08:28 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-26 08:28 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-04-26 08:28 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-04-26 08:28 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-26 08:28 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-04-26 08:28 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-04-26 08:28 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll 2014-04-26 08:28 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2014-04-26 08:28 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-04-26 08:28 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-04-26 08:28 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe 2014-04-26 08:28 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-04-26 08:28 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-04-26 08:28 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2014-04-26 08:28 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2014-04-26 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-26 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-26 08:26 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-26 08:26 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-04-26 08:26 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-04-26 08:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-26 08:17 - 2014-04-26 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in ==================== One Month Modified Files and Folders ======= 2014-05-23 12:24 - 2014-05-23 12:24 - 00015179 _____ () C:\Users\Sascha AD\Desktop\FRST.txt 2014-05-23 12:24 - 2014-05-20 16:43 - 00000000 ____D () C:\FRST 2014-05-23 12:20 - 2014-05-23 12:20 - 00000788 _____ () C:\Users\Sascha AD\Desktop\JRT.txt 2014-05-23 12:12 - 2014-05-23 12:12 - 00000000 ____D () C:\Windows\ERUNT 2014-05-23 12:08 - 2014-05-03 14:32 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-23 12:08 - 2014-05-03 14:32 - 00006416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-23 12:06 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-05-23 12:06 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-05-23 12:06 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-23 12:04 - 2011-02-20 01:12 - 01507910 _____ () C:\Windows\WindowsUpdate.log 2014-05-23 11:59 - 2011-02-19 23:28 - 00720698 _____ () C:\Windows\PFRO.log 2014-05-23 11:59 - 2011-02-19 21:35 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-23 11:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-23 11:59 - 2009-07-14 06:51 - 00188656 _____ () C:\Windows\setupact.log 2014-05-23 11:58 - 2014-05-21 11:43 - 00000000 ____D () C:\AdwCleaner 2014-05-23 11:58 - 2010-07-27 10:18 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\CheckPoint 2014-05-23 11:58 - 2010-07-27 10:18 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\CheckPoint 2014-05-23 11:47 - 2012-06-27 19:03 - 00000000 ____D () C:\Program Files (x86)\The Secret World 2014-05-23 10:06 - 2014-04-05 14:39 - 00000000 ____D () C:\ProgramData\Origin 2014-05-23 09:34 - 2012-04-18 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-23 08:14 - 2014-04-05 15:09 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-23 08:10 - 2014-05-21 14:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-21 22:14 - 2011-08-10 20:24 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client 2014-05-21 14:09 - 2014-05-21 14:09 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\AVAST Software 2014-05-21 14:00 - 2014-05-21 14:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-21 14:00 - 2014-05-21 14:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-21 14:00 - 2014-05-21 14:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-21 14:00 - 2014-05-21 14:00 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\AVAST Software 2014-05-21 14:00 - 2014-05-21 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-05-21 13:59 - 2014-05-21 14:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400673648500 2014-05-21 13:59 - 2014-05-21 14:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400673648500 2014-05-21 13:59 - 2014-05-21 14:00 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-05-21 13:59 - 2014-05-21 14:00 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-05-21 13:59 - 2014-05-21 14:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-05-21 13:59 - 2014-05-21 14:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-05-21 13:59 - 2014-05-21 14:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-05-21 13:59 - 2014-05-21 14:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-21 13:59 - 2014-05-21 13:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-21 13:59 - 2014-05-21 13:59 - 00000000 ____D () C:\Program Files\AVAST Software 2014-05-21 13:46 - 2013-09-15 08:25 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-21 13:37 - 2014-05-21 13:37 - 00000074 _____ () C:\Windows\avast5.ini 2014-05-21 13:26 - 2014-05-21 13:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-21 13:25 - 2014-05-21 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-21 13:19 - 2013-05-13 17:54 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\CheckPoint 