Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.05.2014, 19:51   #1
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Hallo,

ich habe mir offentsichtlich den BKA Torjaner eingefangen. Und zwar einer von der neueren Sorte, bei dem man nicht mehr in den abgesicherten Modus gelangt.
Ich konnte zwar den Autostart bereiningen und auf den Desktop gelangen. Daraufhin wollte ich über den abgesicherten Modus den Trojaner komplett löschen. Da ich aber natürlich nicht wusste, dass man in den nicht gelangt und ich den abgesicherten Modus mittels Häkchen im Task Manager für den nächsten Start starten wollte, hänge ich jetzt in einer Bootschleife. Aus der komme ich natürlich nur wieder raus, wenn ich im Task Manager das Häkchen entferne, wo ich aber auch nicht mehr hinkokmmen, da der Rechner ja immer im abgesicherten Modus startet.

Hoffe Ihr könnt mir helfen!!

Anbei die mittels Farbars erstellte Log.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by SYSTEM on MININT-SE3PHGC on 23-05-2014 19:20:14
Running from I:\
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-31] (Bitdefender)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ACPW07DE] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [MagicRotation] => C:\Program Files\MagicRotation Auto\MagicRotation Auto.exe [954880 2012-09-20] (Samsung Electronics, Inc.)
HKLM-x32\...\Run: [MagicRotation Auto] => C:\Program Files\MagicRotation Auto\MagicRotation Auto.exe [954880 2012-09-20] (Samsung Electronics, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [RoccatKone+] => C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [557056 2013-09-13] (ROCCAT GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKU\hanla_000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-31] (Bitdefender)
HKU\hanla_000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-31] (Bitdefender)
HKU\hanla_000\...\Run: [HP ENVY 110 series (NET)] => C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\hanla_000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\hanla_000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\hanla_000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Services (Whitelisted) =================

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-27] (Bitdefender)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-22] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-31] (Bitdefender)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A\org13h.dot [333556 2014-05-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-02-03] (BitDefender)
S3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-02-03] (BitDefender)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
S1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-10-02] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-10-02] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-10-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-27] (BitDefender SRL)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-23] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-02] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MagicianSataModeReader; C:\Program Files (x86)\Samsung SSD Magician\magdrvamd64.sys [13216 2013-11-28] ()
S1 MagicRotation; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
S3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-02] (Microsoft Corporation)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-02] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 19:19 - 2014-05-23 19:19 - 00000000 ____D () C:\FRST
2014-05-23 16:40 - 2014-05-23 16:40 - 00012288 _____ () C:\Windows\System32\umstartup.etl
2014-05-23 13:54 - 2014-05-23 14:00 - 00003337 _____ () C:\ProgramData\RUNDLL32.EXE-5756-F.txt
2014-05-23 13:49 - 2014-05-23 13:51 - 11732396 _____ () C:\Users\hanla_000\Desktop\daniela-1321-SD.mp4.rdzvcph.partial
2014-05-23 13:47 - 2014-05-23 13:54 - 00000000 ____D () C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A
2014-05-23 13:37 - 2014-05-23 13:51 - 43111793 _____ () C:\Users\hanla_000\Desktop\0028AS.rar.73w7sjn.partial
2014-05-18 13:18 - 2014-05-18 13:38 - 60228493 _____ () C:\Users\hanla_000\Desktop\1138224_Sexy_blond_whore_sucks_cock.flv
2014-05-18 12:34 - 2014-05-18 14:37 - 567457912 _____ () C:\Users\hanla_000\Desktop\3057174.flv
2014-05-18 11:46 - 2014-05-19 17:04 - 00119296 ___SH () C:\Users\hanla_000\Desktop\Thumbs.db
2014-05-18 11:13 - 2014-04-18 15:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\System32\ploptin.dll
2014-05-18 11:13 - 2014-04-18 15:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\System32\propsys.dll
2014-05-18 11:13 - 2014-04-18 14:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-05-18 11:13 - 2014-04-18 10:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\energyprov.dll
2014-05-18 11:13 - 2014-04-18 10:32 - 13287936 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-05-18 11:13 - 2014-04-18 09:58 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-18 11:13 - 2014-04-18 09:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2014-05-18 11:13 - 2014-04-18 09:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\System32\SearchFolder.dll
2014-05-18 11:13 - 2014-04-18 09:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Search.dll
2014-05-18 11:13 - 2014-04-18 08:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-05-18 11:13 - 2014-04-18 08:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-05-18 11:13 - 2014-04-14 10:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\System32\MFCaptureEngine.dll
2014-05-18 11:13 - 2014-04-14 09:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-05-18 11:13 - 2014-04-11 07:13 - 01200128 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2014-05-18 11:13 - 2014-04-11 05:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2014-05-18 11:13 - 2014-04-11 05:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-05-18 11:13 - 2014-04-11 04:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\System32\defragsvc.dll
2014-05-18 11:13 - 2014-04-09 12:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2014-05-18 11:13 - 2014-04-09 07:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2014-05-18 11:13 - 2014-04-09 06:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-05-18 11:13 - 2014-04-09 05:35 - 01411584 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-05-18 11:13 - 2014-04-09 04:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2014-05-18 11:13 - 2014-04-08 03:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2014-05-18 11:13 - 2014-04-06 17:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-05-18 11:13 - 2014-04-06 17:34 - 00275800 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-05-18 11:13 - 2014-04-06 17:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\System32\dwmapi.dll
2014-05-18 11:13 - 2014-04-06 17:31 - 21268952 ____N (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-18 11:13 - 2014-04-06 17:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\System32\MSVideoDSP.dll
2014-05-18 11:13 - 2014-04-06 17:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2014-05-18 11:13 - 2014-04-06 17:20 - 02140888 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 01401224 _____ (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2014-05-18 11:13 - 2014-04-06 17:20 - 00233912 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2014-05-18 11:13 - 2014-04-06 16:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-05-18 11:13 - 2014-04-06 16:22 - 18755672 ____N (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-18 11:13 - 2014-04-06 16:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-05-18 11:13 - 2014-04-06 15:10 - 04190720 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-05-18 11:13 - 2014-04-06 13:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2014-05-18 11:13 - 2014-04-06 13:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2014-05-18 11:13 - 2014-04-06 13:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\System32\MDEServer.exe
2014-05-18 11:13 - 2014-04-06 13:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2014-05-18 11:13 - 2014-04-06 13:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-05-18 11:13 - 2014-04-06 12:55 - 16872448 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2014-05-18 11:13 - 2014-04-06 12:54 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-05-18 11:13 - 2014-04-06 12:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\BootMenuUX.dll
2014-05-18 11:13 - 2014-04-06 12:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2014-05-18 11:13 - 2014-04-06 12:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-05-18 11:13 - 2014-04-06 11:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2014-05-18 11:13 - 2014-04-06 11:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2014-05-18 11:13 - 2014-04-06 11:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-05-18 11:13 - 2014-04-06 11:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-05-18 11:13 - 2014-04-06 11:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
2014-05-18 11:13 - 2014-04-06 10:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-05-18 11:13 - 2014-04-03 09:12 - 02124840 _____ (Microsoft Corporation) C:\Windows\System32\d3d9.dll
2014-05-18 11:13 - 2014-04-03 09:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2014-05-18 11:13 - 2014-04-03 09:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\System32\gpapi.dll
2014-05-18 11:13 - 2014-04-03 05:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-05-18 11:13 - 2014-04-03 05:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-05-18 11:13 - 2014-04-03 04:53 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-05-18 11:13 - 2014-04-03 03:53 - 04269056 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2014-05-18 11:13 - 2014-04-03 03:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2014-05-18 11:13 - 2014-04-03 03:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\System32\workfolderssvc.dll
2014-05-18 11:13 - 2014-04-03 03:23 - 00563200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-05-18 11:13 - 2014-04-03 03:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2014-05-18 11:13 - 2014-04-03 03:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-05-18 11:13 - 2014-04-03 03:22 - 03359744 ____N (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-05-18 11:13 - 2014-04-03 03:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\tlscsp.dll
2014-05-18 11:13 - 2014-04-01 07:23 - 00384856 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2014-05-18 11:13 - 2014-03-31 06:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-05-18 11:13 - 2014-03-31 06:35 - 02518360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-05-18 11:13 - 2014-03-31 06:35 - 00428888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-05-18 11:13 - 2014-03-31 01:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-05-18 11:13 - 2014-03-31 01:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\WorkFoldersShell.dll
2014-05-18 11:13 - 2014-03-31 00:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\System32\WorkfoldersControl.dll
2014-05-18 11:13 - 2014-03-30 23:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\System32\gpsvc.dll
2014-05-18 11:13 - 2014-03-30 23:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\System32\mispace.dll
2014-05-18 11:13 - 2014-03-30 23:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-05-18 11:13 - 2014-03-30 23:11 - 00721408 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveTelemetry.dll
2014-05-18 11:13 - 2014-03-30 22:47 - 00872448 ____N (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2014-05-18 11:13 - 2014-03-28 16:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2014-05-18 11:13 - 2014-03-27 07:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2014-05-18 11:13 - 2014-03-27 06:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\resutils.dll
2014-05-18 11:13 - 2014-03-27 05:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\clusapi.dll
2014-05-18 11:13 - 2014-03-27 05:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-05-18 11:13 - 2014-03-27 05:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-05-18 11:13 - 2014-03-27 04:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2014-05-18 11:13 - 2014-03-27 04:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\swprv.dll
2014-05-18 11:13 - 2014-03-27 04:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2014-05-18 11:13 - 2014-03-24 23:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2014-05-18 11:13 - 2014-03-21 05:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\System32\tscfgwmi.dll
2014-05-18 11:13 - 2014-03-20 04:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
2014-05-18 11:13 - 2014-03-20 01:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2014-05-18 11:13 - 2014-03-20 01:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-05-18 11:13 - 2014-03-20 00:38 - 00590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-05-18 11:13 - 2014-03-20 00:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-18 11:13 - 2014-03-19 09:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
2014-05-18 11:13 - 2014-03-19 09:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2014-05-18 11:13 - 2014-03-19 08:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2014-05-18 11:13 - 2014-03-19 08:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-05-18 11:13 - 2014-03-19 07:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2014-05-18 11:13 - 2014-03-19 06:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-18 11:13 - 2014-03-19 06:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2014-05-18 11:13 - 2014-03-19 06:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2014-05-18 11:13 - 2014-03-19 06:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2014-05-18 11:13 - 2014-03-19 06:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2014-05-18 11:13 - 2014-03-19 06:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-05-18 11:13 - 2014-03-19 05:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-05-18 11:13 - 2014-03-19 05:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlowUI.dll
2014-05-18 11:13 - 2014-03-19 05:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll
2014-05-18 11:13 - 2014-03-18 09:19 - 00077312 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2014-05-18 11:13 - 2014-03-18 09:18 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\xusb22.sys
2014-05-18 11:13 - 2014-03-18 06:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2014-05-18 11:13 - 2014-03-18 05:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-05-18 11:13 - 2014-03-17 06:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2014-05-18 11:13 - 2014-03-17 05:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-05-18 11:13 - 2014-03-17 04:01 - 00486912 ____N (Microsoft Corporation) C:\Windows\System32\winspool.drv
2014-05-18 11:13 - 2014-03-17 03:47 - 01025024 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2014-05-18 11:13 - 2014-03-17 03:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-05-18 11:13 - 2014-03-14 07:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\System32\GeofenceMonitorService.dll
2014-05-18 11:13 - 2014-03-14 07:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-05-18 11:13 - 2014-03-06 13:42 - 00310616 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2014-05-18 11:12 - 2014-05-18 11:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-17 17:31 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\Crewlog
2014-05-17 17:31 - 2008-10-20 08:34 - 00521552 ____N (ComponentOne LLC) C:\Windows\SysWOW64\VSRpt8.ocx
2014-05-17 17:31 - 2008-10-20 08:34 - 00451880 ____N (ComponentOne) C:\Windows\SysWOW64\VSPrint8.ocx
2014-05-17 17:31 - 2008-10-20 08:34 - 00222504 ____N (ComponentOne) C:\Windows\SysWOW64\VSVPort8.ocx
2014-05-17 17:31 - 2008-10-20 08:07 - 00623920 ____N (ComponentOne) C:\Windows\SysWOW64\VSFlex8.ocx
2014-05-17 17:31 - 2008-01-16 12:55 - 00349504 _____ (ComponentOne LLC) C:\Windows\SysWOW64\titime8.ocx
2014-05-17 17:31 - 2006-10-20 12:35 - 00064512 _____ () C:\Windows\SysWOW64\shdocvw.oca
2014-05-17 17:31 - 2004-07-27 15:22 - 00856064 _____ (AppForge, Inc.) C:\Windows\SysWOW64\afCore.dll
2014-05-17 17:31 - 2004-07-27 15:20 - 00081920 _____ (AppForge, Inc.) C:\Windows\SysWOW64\pCOM.dll
2014-05-17 17:31 - 2003-09-12 19:19 - 00548864 _____ (ComponentOne LLC) C:\Windows\SysWOW64\tibase8.dll
2014-05-17 17:31 - 2003-09-12 18:00 - 00131072 ____N (ComponentOne LLC) C:\Windows\SysWOW64\tishare8.dll
2014-05-17 17:31 - 2002-07-31 16:36 - 00094208 ____N (ST-software) C:\Windows\SysWOW64\STrainbowbar.ocx
2014-05-17 17:31 - 2001-04-07 15:24 - 00044544 ____N () C:\Windows\SysWOW64\Gif89.dll
2014-05-17 17:31 - 2000-12-06 05:00 - 00262328 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSDATGRD.OCX
2014-05-17 17:31 - 2000-12-06 05:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2014-05-17 17:31 - 2000-10-02 05:00 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-05-17 17:31 - 2000-05-22 05:00 - 00647872 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-05-17 17:31 - 2000-05-22 05:00 - 00232640 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSDATLST.OCX
2014-05-17 17:31 - 2000-05-22 05:00 - 00140488 ____N (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-05-17 17:31 - 2000-05-22 05:00 - 00118976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSADODC.OCX
2014-05-17 17:31 - 2000-05-22 05:00 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.ocx
2014-05-17 17:31 - 2000-05-11 05:00 - 00397312 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSRDO20.DLL
2014-05-17 17:31 - 2000-05-11 05:00 - 00077824 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSBIND.DLL
2014-05-17 17:31 - 2000-03-14 05:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RDOCURS.DLL
2014-05-17 17:31 - 2000-03-14 05:00 - 00118784 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-05-17 17:31 - 1998-11-25 21:25 - 00018944 _____ ( ) C:\Windows\SysWOW64\implode.dll
2014-05-17 17:31 - 1998-10-30 05:02 - 00901120 _____ (Three |D| Graphics, Inc.) C:\Windows\SysWOW64\sscsdk32.dll
2014-05-17 17:31 - 1998-07-06 05:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RDO20DE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGDE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DATLSDE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DATGDDE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ADODCDE.DLL
2014-05-17 17:31 - 1998-06-18 05:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-05-17 17:31 - 1998-05-29 01:49 - 00026624 ____N (Seagate Software, Inc.) C:\Windows\SysWOW64\CDO32.dll
2014-05-17 17:29 - 2014-05-22 14:11 - 00006544 _____ () C:\Windows\AutoKMS.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000346 _____ () C:\Windows\PFRO.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000000 _____ () C:\Windows\setupact.log
2014-05-17 12:56 - 2014-05-23 13:49 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\77B7FFD3-307F-4D31-B5D7-373B34EAF54F.aplzod
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files\iTunes
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-17 12:46 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 12:46 - 2012-08-21 12:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2014-05-16 17:00 - 2014-05-16 17:42 - 126399323 _____ () C:\Users\hanla_000\Desktop\Squirting_Over_The_Bedsheets.avi
2014-05-15 19:04 - 2014-05-15 19:04 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-14 15:44 - 2014-03-24 03:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2014-05-14 15:44 - 2014-03-24 03:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys
2014-05-14 15:44 - 2014-03-24 03:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2014-05-14 15:44 - 2014-03-13 08:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\System32\wusa.exe
2014-05-14 15:44 - 2014-03-13 07:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-14 15:43 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-14 15:43 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 15:43 - 2014-05-06 04:00 - 00084992 ____N (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-14 15:43 - 2014-05-06 03:10 - 00069632 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 15:43 - 2014-04-11 11:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll
2014-05-14 15:43 - 2014-04-11 11:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-05-14 15:43 - 2014-04-11 09:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-14 15:43 - 2014-04-11 07:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-05-14 15:43 - 2014-04-11 06:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\WSReset.exe
2014-05-14 15:43 - 2014-04-11 06:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-14 15:43 - 2014-04-11 04:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2014-05-14 15:43 - 2014-04-11 04:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-14 15:43 - 2014-04-11 04:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 15:43 - 2014-04-11 04:05 - 00123904 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-14 15:43 - 2014-04-11 04:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 15:43 - 2014-04-11 04:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-05-14 15:43 - 2014-04-11 04:01 - 00137728 ____N (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-05-14 15:43 - 2014-04-11 04:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-14 15:43 - 2014-04-11 03:59 - 00666624 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-14 15:43 - 2014-04-11 03:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2014-05-14 15:43 - 2014-04-11 03:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2014-05-14 15:43 - 2014-04-11 03:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-05-14 15:43 - 2014-04-11 03:53 - 00827392 ____N (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-05-14 15:43 - 2014-04-11 03:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-05-14 15:43 - 2014-04-11 03:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-05-14 15:43 - 2014-04-11 03:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-14 15:43 - 2014-04-11 03:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-14 15:43 - 2014-04-11 03:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\System32\twinui.appcore.dll
2014-05-14 15:43 - 2014-04-11 03:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2014-05-14 15:43 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\System32\mrt_map.dll
2014-05-14 15:43 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\System32\mrt100.dll
2014-05-14 15:43 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-14 15:43 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-09 17:00 - 2014-05-18 11:21 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-07 15:47 - 2014-05-07 15:47 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Microsoft Game Studios
2014-05-07 15:39 - 2014-05-07 15:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-02 10:23 - 2014-05-02 10:23 - 02724864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 10:23 - 2014-05-02 10:23 - 02724864 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-26 21:31 - 2014-04-26 21:32 - 00000000 ____D () C:\Users\hanla_000\Desktop\bun
2014-04-25 16:40 - 2014-04-25 16:40 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_P8Z77-V.alu
2014-04-25 16:13 - 2014-04-25 16:13 - 00003826 ____N () C:\Windows\System32\Tasks\Security Center Update - 4185919329
2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Kuqybobi
2014-04-25 14:36 - 2014-03-26 22:40 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-25 14:34 - 2014-03-27 13:45 - 31270856 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 25257416 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 23785416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 17467048 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 15964736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 13158232 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-04-25 14:34 - 2014-03-27 13:45 - 11644392 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 11598560 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 09734744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 09697128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 03139928 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 02949976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 02785056 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 02413344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 01890080 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433750.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 01539416 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433750.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00894752 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00891168 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00864600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00859592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00836544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00354016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00166568 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-04-25 14:34 - 2014-03-21 20:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2014-04-25 14:34 - 2014-03-21 20:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-25 14:29 - 2014-04-25 14:29 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-04-25 13:49 - 2014-04-25 13:49 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2014-04-25 13:45 - 2014-04-25 13:45 - 00000000 ____D () C:\Users\hanla_000\Intel