2014-05-21 13:17 - 2011-02-19 23:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-21 13:17 - 2011-02-19 22:38 - 00000201 _____ () C:\Windows\wininit.ini 2014-05-21 13:16 - 2014-05-21 13:16 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-05-21 13:15 - 2014-05-21 13:15 - 01326389 _____ () C:\Users\Sascha AD\Desktop\adwcleaner_3.210.exe 2014-05-21 13:15 - 2014-05-21 13:15 - 01016261 _____ (Thisisu) C:\Users\Sascha AD\Desktop\JRT.exe 2014-05-21 13:11 - 2014-05-21 13:11 - 00000000 ____D () C:\Windows\7AE5C77687424874B53B941190171E6D.TMP 2014-05-21 12:29 - 2014-05-21 12:29 - 00448512 _____ (OldTimer Tools) C:\Users\Sascha AD\Desktop\TFC.exe 2014-05-21 12:21 - 2011-02-20 02:08 - 00000000 ____D () C:\Users\Sascha AD 2014-05-21 11:58 - 2011-02-20 02:16 - 00000000 ____D () C:\Users\Sascha 2014-05-21 11:56 - 2014-05-21 11:55 - 00000000 ____D () C:\Users\Sascha AD\AppData\Roaming\FreshDiagnose 2014-05-21 10:45 - 2014-05-21 11:04 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-110424.backup 2014-05-21 10:31 - 2011-02-20 18:03 - 00125144 _____ () C:\Users\Sascha AD\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-21 10:31 - 2011-02-20 02:08 - 00000000 ___RD () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-21 10:31 - 2011-02-20 02:08 - 00000000 ___RD () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-20 16:42 - 2014-05-20 16:42 - 02067456 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64(1).exe 2014-05-20 16:38 - 2014-05-21 10:35 - 02067456 _____ (Farbar) C:\Users\Sascha AD\Desktop\FRST64.exe 2014-05-20 15:38 - 2011-02-21 13:19 - 00125144 _____ () C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-20 12:27 - 2014-05-20 12:27 - 00002203 _____ () C:\Users\Sascha\.recently-used.xbel 2014-05-20 12:27 - 2012-07-04 18:31 - 00000000 ____D () C:\Users\Sascha\.gimp-2.6 2014-05-20 12:27 - 2008-09-04 18:35 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\gtk-2.0 2014-05-19 19:07 - 2010-05-16 11:11 - 00000000 ____D () C:\Users\Sascha\Documents\Steuerfälle 2014-05-19 19:02 - 2014-05-19 19:02 - 00000358 _____ () C:\Users\Sascha\Documents\OuProxy.log 2014-05-19 18:33 - 2014-05-16 15:56 - 00000000 ____D () C:\ProgramData\AAV 2014-05-19 15:21 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-17 07:29 - 2009-07-14 06:45 - 00457320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-16 18:53 - 2014-05-16 18:53 - 00000000 ____D () C:\Users\Sascha\AppData\Local\AAV 2014-05-16 18:51 - 2014-05-16 16:04 - 00002205 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk 2014-05-16 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-16 16:09 - 2014-05-16 15:59 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft 2014-05-16 16:08 - 2014-05-16 16:08 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\AAV 2014-05-16 16:04 - 2014-05-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps 2014-05-16 14:54 - 2014-05-10 16:45 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 14:54 - 2011-02-20 02:16 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 00:39 - 2013-08-16 23:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-16 00:37 - 2011-02-20 09:52 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-13 22:34 - 2012-04-18 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 22:34 - 2012-04-18 18:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 22:34 - 2011-05-17 12:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 19:04 - 2011-02-19 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-12 20:01 - 2011-02-20 18:25 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\ProgramData\Mozilla 2014-05-12 19:47 - 2014-05-12 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 19:45 - 2014-05-12 19:45 - 00283144 _____ (Mozilla) C:\Users\Sascha\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-12 07:26 - 2014-05-21 13:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-21 13:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-21 13:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 11:09 - 2012-06-07 13:05 - 00000000 ____D () C:\Users\Sascha\AppData\Local\.elfohilfe 2014-05-09 15:32 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SUPERAntiSpyware.com 2014-05-09 15:32 - 2014-05-09 15:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-09 15:31 - 2014-05-09 15:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-05-06 06:40 - 2014-05-16 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-16 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-16 00:40 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-16 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-16 00:40 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-16 00:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-04 21:27 - 2014-05-21 10:45 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140521-104509.backup 2014-05-04 21:18 - 2014-05-04 21:27 - 00450770 _____ () C:\Windows\system32\Drivers\etc\hosts.20140504-212702.backup 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-05-04 19:38 - 2014-05-04 19:38 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-05-04 19:13 - 2014-04-28 18:40 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-03 14:32 - 2014-05-03 14:32 - 00000552 _____ () C:\Windows\system32\spsys.log 2014-04-28 20:23 - 2014-04-28 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-04-28 19:10 - 2011-08-10 20:16 - 00001407 _____ () C:\Users\Sascha\Desktop\TeamSpeak 3 Client.lnk 2014-04-28 18:41 - 2014-04-28 18:41 - 00000000 _____ () C:\autoexec.bat 2014-04-28 00:03 - 2013-01-26 10:29 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieUserList 2014-04-27 07:38 - 2014-04-27 07:38 - 00000000 __SHD () C:\Users\Sascha AD\AppData\Local\EmieSiteList 2014-04-26 09:36 - 2010-05-12 22:24 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\vlc 2014-04-26 09:30 - 2013-11-23 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-04-26 09:28 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-26 09:05 - 2014-04-26 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-26 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-26 08:55 - 2011-02-19 21:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-26 08:17 - 2014-04-26 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-04-26 08:17 - 2011-02-19 21:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-04-26 08:13 - 2014-01-18 11:04 - 00000000 ____D () C:\Users\Sascha AD\AppData\Local\NVIDIA Corporation 2014-04-26 08:11 - 2011-02-20 02:08 - 00001425 _____ () C:\Users\Sascha AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-26 07:12 - 2011-02-19 22:15 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-23 19:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat Files to move or delete: ==================== C:\Users\Sascha AD\wand.dat Some content of TEMP: ==================== C:\Users\Sascha AD\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 19:19] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 16:17 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Sascha AD at 2014-05-23 12:24:46 Running from C:\Users\Sascha AD\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated) Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version: - Funcom) ASRock IES v2.0.92 (HKLM-x32\...\ASRock IES_is1) (Version: - ) Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal) ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Barbarian Invasion (HKLM-x32\...\{4905C2C7-96CB-4DD9-A706-C427913DE5AE}) (Version: 1.4 - ) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CPUID ROG CPU-Z 1.65 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.65 - CPUID, Inc.) Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623p) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen) Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EXPERTool 7.20 (HKLM-x32\...\MySSID_is1) (Version: - Gainward Co., Ltd) Fraps (HKLM-x32\...\Fraps) (Version: - ) Free Audio CD Burner version 1.4.7 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.) FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) Freedom Force (HKLM-x32\...\Steam App 8880) (Version: - Irrational Games) Freedom Force vs. the 3rd Reich (HKLM-x32\...\Steam App 8890) (Version: - Irrational Games) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Fresco Logic USB3.0 Host Controller (HKLM\...\{6E9E1B70-59C4-403E-ABFB-C08012BC7F8A}) (Version: 3.0.89.14 - Fresco Logic Inc.) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - ) GimPhoto 1.4.3 (HKLM-x32\...\GimPhoto) (Version: 1.4.3 - Ek kian) GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version: - ) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar) Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.02.10112 - Sony Corporation) inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek) LightScribe System Software 1.12.29.2 (HKLM-x32\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - hxxp://www.lightscribe.com) Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.) Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts) Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly) Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera 10.00 (HKLM-x32\...\{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}) (Version: 10.00 - Opera Software ASA) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Photo Viewer (HKLM-x32\...\{67183F00-3DDC-497B-A090-4E2B79EAF1CD}) (Version: 1.00.0000 - Photo Viewer) PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation) Port Royale 3 (HKLM-x32\...\Steam App 205610) (Version: - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Remote Camera Control (HKLM-x32\...\{F4346E8D-1F90-4B07-92B9-2155C07D7D0F}) (Version: 3.1.02190 - Sony Corporation) Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname) Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio) Roxio Creator Basic v9 (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio) Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio) Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio) Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio) Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio) Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio) Roxio MyDVD Basic v9 (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.117 - Roxio) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis) Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis) Sid Meier's Civilization IV: Colonization (HKLM-x32\...