==================== One Month Modified Files and Folders =======

2014-05-23 19:19 - 2014-05-23 19:19 - 00000000 ____D () C:\FRST
2014-05-23 16:40 - 2014-05-23 16:40 - 00012288 _____ () C:\Windows\System32\umstartup.etl
2014-05-23 15:12 - 2013-12-02 19:01 - 01980780 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 15:12 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 15:12 - 2013-04-27 10:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 15:06 - 2013-11-24 19:13 - 00000000 ____D () C:\Windows\pss
2014-05-23 15:06 - 2012-12-28 20:08 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-05-23 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru
2014-05-23 14:53 - 2013-08-14 11:21 - 00003576 _____ () C:\Windows\System32\Tasks\Bitdefender Auto-Scan
2014-05-23 14:53 - 2012-12-28 21:21 - 00000000 _____ () C:\Windows\Path.idx
2014-05-23 14:48 - 2013-07-31 17:45 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-23 14:48 - 2012-12-28 21:16 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-05-23 14:47 - 2013-09-30 05:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-23 14:47 - 2012-12-28 20:38 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\vlc
2014-05-23 14:47 - 2012-12-28 20:24 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Winamp
2014-05-23 14:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2014-05-23 14:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-05-23 14:00 - 2014-05-23 13:54 - 00003337 _____ () C:\ProgramData\RUNDLL32.EXE-5756-F.txt
2014-05-23 13:54 - 2014-05-23 13:47 - 00000000 ____D () C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A
2014-05-23 13:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2014-05-23 13:51 - 2014-05-23 13:49 - 11732396 _____ () C:\Users\hanla_000\Desktop\daniela-1321-SD.mp4.rdzvcph.partial
2014-05-23 13:51 - 2014-05-23 13:37 - 43111793 _____ () C:\Users\hanla_000\Desktop\0028AS.rar.73w7sjn.partial
2014-05-23 13:49 - 2014-05-17 12:56 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\77B7FFD3-307F-4D31-B5D7-373B34EAF54F.aplzod
2014-05-23 13:18 - 2012-12-28 17:04 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-719912548-1546492267-3311168217-1001
2014-05-23 13:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-22 14:18 - 2013-09-30 05:14 - 01780340 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-22 14:18 - 2013-09-30 04:58 - 00765378 _____ () C:\Windows\System32\perfh007.dat
2014-05-22 14:18 - 2013-09-30 04:58 - 00159696 _____ () C:\Windows\System32\perfc007.dat
2014-05-22 14:11 - 2014-05-17 17:29 - 00006544 _____ () C:\Windows\AutoKMS.log
2014-05-22 14:11 - 2013-01-01 23:03 - 00003494 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-21 22:11 - 2014-01-09 22:57 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-05-21 18:26 - 2012-12-28 21:21 - 00003039 _____ () C:\Windows\MB.idx
2014-05-21 15:28 - 2012-12-30 14:13 - 00000000 ____D () C:\ProgramData\Origin
2014-05-21 15:27 - 2013-09-26 17:19 - 00000000 ____D () C:\Users\hanla_000\Desktop\ebay
2014-05-19 17:04 - 2014-05-18 11:46 - 00119296 ___SH () C:\Users\hanla_000\Desktop\Thumbs.db
2014-05-18 19:37 - 2013-12-02 19:23 - 00000000 ____D () C:\users\hanla_000
2014-05-18 19:35 - 2012-12-30 01:27 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Apple Computer
2014-05-18 15:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-05-18 14:37 - 2014-05-18 12:34 - 567457912 _____ () C:\Users\hanla_000\Desktop\3057174.flv
2014-05-18 13:38 - 2014-05-18 13:18 - 60228493 _____ () C:\Users\hanla_000\Desktop\1138224_Sexy_blond_whore_sucks_cock.flv
2014-05-18 11:21 - 2014-05-09 17:00 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-18 11:21 - 2014-03-01 11:33 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-18 11:21 - 2013-12-23 18:05 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-18 11:21 - 2013-08-21 19:23 - 00000000 ____D () C:\Program Files (x86)\Samsung SSD Magician
2014-05-18 11:21 - 2013-05-24 11:57 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-05-18 11:21 - 2013-04-05 16:30 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-05-18 11:21 - 2012-12-30 00:41 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-05-18 11:21 - 2012-12-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Movies2iPhone
2014-05-18 11:21 - 2012-12-29 19:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-18 11:20 - 2014-05-17 17:31 - 00000000 ____D () C:\Program Files (x86)\Crewlog
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\iTunes
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-18 11:20 - 2013-12-02 19:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-18 11:20 - 2013-09-30 05:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\WinMetadata
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\setup
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\Com
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-05-18 11:20 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\Sysprep
2014-05-18 11:20 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\oobe
2014-05-18 11:20 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers
2014-05-18 11:20 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\servicing
2014-05-18 11:20 - 2013-04-20 21:23 - 00000000 ____D () C:\Program Files\Recuva
2014-05-18 11:20 - 2013-01-01 23:00 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-05-18 11:20 - 2012-12-30 19:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-18 11:20 - 2012-12-30 01:15 - 00000000 ____D () C:\Program Files\Common Files\ACD Systems
2014-05-18 11:20 - 2012-12-29 19:31 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Wise Registry Cleaner
2014-05-18 11:20 - 2012-12-29 19:17 - 00000000 ____D () C:\ProgramData\pdf995
2014-05-18 11:20 - 2012-12-29 18:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-18 11:20 - 2012-12-28 21:13 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-05-18 11:20 - 2012-12-28 20:04 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-18 11:20 - 2012-12-28 17:24 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-18 11:14 - 2013-08-22 15:44 - 00496880 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-18 11:12 - 2014-05-18 11:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-17 17:28 - 2014-05-17 17:28 - 00000346 _____ () C:\Windows\PFRO.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000000 _____ () C:\Windows\setupact.log
2014-05-17 12:56 - 2012-12-30 01:27 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Apple Computer
2014-05-17 12:46 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 12:46 - 2012-12-30 01:27 - 00000000 ____D () C:\ProgramData\Apple
2014-05-16 17:42 - 2014-05-16 17:00 - 126399323 _____ () C:\Users\hanla_000\Desktop\Squirting_Over_The_Bedsheets.avi
2014-05-15 19:04 - 2014-05-15 19:04 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 19:04 - 2014-01-09 18:45 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-15 19:04 - 2014-01-09 18:45 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-15 19:04 - 2013-07-31 17:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-15 19:04 - 2013-07-31 17:43 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 18:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-15 18:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\SecureBootUpdates
2014-05-15 18:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 18:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 16:03 - 2013-01-01 18:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 16:02 - 2013-07-19 13:52 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-14 16:01 - 2012-12-28 17:13 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-13 19:13 - 2013-04-27 10:02 - 00003772 ____N () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-09 17:01 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\mkvtoolnix
2014-05-07 16:12 - 2012-12-28 19:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-07 15:47 - 2014-05-07 15:47 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Microsoft Game Studios
2014-05-07 15:39 - 2014-05-07 15:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-06 05:40 - 2014-05-14 15:43 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-06 04:25 - 2014-05-14 15:43 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 04:00 - 2014-05-14 15:43 - 00084992 ____N (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-06 03:10 - 2014-05-14 15:43 - 00069632 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2014-05-02 10:23 - 2014-05-02 10:23 - 02724864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 10:23 - 2014-05-02 10:23 - 02724864 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-01 21:30 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 21:30 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 15:26 - 2012-12-28 18:26 - 00000145 _____ () C:\Users\hanla_000\Desktop\Passes.txt
2014-04-26 21:32 - 2014-04-26 21:31 - 00000000 ____D () C:\Users\hanla_000\Desktop\bun
2014-04-25 16:40 - 2014-04-25 16:40 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_P8Z77-V.alu
2014-04-25 16:13 - 2014-04-25 16:13 - 00003826 ____N () C:\Windows\System32\Tasks\Security Center Update - 4185919329
2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Kuqybobi
2014-04-25 14:36 - 2013-12-02 19:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-25 14:36 - 2013-12-02 19:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-25 14:29 - 2014-04-25 14:29 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-04-25 14:09 - 2013-01-16 11:45 - 04700560 _____ () C:\Windows\PE_File.dll
2014-04-25 13:50 - 2012-12-28 20:44 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-04-25 13:49 - 2014-04-25 13:49 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2014-04-25 13:46 - 2012-12-28 20:46 - 00000000 ____D () C:\ProgramData\Intel
2014-04-25 13:46 - 2012-12-28 20:46 - 00000000 ____D () C:\Program Files\Intel
2014-04-25 13:45 - 2014-04-25 13:45 - 00000000 ____D () C:\Users\hanla_000\Intel
2014-04-24 13:47 - 2014-02-26 16:48 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Ajdvworks

Files to move or delete:
====================
C:\Users\hanla_000\6097397.dll


Some content of TEMP:
====================
C:\Users\hanla_000\AppData\Local\Temp\mdi064.dll
C:\Users\hanla_000\AppData\Local\Temp\mdi164.dll
C:\Users\hanla_000\AppData\Local\Temp\mdi264.dll
C:\Users\hanla_000\AppData\Local\Temp\mdi364.dll
C:\Users\hanla_000\AppData\Local\Temp\mdi464.dll
C:\Users\hanla_000\AppData\Local\Temp\~+JF1360084289308265088.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-18 11:13] - [2014-03-28 16:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-18 11:13] - [2014-03-06 13:42] - 0310616 ___AC (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663


==================== Restore Points  =========================

Restore point made on: 2014-05-21 16:25:00
Restore point made on: 2014-05-21 17:06:47
Restore point made on: 2014-05-22 17:09:50
Restore point made on: 2014-05-23 14:39:43

==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16329.46 MB
Available physical RAM: 15079.93 MB
Total Pagefile: 16329.46 MB
Available Pagefile: 15094.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:237.91 GB) (Free:38.43 GB) NTFS
Drive d: (Dateien (1,81TB)) (Fixed) (Total:1863.01 GB) (Free:22.13 GB) NTFS
Drive f: (Dateien) (Fixed) (Total:1024 GB) (Free:106.7 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:400 GB) (Free:58.02 GB) NTFS
Drive h: (Dateien (1,33TB)) (Fixed) (Total:1370.39 GB) (Free:85.7 GB) NTFS
Drive i: (8GB STICK) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
Drive j: (My Book 4TB) (Fixed) (Total:3725.99 GB) (Free:1100.2 GB) NTFS
Drive o: (ESD-ISO) (CDROM) (Total:2.69 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Dateien (2,72TB)) (Fixed) (Total:2794.39 GB) (Free:105.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 0B36A66C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BD1BFA18)
Partition 2: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 4820A7E8)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 2795 GB) (Disk ID: B08D6C99)

Partition: GPT Partition Type.

========================================================
Disk: 4 (Size: 7 GB) (Disk ID: 67ADC4EE)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.


LastRegBack: 2014-05-22 14:49

==================== End Of Log ============================
         
Angehängte Dateien
Dateityp: txt FRST.txt (57,4 KB, 167x aufgerufen)

Alt 23.05.2014, 21:30   #2
M-K-D-B
/// TB-Ausbilder
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!






Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
C:\Users\hanla_000\Desktop\3057174.flv
C:\Users\hanla_000\Desktop\1138224_Sexy_blond_whore_sucks_cock.flv
C:\Users\hanla_000\Desktop\0028AS.rar.73w7sjn.partial
C:\Users\hanla_000\Desktop\daniela-1321-SD.mp4.rdzvcph.partial
S2 Winmgmt; C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A\org13h.dot [333556 2014-05-23] (Microsoft Corporation)
C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A
C:\Users\hanla_000\6097397.dll
C:\Users\hanla_000\AppData\Local\Temp\*.dll
end
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.






Gib mir nach dem Fix Bescheid, ob du deinen Rechner wieder normal starten kannst!
__________________

__________________

Alt 24.05.2014, 12:34   #3
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Vielen Dank für Deine schnelle Antwort und Deine Hilfe!
Ich konnte Windows normal starten und damit auch die Bootschleife beenden.


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by SYSTEM at 2014-05-23 21:56:08 Run:1
Running from I:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
C:\Users\hanla_000\Desktop\3057174.flv
C:\Users\hanla_000\Desktop\1138224_Sexy_blond_whore_sucks_cock.flv
C:\Users\hanla_000\Desktop\0028AS.rar.73w7sjn.partial
C:\Users\hanla_000\Desktop\daniela-1321-SD.mp4.rdzvcph.partial
S2 Winmgmt; C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A\org13h.dot [333556 2014-05-23] (Microsoft Corporation)
C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A
C:\Users\hanla_000\6097397.dll
C:\Users\hanla_000\AppData\Local\Temp\*.dll
end
*****************

C:\Users\hanla_000\Desktop\3057174.flv => Moved successfully.
C:\Users\hanla_000\Desktop\1138224_Sexy_blond_whore_sucks_cock.flv => Moved successfully.
C:\Users\hanla_000\Desktop\0028AS.rar.73w7sjn.partial => Moved successfully.
C:\Users\hanla_000\Desktop\daniela-1321-SD.mp4.rdzvcph.partial => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A => Moved successfully.
C:\Users\hanla_000\6097397.dll => Moved successfully.
C:\Users\hanla_000\AppData\Local\Temp\*.dll => Moved successfully.

==== End of Fixlog ====
         
Was muss ich denn noch machen, damit der komplett vom Rechner verschwindet?
__________________

Alt 24.05.2014, 16:02   #4
M-K-D-B
/// TB-Ausbilder
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Zitat:
Zitat von gesmo Beitrag anzeigen
Was muss ich denn noch machen, damit der komplett vom Rechner verschwindet?
Erst bitte FRST auf den Desktop neu downloaden und von dort einen Suchlauf starten:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 24.05.2014, 16:36   #5
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Hir aus FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2014 1
Ran by Hanling (administrator) on HANLING-PC on 24-05-2014 16:30:22
Running from C:\Users\hanla_000\Desktop
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-31] (Bitdefender)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ACPW07DE] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [MagicRotation] => C:\Program Files\MagicRotation Auto\MagicRotation Auto.exe [954880 2012-09-20] (Samsung Electronics, Inc.)
HKLM-x32\...\Run: [MagicRotation Auto] => C:\Program Files\MagicRotation Auto\MagicRotation Auto.exe [954880 2012-09-20] (Samsung Electronics, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [RoccatKone+] => C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [557056 2013-09-13] (ROCCAT GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-31] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-31] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-31] (Bitdefender)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-31] (Bitdefender)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-31] (Bitdefender)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [HP ENVY 110 series (NET)] => C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\MountPoints2: {4d8ed5b2-b7e0-11e2-bf55-000c55ff7c4a} - "R:\LaunchU3.exe" -a
Startup: C:\Users\hanla_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autostart\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender-Geldbörse - {09F58E74-42B4-4D70-BA26-35FC954E7A17} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-01-02]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-14]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-27] (Bitdefender)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-22] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-31] (Bitdefender)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-02-03] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-02-03] (BitDefender)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-10-02] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-10-02] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-10-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-27] (BitDefender SRL)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-23] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-02] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R1 MagicRotation; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-02] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-02] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-24 16:30 - 2014-05-24 16:30 - 00023227 _____ () C:\Users\hanla_000\Desktop\FRST.txt
2014-05-24 16:30 - 2014-05-24 16:30 - 00000000 ____D () C:\Users\hanla_000\Desktop\FRST-OlderVersion
2014-05-24 16:29 - 2014-05-24 16:30 - 02066432 _____ (Farbar) C:\Users\hanla_000\Desktop\FRST64.exe
2014-05-23 20:19 - 2014-05-24 16:30 - 00000000 ____D () C:\FRST
2014-05-23 17:40 - 2014-05-23 17:40 - 00012288 _____ () C:\WINDOWS\system32\umstartup.etl
2014-05-23 14:54 - 2014-05-23 15:00 - 00003337 _____ () C:\ProgramData\RUNDLL32.EXE-5756-F.txt
2014-05-18 12:46 - 2014-05-19 18:04 - 00119296 ___SH () C:\Users\hanla_000\Desktop\Thumbs.db
2014-05-18 12:13 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-18 12:13 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-18 12:13 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-18 12:13 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-18 12:13 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-18 12:13 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-18 12:13 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-18 12:13 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-18 12:13 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-18 12:13 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-18 12:13 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-18 12:13 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-18 12:13 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-18 12:13 - 2014-04-11 08:13 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-05-18 12:13 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-18 12:13 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-18 12:13 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-18 12:13 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-18 12:13 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-18 12:13 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-18 12:13 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-18 12:13 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-18 12:13 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-18 12:13 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-18 12:13 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-18 12:13 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-18 12:13 - 2014-04-06 18:31 - 21268952 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-18 12:13 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-18 12:13 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-18 12:13 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 01401224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-18 12:13 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-18 12:13 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-18 12:13 - 2014-04-06 17:22 - 18755672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-18 12:13 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-18 12:13 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-18 12:13 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-18 12:13 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-18 12:13 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-18 12:13 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-18 12:13 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-18 12:13 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-18 12:13 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-18 12:13 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-18 12:13 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-18 12:13 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-18 12:13 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-18 12:13 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-18 12:13 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-18 12:13 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-18 12:13 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-18 12:13 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-18 12:13 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-18 12:13 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-18 12:13 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-18 12:13 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-18 12:13 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-18 12:13 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-18 12:13 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-18 12:13 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-18 12:13 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-05-18 12:13 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-18 12:13 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-18 12:13 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-18 12:13 - 2014-04-03 04:22 - 03359744 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-18 12:13 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-18 12:13 - 2014-04-01 08:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-18 12:13 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-18 12:13 - 2014-03-31 07:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-18 12:13 - 2014-03-31 07:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-18 12:13 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-18 12:13 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-05-18 12:13 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-05-18 12:13 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-18 12:13 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-18 12:13 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-18 12:13 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-18 12:13 - 2014-03-30 23:47 - 00872448 ____N (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-18 12:13 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-18 12:13 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-18 12:13 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-18 12:13 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-18 12:13 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-18 12:13 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-18 12:13 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-18 12:13 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-18 12:13 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-18 12:13 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-18 12:13 - 2014-03-21 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2014-05-18 12:13 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-18 12:13 - 2014-03-20 02:51 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-05-18 12:13 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-18 12:13 - 2014-03-20 01:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2014-05-18 12:13 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-18 12:13 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-18 12:13 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-18 12:13 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-18 12:13 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-18 12:13 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-18 12:13 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-18 12:13 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-18 12:13 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-18 12:13 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-18 12:13 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-18 12:13 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-18 12:13 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-18 12:13 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-18 12:13 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-18 12:13 - 2014-03-18 10:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-18 12:13 - 2014-03-18 10:18 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xusb22.sys
2014-05-18 12:13 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-18 12:13 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-18 12:13 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-18 12:13 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-18 12:13 - 2014-03-17 05:01 - 00486912 ____N (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-18 12:13 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-18 12:13 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-18 12:13 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-18 12:13 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-18 12:13 - 2014-03-06 14:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-18 12:12 - 2014-05-18 12:12 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-17 18:31 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files (x86)\Crewlog
2014-05-17 18:31 - 2014-05-17 18:31 - 00001027 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crewlog.lnk
2014-05-17 18:31 - 2008-10-20 09:34 - 00521552 ____N (ComponentOne LLC) C:\WINDOWS\SysWOW64\VSRpt8.ocx
2014-05-17 18:31 - 2008-10-20 09:34 - 00451880 ____N (ComponentOne) C:\WINDOWS\SysWOW64\VSPrint8.ocx
2014-05-17 18:31 - 2008-10-20 09:34 - 00222504 ____N (ComponentOne) C:\WINDOWS\SysWOW64\VSVPort8.ocx
2014-05-17 18:31 - 2008-10-20 09:07 - 00623920 ____N (ComponentOne) C:\WINDOWS\SysWOW64\VSFlex8.ocx
2014-05-17 18:31 - 2008-01-16 13:55 - 00349504 _____ (ComponentOne LLC) C:\WINDOWS\SysWOW64\titime8.ocx
2014-05-17 18:31 - 2006-10-20 13:35 - 00064512 _____ () C:\WINDOWS\SysWOW64\shdocvw.oca
2014-05-17 18:31 - 2004-07-27 16:22 - 00856064 _____ (AppForge, Inc.) C:\WINDOWS\SysWOW64\afCore.dll
2014-05-17 18:31 - 2004-07-27 16:20 - 00081920 _____ (AppForge, Inc.) C:\WINDOWS\SysWOW64\pCOM.dll
2014-05-17 18:31 - 2003-09-12 20:19 - 00548864 _____ (ComponentOne LLC) C:\WINDOWS\SysWOW64\tibase8.dll
2014-05-17 18:31 - 2003-09-12 19:00 - 00131072 ____N (ComponentOne LLC) C:\WINDOWS\SysWOW64\tishare8.dll
2014-05-17 18:31 - 2002-07-31 17:36 - 00094208 ____N (ST-software) C:\WINDOWS\SysWOW64\STrainbowbar.ocx
2014-05-17 18:31 - 2001-04-07 16:24 - 00044544 ____N () C:\WINDOWS\SysWOW64\Gif89.dll
2014-05-17 18:31 - 2000-12-06 06:00 - 00262328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSDATGRD.OCX
2014-05-17 18:31 - 2000-12-06 06:00 - 00109248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswinsck.ocx
2014-05-17 18:31 - 2000-10-02 06:00 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB6DE.DLL
2014-05-17 18:31 - 2000-05-22 06:00 - 00647872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2014-05-17 18:31 - 2000-05-22 06:00 - 00232640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSDATLST.OCX
2014-05-17 18:31 - 2000-05-22 06:00 - 00140488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2014-05-17 18:31 - 2000-05-22 06:00 - 00118976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADODC.OCX
2014-05-17 18:31 - 2000-05-22 06:00 - 00115920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.ocx
2014-05-17 18:31 - 2000-05-11 06:00 - 00397312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRDO20.DLL
2014-05-17 18:31 - 2000-05-11 06:00 - 00077824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSBIND.DLL
2014-05-17 18:31 - 2000-03-14 06:00 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RDOCURS.DLL
2014-05-17 18:31 - 2000-03-14 06:00 - 00118784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2014-05-17 18:31 - 1998-11-25 22:25 - 00018944 _____ ( ) C:\WINDOWS\SysWOW64\implode.dll
2014-05-17 18:31 - 1998-10-30 06:02 - 00901120 _____ (Three |D| Graphics, Inc.) C:\WINDOWS\SysWOW64\sscsdk32.dll
2014-05-17 18:31 - 1998-07-06 06:00 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCMCDE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RDO20DE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCC2DE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CMDLGDE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DATLSDE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DATGDDE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ADODCDE.DLL
2014-05-17 18:31 - 1998-06-18 06:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2014-05-17 18:31 - 1998-05-29 02:49 - 00026624 ____N (Seagate Software, Inc.) C:\WINDOWS\SysWOW64\CDO32.dll
2014-05-17 18:29 - 2014-05-24 12:21 - 00007362 _____ () C:\WINDOWS\AutoKMS.log
2014-05-17 18:28 - 2014-05-17 18:28 - 00000346 _____ () C:\WINDOWS\PFRO.log
2014-05-17 18:28 - 2014-05-17 18:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 18:28 - 2014-05-17 18:28 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-17 13:56 - 2014-05-24 15:31 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\77B7FFD3-307F-4D31-B5D7-373B34EAF54F.aplzod
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files\iTunes
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-17 13:46 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 13:46 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-05-16 18:00 - 2014-05-16 18:42 - 126399323 _____ () C:\Users\hanla_000\Desktop\Squirting_Over_The_Bedsheets.avi
2014-05-15 20:04 - 2014-05-15 20:04 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-14 16:44 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 16:44 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 16:44 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 16:44 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 16:44 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 16:43 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 16:43 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 16:43 - 2014-05-06 05:00 - 00084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 16:43 - 2014-05-06 04:10 - 00069632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 16:43 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 16:43 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 16:43 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 16:43 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 16:43 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 16:43 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 16:43 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 16:43 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 16:43 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 16:43 - 2014-04-11 05:05 - 00123904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 16:43 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 16:43 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 16:43 - 2014-04-11 05:01 - 00137728 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 16:43 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 16:43 - 2014-04-11 04:59 - 00666624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 16:43 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 16:43 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 16:43 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 16:43 - 2014-04-11 04:53 - 00827392 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 16:43 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 16:43 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 16:43 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 16:43 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 16:43 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 16:43 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 16:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 16:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 16:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 16:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-09 18:00 - 2014-05-18 12:21 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-07 17:12 - 2014-05-07 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
2014-05-07 16:47 - 2014-05-07 16:47 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Microsoft Game Studios
2014-05-07 16:39 - 2014-05-07 16:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-02 11:23 - 2014-05-02 11:23 - 02724864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 11:23 - 2014-05-02 11:23 - 02724864 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-26 22:31 - 2014-04-26 22:32 - 00000000 ____D () C:\Users\hanla_000\Desktop\bun
2014-04-25 17:40 - 2014-04-25 17:40 - 00000000 _____ () C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTeK_P8Z77-V.alu
2014-04-25 17:13 - 2014-04-25 17:13 - 00003826 ____N () C:\WINDOWS\System32\Tasks\Security Center Update - 4185919329
2014-04-25 17:13 - 2014-04-25 17:13 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Kuqybobi
2014-04-25 15:36 - 2014-03-26 23:40 - 00601432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-04-25 15:34 - 2014-03-27 14:45 - 31270856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 25257416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 23785416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 17561544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 17467048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 15964736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 13158232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-04-25 15:34 - 2014-03-27 14:45 - 11644392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 11598560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 09734744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 09697128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 03139928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 02949976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 02785056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 02413344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433750.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 01539416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433750.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00894752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00891168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00864600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00859592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00836544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00166568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00146480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-04-25 15:34 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-04-25 15:34 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-04-25 15:29 - 2014-04-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-04-25 14:49 - 2014-04-25 14:49 - 00016896 _____ (ASUS) C:\WINDOWS\AsTaskSched.dll
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Users\hanla_000\Intel