\Steam App 16810) (Version: - Firaxis) Sid Meier's Civilization IV: Warlords (HKLM-x32\...\Steam App 3990) (Version: - Firaxis) Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - ) Sins of a Solar Empire: Trinity (HKLM-x32\...\Steam App 201290) (Version: - ) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly) Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly) Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - ) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Vallen JPegger (HKLM-x32\...\{73182AC3-5CC3-4161-AE97-F23E09B13147}) (Version: V5.62 (Build: 9.1221) - Vallen Systeme GmbH) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN) Warhammer® 40,000â„¢: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic) Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.) XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - ) ZoneAlarm Antivirus (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden ==================== Restore Points ========================= 15-05-2014 17:04:08 Windows Update 15-05-2014 22:36:39 Windows Update 16-05-2014 13:58:19 SteuerSparErklärung 2014 wurde installiert. 16-05-2014 14:08:28 Installed AAVUpdateManager. 21-05-2014 05:35:07 Windows Update 21-05-2014 09:51:56 Removed 3DMark06 21-05-2014 10:01:15 SiSoftware Sandra Lite 21-05-2014 11:10:30 Removed RegHunter 21-05-2014 11:15:56 Removed SpyHunter 21-05-2014 11:34:20 avast! antivirus system restore point 21-05-2014 11:36:19 avast! antivirus system restore point 21-05-2014 11:59:18 avast! antivirus system restore point ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-05-21 10:45 - 00450770 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {9003D439-7603-42BF-AA39-359346E3408F} - System32\Tasks\{F2765E5B-840D-40C4-AE32-2A063B7390FD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {A3C86436-71F0-4C0C-B3C8-8D3AC370200B} - System32\Tasks\{3C29E2AC-2DFE-44B9-A786-15EC245DD216} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12007&installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered Task: {BC7BFB88-731E-4C21-9EDA-B76C6696F8D3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-21] (AVAST Software) Task: {C4F0ABA4-2173-4BD9-B713-C54263F5BD6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-07 23:19 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-02-20 10:58 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2014-02-26 19:44 - 2014-02-26 19:44 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2011-02-19 22:38 - 2008-02-22 11:22 - 00049648 _____ () C:\Windows\system32\DLAAPI_W.DLL 2014-05-23 08:10 - 2014-05-23 08:10 - 02254848 _____ () C:\Program Files\AVAST Software\Avast\defs\14052200\algo.dll 2011-08-23 17:49 - 1998-10-31 10:55 - 00005120 _____ () C:\Program Files (x86)\EXPERTool\TBManage.dll 2014-05-21 13:59 - 2014-05-21 13:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll 2011-12-08 19:37 - 2014-04-26 07:12 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll 2011-02-20 11:58 - 2014-04-26 07:12 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-05-21 13:10:11.297 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 12:37:50.757 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 12:10:59.714 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 11:55:28.951 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-21 11:55:28.576 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-21 11:49:51.375 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 11:28:31.157 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 11:11:06.834 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 08:19:21.939 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-05-21 07:59:30.334 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 12287.3 MB Available physical RAM: 10234.79 MB Total Pagefile: 36860.09 MB Available Pagefile: 34737.63 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:431.5 GB) (Free:95.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (SH1_2) (Fixed) (Total:500.01 GB) (Free:93.46 GB) NTFS Drive e: (SH2) (Fixed) (Total:596.17 GB) (Free:110.81 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 596 GB) (Disk ID: 28911AF8) Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7D14B18F) Partition 1: (Active) - (Size=432 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=500 GB) - (Type=05) ==================== End Of Log ============================ Geändert von SH001 (23.05.2014 um 11:22 Uhr) |
23.05.2014, 11:34 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Okay, dann bitte Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2014, 13:05 | #11 |
| Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Wenn ich versuche das Log von Malewarebytes zu speichern stürzt das Programm ab :-( |
23.05.2014, 13:39 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Scheint ein häufiger auftretender Bug zu sein, les das nicht zum ersten Mal. Versuch das Log mal als XML zu exportieren und poste dann einfach alles was in diesem XML-File steht in CODE-Tags. XML ist auch nur reiner Text...