==================== One Month Modified Files and Folders =======

2014-05-24 16:30 - 2014-05-24 16:30 - 00023227 _____ () C:\Users\hanla_000\Desktop\FRST.txt
2014-05-24 16:30 - 2014-05-24 16:30 - 00000000 ____D () C:\Users\hanla_000\Desktop\FRST-OlderVersion
2014-05-24 16:30 - 2014-05-24 16:29 - 02066432 _____ (Farbar) C:\Users\hanla_000\Desktop\FRST64.exe
2014-05-24 16:30 - 2014-05-23 20:19 - 00000000 ____D () C:\FRST
2014-05-24 16:29 - 2013-08-14 12:21 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan
2014-05-24 16:12 - 2013-04-27 11:02 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-24 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-24 15:31 - 2014-05-17 13:56 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\77B7FFD3-307F-4D31-B5D7-373B34EAF54F.aplzod
2014-05-24 14:35 - 2012-12-28 21:38 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\vlc
2014-05-24 12:41 - 2013-12-02 20:01 - 02042361 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-24 12:29 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-24 12:29 - 2013-09-30 05:58 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-24 12:29 - 2013-09-30 05:58 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-24 12:27 - 2012-12-28 22:21 - 00000000 _____ () C:\WINDOWS\Path.idx
2014-05-24 12:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-24 12:22 - 2012-12-28 22:16 - 01048576 _____ () C:\WINDOWS\PE_Rom.dll
2014-05-24 12:21 - 2014-05-17 18:29 - 00007362 _____ () C:\WINDOWS\AutoKMS.log
2014-05-24 12:21 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-24 12:21 - 2013-07-31 18:45 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat
2014-05-24 12:21 - 2013-01-02 00:03 - 00003494 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-05-24 01:32 - 2012-12-28 21:08 - 00003030 _____ () C:\WINDOWS\System32\Tasks\MSIAfterburner
2014-05-23 22:56 - 2013-12-02 20:23 - 00000000 ____D () C:\Users\hanla_000
2014-05-23 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-23 17:40 - 2014-05-23 17:40 - 00012288 _____ () C:\WINDOWS\system32\umstartup.etl
2014-05-23 16:06 - 2013-11-24 20:13 - 00000000 ____D () C:\WINDOWS\pss
2014-05-23 15:56 - 2012-12-28 17:56 - 00000000 ___RD () C:\Users\hanla_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autostart
2014-05-23 15:47 - 2013-09-30 06:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-23 15:47 - 2012-12-29 20:17 - 00000000 ____D () C:\ProgramData\pdf995
2014-05-23 15:47 - 2012-12-28 21:24 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Winamp
2014-05-23 15:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-05-23 15:00 - 2014-05-23 14:54 - 00003337 _____ () C:\ProgramData\RUNDLL32.EXE-5756-F.txt
2014-05-23 14:52 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-23 14:18 - 2012-12-28 18:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-719912548-1546492267-3311168217-1001
2014-05-21 23:11 - 2014-01-09 23:57 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-05-21 19:26 - 2012-12-28 22:21 - 00003039 _____ () C:\WINDOWS\MB.idx
2014-05-21 16:28 - 2012-12-30 15:13 - 00000000 ____D () C:\ProgramData\Origin
2014-05-21 16:27 - 2013-09-26 18:19 - 00000000 ____D () C:\Users\hanla_000\Desktop\ebay
2014-05-19 18:04 - 2014-05-18 12:46 - 00119296 ___SH () C:\Users\hanla_000\Desktop\Thumbs.db
2014-05-18 20:35 - 2012-12-30 02:27 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Apple Computer
2014-05-18 16:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-18 13:24 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 13:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-18 12:21 - 2014-05-09 18:00 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-18 12:21 - 2014-03-01 12:33 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-18 12:21 - 2013-12-23 19:05 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-18 12:21 - 2013-08-21 20:23 - 00000000 ____D () C:\Program Files (x86)\Samsung SSD Magician
2014-05-18 12:21 - 2013-05-24 12:57 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-05-18 12:21 - 2013-04-05 17:30 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-05-18 12:21 - 2012-12-30 01:41 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-05-18 12:21 - 2012-12-29 20:36 - 00000000 ____D () C:\Program Files (x86)\Movies2iPhone
2014-05-18 12:21 - 2012-12-29 20:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-18 12:20 - 2014-05-17 18:31 - 00000000 ____D () C:\Program Files (x86)\Crewlog
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\iTunes
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-18 12:20 - 2013-12-02 20:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-18 12:20 - 2013-09-30 06:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-05-18 12:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-05-18 12:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-05-18 12:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2014-05-18 12:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-05-18 12:20 - 2013-04-20 22:23 - 00000000 ____D () C:\Program Files\Recuva
2014-05-18 12:20 - 2013-01-02 00:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-05-18 12:20 - 2012-12-30 20:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-18 12:20 - 2012-12-30 02:15 - 00000000 ____D () C:\Program Files\Common Files\ACD Systems
2014-05-18 12:20 - 2012-12-29 20:31 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Wise Registry Cleaner
2014-05-18 12:20 - 2012-12-29 19:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-18 12:20 - 2012-12-28 22:13 - 00000000 ____D () C:\WINDOWS\System32\Tasks\ASUS
2014-05-18 12:20 - 2012-12-28 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia
2014-05-18 12:20 - 2012-12-28 21:04 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-18 12:20 - 2012-12-28 18:24 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-18 12:14 - 2013-08-22 16:44 - 00496880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-18 12:12 - 2014-05-18 12:12 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-17 18:31 - 2014-05-17 18:31 - 00001027 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crewlog.lnk
2014-05-17 18:28 - 2014-05-17 18:28 - 00000346 _____ () C:\WINDOWS\PFRO.log
2014-05-17 18:28 - 2014-05-17 18:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 18:28 - 2014-05-17 18:28 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-17 18:21 - 2012-12-28 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anwendungen
2014-05-17 13:56 - 2012-12-30 02:27 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Apple Computer
2014-05-17 13:46 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 13:46 - 2012-12-30 02:27 - 00000000 ____D () C:\ProgramData\Apple
2014-05-16 22:36 - 2012-12-28 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware
2014-05-16 18:42 - 2014-05-16 18:00 - 126399323 _____ () C:\Users\hanla_000\Desktop\Squirting_Over_The_Bedsheets.avi
2014-05-15 20:04 - 2014-05-15 20:04 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 20:04 - 2014-01-09 19:45 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-15 20:04 - 2014-01-09 19:45 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-15 20:04 - 2013-07-31 18:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-15 20:04 - 2013-07-31 18:43 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 17:03 - 2013-01-01 19:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 17:02 - 2013-07-19 14:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 17:01 - 2012-12-28 18:13 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 23:41 - 2014-01-16 17:19 - 00002457 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 20:13 - 2013-04-27 11:02 - 00003772 ____N () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-09 18:01 - 2014-03-03 21:46 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\mkvtoolnix
2014-05-07 17:12 - 2014-05-07 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
2014-05-07 17:12 - 2012-12-28 20:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-07 16:47 - 2014-05-07 16:47 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Microsoft Game Studios
2014-05-07 16:39 - 2014-05-07 16:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-06 06:40 - 2014-05-14 16:43 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 16:43 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 16:43 - 00084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 16:43 - 00069632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-02 17:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help
2014-05-02 11:23 - 2014-05-02 11:23 - 02724864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 11:23 - 2014-05-02 11:23 - 02724864 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 16:26 - 2012-12-28 19:26 - 00000145 _____ () C:\Users\hanla_000\Desktop\Passes.txt
2014-04-26 22:32 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\hanla_000\Desktop\bun
2014-04-25 17:40 - 2014-04-25 17:40 - 00000000 _____ () C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTeK_P8Z77-V.alu
2014-04-25 17:13 - 2014-04-25 17:13 - 00003826 ____N () C:\WINDOWS\System32\Tasks\Security Center Update - 4185919329
2014-04-25 17:13 - 2014-04-25 17:13 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Kuqybobi
2014-04-25 15:36 - 2013-12-02 20:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-25 15:36 - 2013-12-02 20:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-25 15:29 - 2014-04-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-04-25 15:09 - 2013-01-16 12:45 - 04700560 _____ () C:\WINDOWS\PE_File.dll
2014-04-25 14:50 - 2012-12-28 21:44 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-04-25 14:49 - 2014-04-25 14:49 - 00016896 _____ (ASUS) C:\WINDOWS\AsTaskSched.dll
2014-04-25 14:46 - 2012-12-28 21:46 - 00000000 ____D () C:\ProgramData\Intel
2014-04-25 14:46 - 2012-12-28 21:46 - 00000000 ____D () C:\Program Files\Intel
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Users\hanla_000\Intel
2014-04-24 14:47 - 2014-02-26 17:48 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Ajdvworks

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-18 12:13] - [2014-03-28 17:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-18 12:13] - [2014-03-06 14:42] - 0310616 ___AC (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663



LastRegBack: 2014-05-24 12:31

==================== End Of Log ============================
         
--- --- ---


Alt 24.05.2014, 16:37   #6
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Und hier aus der Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2014 1
Ran by Hanling at 2014-05-24 16:30:37
Running from C:\Users\hanla_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

ACDSee Pro 7 (64-bit) (HKLM\...\{D2A6EC54-CB46-49E4-A6FC-A9179F9D9D12}) (Version: 7.0.138 - ACD Systems International Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Assassins Creed IV Black Flag Digital Deluxe Edition MULTI-5 1.01 (HKLM-x32\...\Assassins Creed IV Black Flag Digital Deluxe Edition MULTI-5 1.01) (Version:  - )
Assassins Creed IV Black Flag Update v1.04 Plus Schrei nach Freiheit DLC MULTI-5 1.04 (HKLM-x32\...\Assassins Creed IV Black Flag Update v1.04 Plus Schrei nach Freiheit DLC MULTI-5 1.04) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.15.0.682 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Crewlog Version 4.3.0 (HKLM-x32\...\{C5ECC549-07F0-4584-9A5C-4B23BC73CAC4}_is1) (Version:  - Mikelsoft.com)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DDBAC (HKLM-x32\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.6.13644 - Blizzard Entertainment)
die Ablage für Ihre Dienstpläne (HKLM-x32\...\Dienstplanablage_is1) (Version:  - Mikelsoft.com)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
HP ENVY 110 series - Grundlegende Software für das Gerät (HKLM\...\{8CA09F9B-A122-4F50-9A6F-7909106019F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ENVY 110 series Hilfe (HKLM-x32\...\{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Network Connections 17.2.153.0 (HKLM\...\PROSetDX) (Version: 17.2.153.0 - Intel)
Intel(R) Network Connections 17.2.153.0 (Version: 17.2.153.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
Just Flight - 757 Jetliner Freemium (HKLM-x32\...\{B0F7B3B5-E856-4558-BD7C-BDA32943C783}) (Version: 1.00.000 - Just Flight)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
MagicRotation Auto (HKLM-x32\...\{31DBA23B-55DA-48F5-B5B4-A031B722F648}) (Version: 4.14 - Samsung Electronics Co., Ltd.)
Metro Last Light (HKLM-x32\...\Metro Last Light_is1) (Version: 2.0.0.0 - )
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.7 - 3r1c)
MKVToolNix 6.9.1 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)
Movies2iPhone 2.18 for Windows (HKLM-x32\...\Movies2iPhone) (Version: 2.18 for Windows - OKprods Ltd)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero Burning ROM (x32 Version: 12.0.28001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurningROM 12 (HKLM-x32\...\{C0CA68BF-2963-4139-8207-1E83038F86F8}) (Version: 12.0.00800 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.18900 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller-Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.50 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.50 (Version: 337.50 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
PDF Editor 2 (HKLM-x32\...\PDF Editor 2) (Version:  - )
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version:  - )
PhoneClean 3.3.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 3.3.0 - iMobie Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.72.0 - PS3 Media Server)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROCCAT Kone[+] Mouse Driver (HKLM-x32\...\{B99CB207-4704-4C51-9309-0FA90AA26DD4}) (Version:  - Roccat GmbH)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shadowrun Returns (HKLM-x32\...\Shadowrun Returns_is1) (Version:  - Harebrained Holdings)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.41 - Stardock Software, Inc.)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.3.24 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{6C9BC997-B9E5-482B-99EC-F02C8FDD91A8}) (Version: 9.0 - Star Finanz GmbH)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VEGA Fokker 100 Workstation (HKLM-x32\...\VEGA Fokker 100 Workstation) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{9A265E7E-5602-44DB-8B4D-A25C58D02489}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{0CADB637-714E-4F47-83C7-F11FEFC930D6}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Restore Points  =========================

21-05-2014 15:24:39 Geplanter Prüfpunkt
23-05-2014 13:39:38 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0AB80C7F-2822-4143-BAED-5BA12D1FEACC} - System32\Tasks\Western Digital\SmartWare\____Volume_82b9e55c_a800_4439_8808_6092b802c9c7______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10A29629-EEA6-474B-8F01-FB98CF20DF80} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-14] ()
Task: {19D0010E-DB67-4CE9-971A-EE24FBAB91A9} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {477B9808-2E2A-4049-9681-7152A6182945} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A48F181-FE5D-4A64-8D6C-41C79CDA7EC5} - System32\Tasks\Western Digital\SmartWare\____Volume_6faabf9c_dac2_4787_a568_19cb6f816751______Volume_37fc0d47_f956_11e2_bfc7_000c55ff7c4a__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {52FE369D-89BD-4431-BF2E-873D17BCE39A} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {5F16F6DC-920F-4341-97E1-B326173BE101} - System32\Tasks\Security Center Update - 4185919329 => C:\Users\hanla_000\AppData\Roaming\Kuqybobi\yndymyu.exe <==== ATTENTION
Task: {61A43431-B88D-4177-A528-D6F691A8CB17} - System32\Tasks\Western Digital\SmartWare\____Volume_82b9e55c_a800_4439_8808_6092b802c9c7______Volume_37fc0d47_f956_11e2_bfc7_000c55ff7c4a__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {64C3E37E-B2BA-424E-B4BD-68D5514D05CC} - System32\Tasks\Western Digital\SmartWare\____Volume_99bbf52b_63df_428e_bdc1_214927ffcfa0______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75DF9584-8173-466F-8819-8AE63685DE04} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe [2013-01-28] ()
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A5626C2-B9CD-490E-B082-5105807D7355} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: {8082747B-2C2A-4C96-81FC-227F61927D81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {8302BD30-6BAA-40B9-8641-2CA0C296945E} - System32\Tasks\Western Digital\SmartWare\____Volume_f3f70d0d_9bf9_48fd_a6e5_2ae0ac805a3c______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87CD3EC9-41A4-4D56-8246-59C33370432B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E1ABC29-11EA-43DD-A775-B5FEA70F4DA1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9089F83C-6C01-49ED-A829-4CAC472D57CD} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A202D91F-2991-4247-8849-F09EFA536A63} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2013-06-19] (Bitdefender)
Task: {A86A7A10-D8B1-4A9D-92B4-3095CA6384CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A8AC44C7-06F2-4CAC-B4ED-C464D97B9C84} - System32\Tasks\Western Digital\SmartWare\____Volume_18bfbc07_16f0_492e_a045_94e654284a0e______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {B560C040-AFA6-4B41-A183-196EF5873D04} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {B94F3A4D-AB97-4FD7-84CB-6DC6F0ABB719} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BB2D35A0-EC15-41F9-A0F6-80223C659C7D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C5E3CF1E-CFB0-482F-8873-CE842A54081A} - System32\Tasks\Western Digital\SmartWare\____Volume_6faabf9c_dac2_4787_a568_19cb6f816751______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E686F081-B5E2-4B21-8481-EA0D7D889928} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA80EDE2-3138-4C0D-83C7-768B8EEF2677} - System32\Tasks\Western Digital\SmartWare\____Volume_dfbc422e_5105_11e2_be65_806e6f6e6963______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {EBB9B7C9-5651-4552-91EC-11323D6327BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F00E1406-BD2E-4626-B847-CB7D81D1A571} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {F1E1EB65-7882-47E4-A305-17AA11073BC7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {FE4052B4-80D3-4F4D-96EB-AF69872C940D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 12:21 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-08-14 12:21 - 2013-08-05 19:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2013-08-14 12:21 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2013-08-14 12:21 - 2013-08-05 19:08 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-03-25 17:00 - 2014-03-25 17:00 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_016\ashttpbr.mdl
2014-03-25 17:00 - 2014-03-25 17:00 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_016\ashttpdsp.mdl
2014-03-25 17:00 - 2014-03-25 17:00 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_016\ashttpph.mdl
2014-03-25 17:00 - 2014-03-25 17:00 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_016\ashttprbl.mdl
2013-12-02 20:01 - 2014-03-27 04:11 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-29 20:17 - 2013-01-07 11:13 - 00040448 _____ () C:\WINDOWS\System32\pdf995mon64.dll
2012-12-30 20:13 - 2013-12-21 21:18 - 00076888 ____N () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-01-23 08:12 - 2013-01-23 08:12 - 00425016 ____N () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-04-25 15:42 - 2013-01-14 16:37 - 01406776 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-12-28 22:13 - 2012-06-01 18:42 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-11-04 19:42 - 2012-11-04 19:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-06 14:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-06 14:08 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-06 14:08 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-06 14:08 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-06 14:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2011-04-30 21:04 - 2011-04-30 21:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2014-04-25 15:42 - 2013-01-14 17:16 - 05771136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2014-04-25 15:42 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2014-02-05 23:55 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2012-12-28 22:13 - 2014-05-24 12:21 - 00030720 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-12-28 22:13 - 2010-06-29 11:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2012-12-28 22:15 - 2012-05-17 19:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2012-12-28 22:15 - 2012-07-05 13:05 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-08-14 12:21 - 2014-03-31 16:13 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-21 20:23 - 2013-11-28 13:14 - 00013824 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
2013-12-09 17:46 - 2013-11-28 19:59 - 00098816 _____ () C:\Program Files (x86)\Samsung SSD Magician\PAL.dll
2013-12-09 17:46 - 2013-11-28 19:59 - 00034304 _____ () C:\Program Files (x86)\Samsung SSD Magician\SATA.dll
2013-12-09 17:46 - 2013-11-28 19:59 - 00032768 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAT.dll
2013-12-09 17:46 - 2013-11-28 20:00 - 00031232 _____ () C:\Program Files (x86)\Samsung SSD Magician\SMINI.dll
2013-12-09 17:46 - 2013-11-28 19:59 - 00029696 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAS.dll
2012-12-28 22:13 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2012-12-28 22:13 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2012-12-28 22:13 - 2011-09-26 20:36 - 00869376 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2012-12-28 22:13 - 2012-10-08 17:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-04-25 15:42 - 2013-01-15 15:30 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2012-12-28 22:14 - 2012-06-19 13:56 - 01305600 ____N () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2012-12-28 22:14 - 2012-07-25 10:56 - 01124864 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2012-12-28 22:14 - 2012-07-20 10:39 - 01047040 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2012-12-28 22:13 - 2013-04-15 14:19 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2012-12-28 22:13 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2012-12-28 22:13 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2012-12-28 22:13 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2012-12-28 22:13 - 2012-08-29 18:09 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-12-28 22:13 - 2010-08-23 11:17 - 00662016 ____N () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2012-12-28 22:13 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2012-12-28 22:15 - 2012-01-19 10:39 - 00028672 ____N () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2012-12-28 22:15 - 2010-09-23 12:51 - 00114688 ____N () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
2012-12-28 22:15 - 2010-02-25 15:01 - 00139264 ____N () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll
2013-11-27 18:41 - 2010-06-22 14:50 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
2012-12-28 22:13 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2012-12-28 21:46 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\hanla_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\hanla_000\Desktop\TonidoLiteSetup.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer9 => 2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2014 04:21:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:21:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 27300iyad.ImmoToTouch_c5z5adpz9ee9p5

Error: (05/24/2014 04:06:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215e1f6
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 6.3.9600.17093, Zeitstempel: 0x53475c9a
Ausnahmecode: 0xc000027b
Fehleroffset: 0x00000000000547ac
ID des fehlerhaften Prozesses: 0x8a8
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (05/24/2014 03:51:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 03:51:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5


System errors:
=============
Error: (05/24/2014 01:09:51 PM) (Source: DCOM) (EventID: 10010) (User: Hanling-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2014 01:09:21 PM) (Source: DCOM) (EventID: 10010) (User: Hanling-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/24/2014 00:58:39 PM) (Source: DCOM) (EventID: 10010) (User: Hanling-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2014 00:58:09 PM) (Source: DCOM) (EventID: 10010) (User: Hanling-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/24/2014 00:32:30 PM) (Source: DCOM) (EventID: 10010) (User: Hanling-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2014 00:32:00 PM) (Source: DCOM) (EventID: 10010) (User: Hanling-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/24/2014 00:21:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎05.‎2014 um 01:31:39 unerwartet heruntergefahren.