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2014, 19:54 | #13 |
| Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exeCode:
ATTFilter XML-Interpretation fehlgeschlagen XML-Interpretation fehlgeschlagen: Syntaxfehler (Zeile: 53, Zeichen: 307) Dokument als HTML neu analysieren. Fehler: illegal byte sequence in encoding Spezifikation: hxxp://www.w3.org/TR/REC-xml/#charencoding 50: <key><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}</path><vendor>PUP.Optional.ConduitTB.A</vendor><action>success</action><hash>e4ee76de116aa591aee570bb5ca6a15f</hash></key> 51: <key><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA14329E-9550-4989-B3F2-9732E92D17CC}</path><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><hash>9a385004adced06686d953d98c762ad6</hash></key> 52: <key><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA14329E-9550-4989-B3F2-9732E92D17CC}</path><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><hash>9a385004adced06686d953d98c762ad6</hash></key> 53: <value><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{BA14329E-9550-4989-B3F2-9732E92D17CC}</valuename><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><valuedata>�2\14�P��I��2�-\17�</valuedata><hash>9a385004adced06686d953d98c762ad6</hash></value> 54: <value><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS</path><valuename>{BA14329E-9550-4989-B3F2-9732E92D17CC}</valuename><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><valuedata></valuedata><hash>9a385004adced06686d953d98c762ad6</hash></value> 55: <value><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BA14329E-9550-4989-B3F2-9732E92D17CC}</path><valuename></valuename><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><valuedata></valuedata><hash>2aa864f073083ff7b5aabc70ac563fc1</hash></value> 56: <value><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{ba14329e-9550-4989-b3f2-9732e92d17cc}</path><valuename></valuename><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><valuedata></valuedata><hash>844e69eb7506dc5aadb2ad7f20e24cb4</hash></value> Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=e74326d206a8c4448a05dc5eef323098 # engine=18381 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-23 06:32:38 # local_time=2014-05-23 08:32:38 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 71 76 176327 196370 0 0 # compatibility_mode=5893 16776573 100 94 78865 152499808 0 0 # scanned=2049380 # found=23 # cleaned=0 # scan_time=23008 sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir" sh=CE3BEB48AE65E3F396DEE5F9313451E50D05B16E ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO13.zip" sh=028B7C4E9B087D5015187BF8613D8B01784E562B ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO18.zip" sh=2DB7A8F19C78C61D04EECA30749BC115F0441340 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip" sh=4BDB04F37B4AC593B9609325E5A1599DFABFD5F1 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO8.zip" sh=CE3BEB48AE65E3F396DEE5F9313451E50D05B16E ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO13.zip" sh=028B7C4E9B087D5015187BF8613D8B01784E562B ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO18.zip" sh=2DB7A8F19C78C61D04EECA30749BC115F0441340 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip" sh=4BDB04F37B4AC593B9609325E5A1599DFABFD5F1 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO8.zip" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sascha AD\AppData\LocalLow\ZoneAlarm-Sicherheit\ldrtbZone.dll" sh=E6F9792E271F52A2245CC8D72C05A57D6DFBBDE3 ft=1 fh=0690a81bbbd9c1b6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sascha AD\AppData\LocalLow\ZoneAlarm-Sicherheit\tbZone.dll" sh=2B6EF659892076DB5A636E32BE3B5F79024F3A2D ft=1 fh=aec8a87bf89146d8 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\zaSetupWeb_110_780_000.exe" sh=DF71A27F15A939B32CCD116396203865321EA997 ft=1 fh=f745e44a930aa54b vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\ag_mp3_plugin_setup.exe" sh=70B69721791D7F6685581F5A28167D8CD6572008 ft=1 fh=8a8ff7b6904af9d5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\FreeVideoToMp3Converter35.exe" sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\FreeYouTubeToMP3Converter.exe" sh=CDF78456BC8BF322B7FB4E4FBED3DDDDA59F8508 