Error: (05/24/2014 00:21:14 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841263008

Error: (05/23/2014 10:15:30 PM) (Source: DCOM) (EventID: 10010) (User: Hanling-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/23/2014 10:15:00 PM) (Source: DCOM) (EventID: 10010) (User: Hanling-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (05/24/2014 04:21:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:21:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 04:06:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 27300iyad.ImmoToTouch_c5z5adpz9ee9p5

Error: (05/24/2014 04:06:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1709353475c9ac000027b00000000000547ac8a801cf775959daf91fC:\WINDOWS\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll9792ba7e-e34c-11e3-81c8-000c55ff7c4a27300iyad.ImmoToTouch_2.1.0.0_x64__c5z5adpz9ee9pApp

Error: (05/24/2014 03:51:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 03:51:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5


CodeIntegrity Errors:
===================================
  Date: 2013-02-01 09:30:16.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 23:33:35.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 22:28:54.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 22:20:10.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 21:24:21.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 19:43:51.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 19:26:13.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 19:19:45.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-30 23:56:40.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-30 23:48:03.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 16329.48 MB
Available physical RAM: 13234.93 MB
Total Pagefile: 18761.48 MB
Available Pagefile: 14457.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:237.91 GB) (Free:38.07 GB) NTFS
Drive d: (Dateien) (Fixed) (Total:1024 GB) (Free:104.04 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:400 GB) (Free:58.02 GB) NTFS
Drive f: (Dateien (1,33TB)) (Fixed) (Total:1370.39 GB) (Free:85.7 GB) NTFS
Drive g: (Dateien (1,81TB)) (Fixed) (Total:1863.01 GB) (Free:20.87 GB) NTFS
Drive h: (Dateien (2,72TB)) (Fixed) (Total:2794.39 GB) (Free:110.17 GB) NTFS
Drive k: (8GB STICK) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
Drive p: (My Book 4TB) (Fixed) (Total:3725.99 GB) (Free:1100.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 0B36A66C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BD1BFA18)
Partition 2: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 4820A7E8)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 2795 GB) (Disk ID: B08D6C99)

Partition: GPT Partition Type.

========================================================
Disk: 4 (Size: 7 GB) (Disk ID: 67ADC4EE)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 9.

==================== End Of Log ============================
         

Alt 24.05.2014, 17:07   #7
M-K-D-B
/// TB-Ausbilder
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 24.05.2014, 17:41   #8
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



So, hier die gewünschten Logs:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 24/05/2014 um 17:24:14
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro with Media Center  (64 bits)
# Benutzername : Hanling - HANLING-PC
# Gestartet von : C:\Users\hanla_000\Desktop\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\hanla_000\AppData\Roaming\software4u

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\InstallCore

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17037


*************************

AdwCleaner[R0].txt - [941 octets] - [24/05/2014 17:23:56]
AdwCleaner[S0].txt - [809 octets] - [24/05/2014 17:24:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [868 octets] ##########
         
--- --- ---



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Hanling on 24.05.2014 at 17:28:55,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Users\hanla_000\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2014 at 17:31:01,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.05.2014
Suchlauf-Zeit: 17:32:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.24.04
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hanling

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 308572
Verstrichene Zeit: 3 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
Riskware.BitcoinMiner, C:\Users\hanla_000\AppData\Local\Temp\msupdate71\msupdate.7z, In Quarantäne, [112376df7dfe5adc3208f74ba75a58a8], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2014 1
Ran by Hanling (administrator) on HANLING-PC on 24-05-2014 17:39:23
Running from C:\Users\hanla_000\Desktop
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-31] (Bitdefender)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ACPW07DE] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [MagicRotation] => C:\Program Files\MagicRotation Auto\MagicRotation Auto.exe [954880 2012-09-20] (Samsung Electronics, Inc.)
HKLM-x32\...\Run: [MagicRotation Auto] => C:\Program Files\MagicRotation Auto\MagicRotation Auto.exe [954880 2012-09-20] (Samsung Electronics, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [RoccatKone+] => C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [557056 2013-09-13] (ROCCAT GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-31] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-31] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-31] (Bitdefender)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-31] (Bitdefender)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-31] (Bitdefender)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [HP ENVY 110 series (NET)] => C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-719912548-1546492267-3311168217-1001\...\MountPoints2: {4d8ed5b2-b7e0-11e2-bf55-000c55ff7c4a} - "R:\LaunchU3.exe" -a
Startup: C:\Users\hanla_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autostart\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender-Geldbörse - {09F58E74-42B4-4D70-BA26-35FC954E7A17} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-01-02]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-14]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-27] (Bitdefender)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-22] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-31] (Bitdefender)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-02-03] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-02-03] (BitDefender)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-10-02] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-10-02] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-10-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-27] (BitDefender SRL)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-23] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-02] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R1 MagicRotation; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-02] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-02] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-24 17:39 - 2014-05-24 17:39 - 00023067 _____ () C:\Users\hanla_000\Desktop\FRST.txt
2014-05-24 17:39 - 2014-05-24 17:39 - 00001254 _____ () C:\Users\hanla_000\Desktop\mbam.txt
2014-05-24 17:31 - 2014-05-24 17:38 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 17:31 - 2014-05-24 17:31 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-24 17:31 - 2014-05-24 17:31 - 00000976 _____ () C:\Users\hanla_000\Desktop\JRT.txt
2014-05-24 17:31 - 2014-05-24 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-24 17:31 - 2014-05-24 17:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 17:31 - 2014-05-24 17:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-24 17:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-24 17:31 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-24 17:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-24 17:28 - 2014-05-24 17:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-24 17:24 - 2014-05-24 17:24 - 00000947 _____ () C:\Users\hanla_000\Desktop\AdwCleaner[S0].txt
2014-05-24 17:23 - 2014-05-24 17:28 - 00000000 ____D () C:\AdwCleaner
2014-05-24 17:22 - 2014-05-24 17:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\hanla_000\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-24 17:22 - 2014-05-24 17:22 - 01016261 _____ (Thisisu) C:\Users\hanla_000\Desktop\JRT.exe
2014-05-24 17:20 - 2014-05-24 17:20 - 01326389 _____ () C:\Users\hanla_000\Desktop\adwcleaner_3.210.exe
2014-05-24 16:30 - 2014-05-24 16:30 - 00000000 ____D () C:\Users\hanla_000\Desktop\FRST-OlderVersion
2014-05-24 16:29 - 2014-05-24 16:30 - 02066432 _____ (Farbar) C:\Users\hanla_000\Desktop\FRST64.exe
2014-05-23 20:19 - 2014-05-24 17:39 - 00000000 ____D () C:\FRST
2014-05-23 17:40 - 2014-05-23 17:40 - 00012288 _____ () C:\WINDOWS\system32\umstartup.etl
2014-05-23 14:54 - 2014-05-23 15:00 - 00003337 _____ () C:\ProgramData\RUNDLL32.EXE-5756-F.txt
2014-05-18 12:46 - 2014-05-19 18:04 - 00119296 ___SH () C:\Users\hanla_000\Desktop\Thumbs.db
2014-05-18 12:13 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-18 12:13 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-18 12:13 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-18 12:13 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-18 12:13 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-18 12:13 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-18 12:13 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-18 12:13 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-18 12:13 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-18 12:13 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-18 12:13 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-18 12:13 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-18 12:13 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-18 12:13 - 2014-04-11 08:13 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-05-18 12:13 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-18 12:13 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-18 12:13 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-18 12:13 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-18 12:13 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-18 12:13 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-18 12:13 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-18 12:13 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-18 12:13 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-18 12:13 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-18 12:13 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-18 12:13 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-18 12:13 - 2014-04-06 18:31 - 21268952 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-18 12:13 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-18 12:13 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-18 12:13 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 01401224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-18 12:13 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-18 12:13 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-18 12:13 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-18 12:13 - 2014-04-06 17:22 - 18755672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-18 12:13 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-18 12:13 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-18 12:13 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-18 12:13 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-18 12:13 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-18 12:13 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-18 12:13 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-18 12:13 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-18 12:13 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-18 12:13 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-18 12:13 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-18 12:13 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-18 12:13 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-18 12:13 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-18 12:13 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-18 12:13 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-18 12:13 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-18 12:13 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-18 12:13 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-18 12:13 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-18 12:13 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-18 12:13 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-18 12:13 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-18 12:13 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-18 12:13 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-18 12:13 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-18 12:13 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-18 12:13 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-05-18 12:13 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-18 12:13 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-18 12:13 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-18 12:13 - 2014-04-03 04:22 - 03359744 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-18 12:13 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-18 12:13 - 2014-04-01 08:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-18 12:13 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-18 12:13 - 2014-03-31 07:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-18 12:13 - 2014-03-31 07:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-18 12:13 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-18 12:13 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-05-18 12:13 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-05-18 12:13 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-18 12:13 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-18 12:13 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-18 12:13 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-18 12:13 - 2014-03-30 23:47 - 00872448 ____N (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-18 12:13 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-18 12:13 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-18 12:13 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-18 12:13 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-18 12:13 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-18 12:13 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-18 12:13 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-18 12:13 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-18 12:13 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-18 12:13 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-18 12:13 - 2014-03-21 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2014-05-18 12:13 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-18 12:13 - 2014-03-20 02:51 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-05-18 12:13 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-18 12:13 - 2014-03-20 01:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2014-05-18 12:13 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-18 12:13 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-18 12:13 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-18 12:13 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-18 12:13 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-18 12:13 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-18 12:13 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-18 12:13 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-18 12:13 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-18 12:13 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-18 12:13 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-18 12:13 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-18 12:13 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-18 12:13 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-18 12:13 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-18 12:13 - 2014-03-18 10:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-18 12:13 - 2014-03-18 10:18 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xusb22.sys
2014-05-18 12:13 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-18 12:13 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-18 12:13 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-18 12:13 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-18 12:13 - 2014-03-17 05:01 - 00486912 ____N (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-18 12:13 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-18 12:13 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-18 12:13 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-18 12:13 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-18 12:13 - 2014-03-06 14:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-18 12:12 - 2014-05-18 12:12 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-17 18:31 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files (x86)\Crewlog
2014-05-17 18:31 - 2014-05-17 18:31 - 00001027 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crewlog.lnk
2014-05-17 18:31 - 2008-10-20 09:34 - 00521552 ____N (ComponentOne LLC) C:\WINDOWS\SysWOW64\VSRpt8.ocx
2014-05-17 18:31 - 2008-10-20 09:34 - 00451880 ____N (ComponentOne) C:\WINDOWS\SysWOW64\VSPrint8.ocx
2014-05-17 18:31 - 2008-10-20 09:34 - 00222504 ____N (ComponentOne) C:\WINDOWS\SysWOW64\VSVPort8.ocx
2014-05-17 18:31 - 2008-10-20 09:07 - 00623920 ____N (ComponentOne) C:\WINDOWS\SysWOW64\VSFlex8.ocx
2014-05-17 18:31 - 2008-01-16 13:55 - 00349504 _____ (ComponentOne LLC) C:\WINDOWS\SysWOW64\titime8.ocx
2014-05-17 18:31 - 2006-10-20 13:35 - 00064512 _____ () C:\WINDOWS\SysWOW64\shdocvw.oca
2014-05-17 18:31 - 2004-07-27 16:22 - 00856064 _____ (AppForge, Inc.) C:\WINDOWS\SysWOW64\afCore.dll
2014-05-17 18:31 - 2004-07-27 16:20 - 00081920 _____ (AppForge, Inc.) C:\WINDOWS\SysWOW64\pCOM.dll
2014-05-17 18:31 - 2003-09-12 20:19 - 00548864 _____ (ComponentOne LLC) C:\WINDOWS\SysWOW64\tibase8.dll
2014-05-17 18:31 - 2003-09-12 19:00 - 00131072 ____N (ComponentOne LLC) C:\WINDOWS\SysWOW64\tishare8.dll
2014-05-17 18:31 - 2002-07-31 17:36 - 00094208 ____N (ST-software) C:\WINDOWS\SysWOW64\STrainbowbar.ocx
2014-05-17 18:31 - 2001-04-07 16:24 - 00044544 ____N () C:\WINDOWS\SysWOW64\Gif89.dll
2014-05-17 18:31 - 2000-12-06 06:00 - 00262328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSDATGRD.OCX
2014-05-17 18:31 - 2000-12-06 06:00 - 00109248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswinsck.ocx
2014-05-17 18:31 - 2000-10-02 06:00 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB6DE.DLL
2014-05-17 18:31 - 2000-05-22 06:00 - 00647872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2014-05-17 18:31 - 2000-05-22 06:00 - 00232640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSDATLST.OCX
2014-05-17 18:31 - 2000-05-22 06:00 - 00140488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2014-05-17 18:31 - 2000-05-22 06:00 - 00118976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADODC.OCX
2014-05-17 18:31 - 2000-05-22 06:00 - 00115920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.ocx
2014-05-17 18:31 - 2000-05-11 06:00 - 00397312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRDO20.DLL
2014-05-17 18:31 - 2000-05-11 06:00 - 00077824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSBIND.DLL
2014-05-17 18:31 - 2000-03-14 06:00 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RDOCURS.DLL
2014-05-17 18:31 - 2000-03-14 06:00 - 00118784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2014-05-17 18:31 - 1998-11-25 22:25 - 00018944 _____ ( ) C:\WINDOWS\SysWOW64\implode.dll
2014-05-17 18:31 - 1998-10-30 06:02 - 00901120 _____ (Three |D| Graphics, Inc.) C:\WINDOWS\SysWOW64\sscsdk32.dll
2014-05-17 18:31 - 1998-07-06 06:00 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCMCDE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RDO20DE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCC2DE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CMDLGDE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DATLSDE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DATGDDE.DLL
2014-05-17 18:31 - 1998-07-06 06:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ADODCDE.DLL
2014-05-17 18:31 - 1998-06-18 06:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2014-05-17 18:31 - 1998-05-29 02:49 - 00026624 ____N (Seagate Software, Inc.) C:\WINDOWS\SysWOW64\CDO32.dll
2014-05-17 18:29 - 2014-05-24 17:38 - 00008180 _____ () C:\WINDOWS\AutoKMS.log
2014-05-17 18:28 - 2014-05-24 17:26 - 00000660 _____ () C:\WINDOWS\PFRO.log
2014-05-17 18:28 - 2014-05-17 18:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 18:28 - 2014-05-17 18:28 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-17 13:56 - 2014-05-24 15:31 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\77B7FFD3-307F-4D31-B5D7-373B34EAF54F.aplzod
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files\iTunes
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-17 13:46 - 2014-05-18 12:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-17 13:46 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 13:46 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-05-16 18:00 - 2014-05-16 18:42 - 126399323 _____ () C:\Users\hanla_000\Desktop\Squirting_Over_The_Bedsheets.avi
2014-05-15 20:04 - 2014-05-15 20:04 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-14 16:44 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 16:44 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 16:44 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 16:44 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 16:44 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 16:43 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 16:43 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 16:43 - 2014-05-06 05:00 - 00084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 16:43 - 2014-05-06 04:10 - 00069632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 16:43 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 16:43 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 16:43 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 16:43 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 16:43 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 16:43 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 16:43 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 16:43 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 16:43 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 16:43 - 2014-04-11 05:05 - 00123904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 16:43 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 16:43 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 16:43 - 2014-04-11 05:01 - 00137728 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 16:43 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 16:43 - 2014-04-11 04:59 - 00666624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 16:43 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 16:43 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 16:43 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 16:43 - 2014-04-11 04:53 - 00827392 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 16:43 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 16:43 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 16:43 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 16:43 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 16:43 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 16:43 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 16:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 16:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 16:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 16:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-09 18:00 - 2014-05-18 12:21 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-07 17:12 - 2014-05-07 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
2014-05-07 16:47 - 2014-05-07 16:47 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Microsoft Game Studios
2014-05-07 16:39 - 2014-05-07 16:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-02 11:23 - 2014-05-02 11:23 - 02724864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 11:23 - 2014-05-02 11:23 - 02724864 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-26 22:31 - 2014-04-26 22:32 - 00000000 ____D () C:\Users\hanla_000\Desktop\bun
2014-04-25 17:40 - 2014-04-25 17:40 - 00000000 _____ () C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTeK_P8Z77-V.alu
2014-04-25 17:13 - 2014-04-25 17:13 - 00003826 ____N () C:\WINDOWS\System32\Tasks\Security Center Update - 4185919329
2014-04-25 17:13 - 2014-04-25 17:13 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Kuqybobi
2014-04-25 15:36 - 2014-03-26 23:40 - 00601432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-04-25 15:34 - 2014-03-27 14:45 - 31270856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 25257416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 23785416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 17561544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 17467048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 15964736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 13158232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-04-25 15:34 - 2014-03-27 14:45 - 11644392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 11598560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 09734744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 09697128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 03139928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 02949976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 02785056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 02413344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433750.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 01539416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433750.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00894752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00891168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00864600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00859592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00836544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00166568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-04-25 15:34 - 2014-03-27 14:45 - 00146480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-04-25 15:34 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-04-25 15:34 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-04-25 15:29 - 2014-04-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-04-25 14:49 - 2014-04-25 14:49 - 00016896 _____ (ASUS) C:\WINDOWS\AsTaskSched.dll
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Users\hanla_000\Intel

==================== One Month Modified Files and Folders =======

2014-05-24 17:39 - 2014-05-24 17:39 - 00023067 _____ () C:\Users\hanla_000\Desktop\FRST.txt
2014-05-24 17:39 - 2014-05-24 17:39 - 00001254 _____ () C:\Users\hanla_000\Desktop\mbam.txt
2014-05-24 17:39 - 2014-05-23 20:19 - 00000000 ____D () C:\FRST
2014-05-24 17:38 - 2014-05-24 17:31 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 17:38 - 2014-05-17 18:29 - 00008180 _____ () C:\WINDOWS\AutoKMS.log
2014-05-24 17:38 - 2013-12-02 20:01 - 02079341 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-24 17:38 - 2013-07-31 18:45 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat
2014-05-24 17:38 - 2013-01-02 00:03 - 00003494 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-05-24 17:38 - 2012-12-28 22:16 - 01048576 _____ () C:\WINDOWS\PE_Rom.dll
2014-05-24 17:37 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-24 17:37 - 2012-12-28 21:08 - 00003030 _____ () C:\WINDOWS\System32\Tasks\MSIAfterburner
2014-05-24 17:33 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-24 17:33 - 2013-09-30 05:58 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-24 17:33 - 2013-09-30 05:58 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-24 17:32 - 2012-12-28 22:21 - 00000000 _____ () C:\WINDOWS\Path.idx
2014-05-24 17:31 - 2014-05-24 17:31 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-24 17:31 - 2014-05-24 17:31 - 00000976 _____ () C:\Users\hanla_000\Desktop\JRT.txt
2014-05-24 17:31 - 2014-05-24 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-24 17:31 - 2014-05-24 17:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 17:31 - 2014-05-24 17:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-24 17:28 - 2014-05-24 17:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-24 17:28 - 2014-05-24 17:23 - 00000000 ____D () C:\AdwCleaner
2014-05-24 17:28 - 2013-08-14 12:21 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan
2014-05-24 17:26 - 2014-05-17 18:28 - 00000660 _____ () C:\WINDOWS\PFRO.log
2014-05-24 17:24 - 2014-05-24 17:24 - 00000947 _____ () C:\Users\hanla_000\Desktop\AdwCleaner[S0].txt
2014-05-24 17:23 - 2012-12-28 21:38 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\vlc
2014-05-24 17:22 - 2014-05-24 17:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\hanla_000\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-24 17:22 - 2014-05-24 17:22 - 01016261 _____ (Thisisu) C:\Users\hanla_000\Desktop\JRT.exe
2014-05-24 17:20 - 2014-05-24 17:20 - 01326389 _____ () C:\Users\hanla_000\Desktop\adwcleaner_3.210.exe
2014-05-24 17:12 - 2013-04-27 11:02 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-24 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-24 16:30 - 2014-05-24 16:30 - 00000000 ____D () C:\Users\hanla_000\Desktop\FRST-OlderVersion
2014-05-24 16:30 - 2014-05-24 16:29 - 02066432 _____ (Farbar) C:\Users\hanla_000\Desktop\FRST64.exe
2014-05-24 15:31 - 2014-05-17 13:56 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\77B7FFD3-307F-4D31-B5D7-373B34EAF54F.aplzod
2014-05-24 12:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-23 22:56 - 2013-12-02 20:23 - 00000000 ____D () C:\Users\hanla_000
2014-05-23 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-23 17:40 - 2014-05-23 17:40 - 00012288 _____ () C:\WINDOWS\system32\umstartup.etl
2014-05-23 16:06 - 2013-11-24 20:13 - 00000000 ____D () C:\WINDOWS\pss
2014-05-23 15:56 - 2012-12-28 17:56 - 00000000 ___RD () C:\Users\hanla_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autostart
2014-05-23 15:47 - 2013-09-30 06:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-23 15:47 - 2012-12-29 20:17 - 00000000 ____D () C:\ProgramData\pdf995
2014-05-23 15:47 - 2012-12-28 21:24 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Winamp
2014-05-23 15:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-05-23 15:00 - 2014-05-23 14:54 - 00003337 _____ () C:\ProgramData\RUNDLL32.EXE-5756-F.txt
2014-05-23 14:52 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-23 14:18 - 2012-12-28 18:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-719912548-1546492267-3311168217-1001
2014-05-21 23:11 - 2014-01-09 23:57 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-05-21 19:26 - 2012-12-28 22:21 - 00003039 _____ () C:\WINDOWS\MB.idx
2014-05-21 16:28 - 2012-12-30 15:13 - 00000000 ____D () C:\ProgramData\Origin
2014-05-21 16:27 - 2013-09-26 18:19 - 00000000 ____D () C:\Users\hanla_000\Desktop\ebay
2014-05-19 18:04 - 2014-05-18 12:46 - 00119296 ___SH () C:\Users\hanla_000\Desktop\Thumbs.db
2014-05-18 20:35 - 2012-12-30 02:27 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Apple Computer
2014-05-18 16:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-18 13:24 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 13:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-18 12:21 - 2014-05-09 18:00 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-18 12:21 - 2014-03-01 12:33 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-18 12:21 - 2013-12-23 19:05 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-18 12:21 - 2013-08-21 20:23 - 00000000 ____D () C:\Program Files (x86)\Samsung SSD Magician
2014-05-18 12:21 - 2013-05-24 12:57 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-05-18 12:21 - 2013-04-05 17:30 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-05-18 12:21 - 2012-12-30 01:41 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-05-18 12:21 - 2012-12-29 20:36 - 00000000 ____D () C:\Program Files (x86)\Movies2iPhone
2014-05-18 12:21 - 2012-12-29 20:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-18 12:20 - 2014-05-17 18:31 - 00000000 ____D () C:\Program Files (x86)\Crewlog
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\iTunes
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-18 12:20 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-18 12:20 - 2013-12-02 20:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-18 12:20 - 2013-09-30 06:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-05-18 12:20 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-05-18 12:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-05-18 12:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-05-18 12:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2014-05-18 12:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-05-18 12:20 - 2013-04-20 22:23 - 00000000 ____D () C:\Program Files\Recuva
2014-05-18 12:20 - 2013-01-02 00:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-05-18 12:20 - 2012-12-30 20:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-18 12:20 - 2012-12-30 02:15 - 00000000 ____D () C:\Program Files\Common Files\ACD Systems
2014-05-18 12:20 - 2012-12-29 20:31 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Wise Registry Cleaner
2014-05-18 12:20 - 2012-12-29 19:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-18 12:20 - 2012-12-28 22:13 - 00000000 ____D () C:\WINDOWS\System32\Tasks\ASUS
2014-05-18 12:20 - 2012-12-28 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia
2014-05-18 12:20 - 2012-12-28 21:04 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-18 12:20 - 2012-12-28 18:24 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-18 12:14 - 2013-08-22 16:44 - 00496880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-18 12:12 - 2014-05-18 12:12 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-17 18:31 - 2014-05-17 18:31 - 00001027 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crewlog.lnk
2014-05-17 18:28 - 2014-05-17 18:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 18:28 - 2014-05-17 18:28 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-17 18:21 - 2012-12-28 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anwendungen
2014-05-17 13:56 - 2012-12-30 02:27 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Apple Computer
2014-05-17 13:46 - 2014-05-17 13:46 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 13:46 - 2012-12-30 02:27 - 00000000 ____D () C:\ProgramData\Apple
2014-05-16 22:36 - 2012-12-28 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware
2014-05-16 18:42 - 2014-05-16 18:00 - 126399323 _____ () C:\Users\hanla_000\Desktop\Squirting_Over_The_Bedsheets.avi
2014-05-15 20:04 - 2014-05-15 20:04 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 20:04 - 2014-01-09 19:45 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-15 20:04 - 2014-01-09 19:45 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-15 20:04 - 2013-07-31 18:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-15 20:04 - 2013-07-31 18:43 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 17:03 - 2013-01-01 19:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 17:02 - 2013-07-19 14:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 17:01 - 2012-12-28 18:13 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 23:41 - 2014-01-16 17:19 - 00002457 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 20:13 - 2013-04-27 11:02 - 00003772 ____N () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-05-24 17:31 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-24 17:31 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 17:31 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-09 18:01 - 2014-03-03 21:46 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\mkvtoolnix
2014-05-07 17:12 - 2014-05-07 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
2014-05-07 17:12 - 2012-12-28 20:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-07 16:47 - 2014-05-07 16:47 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Microsoft Game Studios
2014-05-07 16:39 - 2014-05-07 16:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-06 06:40 - 2014-05-14 16:43 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 16:43 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 16:43 - 00084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 16:43 - 00069632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-02 17:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help
2014-05-02 11:23 - 2014-05-02 11:23 - 02724864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 11:23 - 2014-05-02 11:23 - 02724864 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 16:26 - 2012-12-28 19:26 - 00000145 _____ () C:\Users\hanla_000\Desktop\Passes.txt
2014-04-26 22:32 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\hanla_000\Desktop\bun
2014-04-25 17:40 - 2014-04-25 17:40 - 00000000 _____ () C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTeK_P8Z77-V.alu
2014-04-25 17:13 - 2014-04-25 17:13 - 00003826 ____N () C:\WINDOWS\System32\Tasks\Security Center Update - 4185919329
2014-04-25 17:13 - 2014-04-25 17:13 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Kuqybobi
2014-04-25 15:36 - 2013-12-02 20:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-25 15:36 - 2013-12-02 20:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-25 15:29 - 2014-04-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-04-25 15:09 - 2013-01-16 12:45 - 04700560 _____ () C:\WINDOWS\PE_File.dll
2014-04-25 14:50 - 2012-12-28 21:44 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-04-25 14:49 - 2014-04-25 14:49 - 00016896 _____ (ASUS) C:\WINDOWS\AsTaskSched.dll
2014-04-25 14:46 - 2012-12-28 21:46 - 00000000 ____D () C:\ProgramData\Intel
2014-04-25 14:46 - 2012-12-28 21:46 - 00000000 ____D () C:\Program Files\Intel
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Users\hanla_000\Intel
2014-04-24 14:47 - 2014-02-26 17:48 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Ajdvworks