ft=1 fh=03a040e36938398e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\zafwSetupWeb_102_057_000.exe" sh=F79CD7689C98BABCDA2C3B6DF3CFBCC6D562A45D ft=1 fh=705b84b19b7250d3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\zafwSetupWeb_102_064_000.exe" sh=5CE7620607515E33C2860911C9E89BC8C9ADC2C6 ft=1 fh=94417141fe3284df vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\zafwSetupWeb_102_068_000.exe" sh=238B76E136A032D4601301E567760EC10C814124 ft=1 fh=f14483085eb0dc09 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\zafwSetupWeb_110_000_038.exe" sh=56B73A78C28AF357F18FC9CB1402B5EB9359E6DB ft=1 fh=16883c458a85e77c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\zaSetupWeb_101_065_000.exe" sh=C94F3CA125B5FFDD02308BB81B766987350A3BC3 ft=1 fh=78fc5d575345147c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\zaSetupWeb_101_079_000.exe" sh=B25DFC38B84D9E21F4ECE88E942AAF3CC22EAB8E ft=1 fh=cda1cbd4b2e6ebee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Treiber + Updates\Installiert\FreeYouTubeToMP333Converter.exe" |
23.05.2014, 19:57 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2014, 21:23 | #15 |
| Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe Wieder was gelernt so jetzt per notepad Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?> <mbam-log> <header> <date>2014/05/23 13:08:06 +0200</date> <logfile>mbam-log-2014-05-23 (13-08-03).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.00.2.1012</version> <malware-database>v2014.05.23.06</malware-database> <rootkit-database>v2014.05.21.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Sascha AD</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>335439</objects> <time>532</time> <processes>0</processes> <modules>0</modules> <keys>4</keys> <values>4</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <key><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}</path><vendor>PUP.Optional.ConduitTB.A</vendor><action>success</action><hash>e4ee76de116aa591aee570bb5ca6a15f</hash></key> <key><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}</path><vendor>PUP.Optional.ConduitTB.A</vendor><action>success</action><hash>e4ee76de116aa591aee570bb5ca6a15f</hash></key> <key><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA14329E-9550-4989-B3F2-9732E92D17CC}</path><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><hash>9a385004adced06686d953d98c762ad6</hash></key> <key><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA14329E-9550-4989-B3F2-9732E92D17CC}</path><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><hash>9a385004adced06686d953d98c762ad6</hash></key> <value><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{BA14329E-9550-4989-B3F2-9732E92D17CC}</valuename><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><valuedata>ž2ºP•‰I³ò—2é-Ì</valuedata><hash>9a385004adced06686d953d98c762ad6</hash></value> <value><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS</path><valuename>{BA14329E-9550-4989-B3F2-9732E92D17CC}</valuename><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><valuedata></valuedata><hash>9a385004adced06686d953d98c762ad6</hash></value> <value><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BA14329E-9550-4989-B3F2-9732E92D17CC}</path><valuename></valuename><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><valuedata></valuedata><hash>2aa864f073083ff7b5aabc70ac563fc1</hash></value> <value><path>HKU\S-1-5-21-3344588163-4229223017-3211320431-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{ba14329e-9550-4989-b3f2-9732e92d17cc}</path><valuename></valuename><vendor>PUP.Optional.VuzeRemoteTB.A</vendor><action>success</action><valuedata></valuedata><hash>844e69eb7506dc5aadb2ad7f20e24cb4</hash></value> </items> </mbam-log> |
Themen zu Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe |
angezeigt, befindet, c:\windows, datei, entfernen, fehler, folge, folgende, free, fund, home, löschen, maleware, malware, neustart, quarantäne, software, ständiger, superantispyware, temp, updater.exe, win, win7, windows, zonealarm |