Some content of TEMP:
====================
C:\Users\hanla_000\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-18 12:13] - [2014-03-28 17:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-18 12:13] - [2014-03-06 14:42] - 0310616 ___AC (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663



LastRegBack: 2014-05-24 12:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 24.05.2014, 17:42   #9
M-K-D-B
/// TB-Ausbilder
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



edit...
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 24.05.2014, 17:42   #10
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2014 1
Ran by Hanling at 2014-05-24 17:39:37
Running from C:\Users\hanla_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Disabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Disabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

ACDSee Pro 7 (64-bit) (HKLM\...\{D2A6EC54-CB46-49E4-A6FC-A9179F9D9D12}) (Version: 7.0.138 - ACD Systems International Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Assassins Creed IV Black Flag Digital Deluxe Edition MULTI-5 1.01 (HKLM-x32\...\Assassins Creed IV Black Flag Digital Deluxe Edition MULTI-5 1.01) (Version:  - )
Assassins Creed IV Black Flag Update v1.04 Plus Schrei nach Freiheit DLC MULTI-5 1.04 (HKLM-x32\...\Assassins Creed IV Black Flag Update v1.04 Plus Schrei nach Freiheit DLC MULTI-5 1.04) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.15.0.682 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Crewlog Version 4.3.0 (HKLM-x32\...\{C5ECC549-07F0-4584-9A5C-4B23BC73CAC4}_is1) (Version:  - Mikelsoft.com)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DDBAC (HKLM-x32\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.6.13644 - Blizzard Entertainment)
die Ablage für Ihre Dienstpläne (HKLM-x32\...\Dienstplanablage_is1) (Version:  - Mikelsoft.com)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
HP ENVY 110 series - Grundlegende Software für das Gerät (HKLM\...\{8CA09F9B-A122-4F50-9A6F-7909106019F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ENVY 110 series Hilfe (HKLM-x32\...\{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Network Connections 17.2.153.0 (HKLM\...\PROSetDX) (Version: 17.2.153.0 - Intel)
Intel(R) Network Connections 17.2.153.0 (Version: 17.2.153.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
Just Flight - 757 Jetliner Freemium (HKLM-x32\...\{B0F7B3B5-E856-4558-BD7C-BDA32943C783}) (Version: 1.00.000 - Just Flight)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
MagicRotation Auto (HKLM-x32\...\{31DBA23B-55DA-48F5-B5B4-A031B722F648}) (Version: 4.14 - Samsung Electronics Co., Ltd.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metro Last Light (HKLM-x32\...\Metro Last Light_is1) (Version: 2.0.0.0 - )
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.7 - 3r1c)
MKVToolNix 6.9.1 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)
Movies2iPhone 2.18 for Windows (HKLM-x32\...\Movies2iPhone) (Version: 2.18 for Windows - OKprods Ltd)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero Burning ROM (x32 Version: 12.0.28001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurningROM 12 (HKLM-x32\...\{C0CA68BF-2963-4139-8207-1E83038F86F8}) (Version: 12.0.00800 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.18900 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller-Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.50 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.50 (Version: 337.50 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
PDF Editor 2 (HKLM-x32\...\PDF Editor 2) (Version:  - )
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version:  - )
PhoneClean 3.3.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 3.3.0 - iMobie Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.72.0 - PS3 Media Server)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROCCAT Kone[+] Mouse Driver (HKLM-x32\...\{B99CB207-4704-4C51-9309-0FA90AA26DD4}) (Version:  - Roccat GmbH)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shadowrun Returns (HKLM-x32\...\Shadowrun Returns_is1) (Version:  - Harebrained Holdings)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.41 - Stardock Software, Inc.)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.3.24 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{6C9BC997-B9E5-482B-99EC-F02C8FDD91A8}) (Version: 9.0 - Star Finanz GmbH)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VEGA Fokker 100 Workstation (HKLM-x32\...\VEGA Fokker 100 Workstation) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{9A265E7E-5602-44DB-8B4D-A25C58D02489}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{0CADB637-714E-4F47-83C7-F11FEFC930D6}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Restore Points  =========================

21-05-2014 15:24:39 Geplanter Prüfpunkt
23-05-2014 13:39:38 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0AB80C7F-2822-4143-BAED-5BA12D1FEACC} - System32\Tasks\Western Digital\SmartWare\____Volume_82b9e55c_a800_4439_8808_6092b802c9c7______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CE970F7-55E1-4406-B1A5-8DE3C4ACA02C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: {10A29629-EEA6-474B-8F01-FB98CF20DF80} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-14] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {477B9808-2E2A-4049-9681-7152A6182945} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A48F181-FE5D-4A64-8D6C-41C79CDA7EC5} - System32\Tasks\Western Digital\SmartWare\____Volume_6faabf9c_dac2_4787_a568_19cb6f816751______Volume_37fc0d47_f956_11e2_bfc7_000c55ff7c4a__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {52FE369D-89BD-4431-BF2E-873D17BCE39A} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {5F16F6DC-920F-4341-97E1-B326173BE101} - System32\Tasks\Security Center Update - 4185919329 => C:\Users\hanla_000\AppData\Roaming\Kuqybobi\yndymyu.exe <==== ATTENTION
Task: {61A43431-B88D-4177-A528-D6F691A8CB17} - System32\Tasks\Western Digital\SmartWare\____Volume_82b9e55c_a800_4439_8808_6092b802c9c7______Volume_37fc0d47_f956_11e2_bfc7_000c55ff7c4a__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {64C3E37E-B2BA-424E-B4BD-68D5514D05CC} - System32\Tasks\Western Digital\SmartWare\____Volume_99bbf52b_63df_428e_bdc1_214927ffcfa0______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75DF9584-8173-466F-8819-8AE63685DE04} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe [2013-01-28] ()
Task: {77242134-C1D8-4143-A7F8-536B7CDDB650} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8082747B-2C2A-4C96-81FC-227F61927D81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {8302BD30-6BAA-40B9-8641-2CA0C296945E} - System32\Tasks\Western Digital\SmartWare\____Volume_f3f70d0d_9bf9_48fd_a6e5_2ae0ac805a3c______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87CD3EC9-41A4-4D56-8246-59C33370432B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E1ABC29-11EA-43DD-A775-B5FEA70F4DA1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9089F83C-6C01-49ED-A829-4CAC472D57CD} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A285E6E1-A43F-4FE5-B8F3-8DB98E1D1F6F} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2013-06-19] (Bitdefender)
Task: {A86A7A10-D8B1-4A9D-92B4-3095CA6384CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A8AC44C7-06F2-4CAC-B4ED-C464D97B9C84} - System32\Tasks\Western Digital\SmartWare\____Volume_18bfbc07_16f0_492e_a045_94e654284a0e______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {B560C040-AFA6-4B41-A183-196EF5873D04} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {B94F3A4D-AB97-4FD7-84CB-6DC6F0ABB719} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BB2D35A0-EC15-41F9-A0F6-80223C659C7D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C5E3CF1E-CFB0-482F-8873-CE842A54081A} - System32\Tasks\Western Digital\SmartWare\____Volume_6faabf9c_dac2_4787_a568_19cb6f816751______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E686F081-B5E2-4B21-8481-EA0D7D889928} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA80EDE2-3138-4C0D-83C7-768B8EEF2677} - System32\Tasks\Western Digital\SmartWare\____Volume_dfbc422e_5105_11e2_be65_806e6f6e6963______Volume_98fec993_7954_11e3_80b2_806e6f6e6963__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-05-09] (Western Digital Technologies, Inc.)
Task: {EBB9B7C9-5651-4552-91EC-11323D6327BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F00E1406-BD2E-4626-B847-CB7D81D1A571} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {F1E1EB65-7882-47E4-A305-17AA11073BC7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {FE4052B4-80D3-4F4D-96EB-AF69872C940D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 12:21 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-08-14 12:21 - 2013-08-05 19:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2013-08-14 12:21 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2013-08-14 12:21 - 2013-08-05 19:08 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2013-12-02 20:01 - 2014-03-27 04:11 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-29 20:17 - 2013-01-07 11:13 - 00040448 _____ () C:\WINDOWS\System32\pdf995mon64.dll
2013-01-23 08:12 - 2013-01-23 08:12 - 00425016 ____N () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-04-25 15:42 - 2013-01-14 16:37 - 01406776 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-12-30 20:13 - 2013-12-21 21:18 - 00076888 ____N () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-12-28 22:13 - 2012-06-01 18:42 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-01-16 18:01 - 2013-01-16 18:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2011-04-30 21:04 - 2011-04-30 21:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2014-04-25 15:42 - 2013-01-14 17:16 - 05771136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2014-04-25 15:42 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-06 14:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-06 14:08 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-06 14:08 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-06 14:08 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-06 14:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-05 23:55 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2012-12-28 22:13 - 2014-05-24 17:37 - 00030720 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-12-28 22:13 - 2010-06-29 11:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2012-12-28 22:15 - 2012-05-17 19:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2012-12-28 22:15 - 2012-07-05 13:05 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-08-14 12:21 - 2014-03-31 16:13 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-12-28 22:13 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2012-12-28 22:13 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2012-12-28 22:13 - 2011-09-26 20:36 - 00869376 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2012-12-28 22:13 - 2012-10-08 17:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-04-25 15:42 - 2013-01-15 15:30 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2012-12-28 22:14 - 2012-06-19 13:56 - 01305600 ____N () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2012-12-28 22:14 - 2012-07-25 10:56 - 01124864 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2012-12-28 22:14 - 2012-07-20 10:39 - 01047040 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2012-12-28 22:13 - 2013-04-15 14:19 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2012-12-28 22:13 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2012-12-28 22:13 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2012-12-28 22:13 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2012-12-28 22:13 - 2012-08-29 18:09 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-12-28 22:13 - 2010-08-23 11:17 - 00662016 ____N () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2012-12-28 22:13 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2012-12-28 22:15 - 2012-01-19 10:39 - 00028672 ____N () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2013-08-21 20:23 - 2013-11-28 13:14 - 00013824 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
2013-12-09 17:46 - 2013-11-28 19:59 - 00098816 _____ () C:\Program Files (x86)\Samsung SSD Magician\PAL.dll
2013-12-09 17:46 - 2013-11-28 19:59 - 00034304 _____ () C:\Program Files (x86)\Samsung SSD Magician\SATA.dll
2013-12-09 17:46 - 2013-11-28 19:59 - 00032768 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAT.dll
2013-12-09 17:46 - 2013-11-28 20:00 - 00031232 _____ () C:\Program Files (x86)\Samsung SSD Magician\SMINI.dll
2013-12-09 17:46 - 2013-11-28 19:59 - 00029696 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAS.dll
2013-11-27 18:41 - 2010-06-22 14:50 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
2012-12-28 22:13 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\hanla_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\hanla_000\Desktop\TonidoLiteSetup.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer9 => 2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2014 05:38:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 05:38:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/24/2014 05:38:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5

Error: (05/24/2014 05:38:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Hanling-PC)
Description: 12199Asparion.AsparionClock_f89vgcf3qm37t5


CodeIntegrity Errors:
===================================
  Date: 2013-02-01 09:30:16.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 23:33:35.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 22:28:54.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 22:20:10.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 21:24:21.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 19:43:51.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 19:26:13.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-31 19:19:45.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-30 23:56:40.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-30 23:48:03.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_006\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 16329.48 MB
Available physical RAM: 14440.88 MB
Total Pagefile: 18761.48 MB
Available Pagefile: 16692.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:237.91 GB) (Free:38.02 GB) NTFS
Drive d: (Dateien) (Fixed) (Total:1024 GB) (Free:103.42 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:400 GB) (Free:58.02 GB) NTFS
Drive f: (Dateien (1,33TB)) (Fixed) (Total:1370.39 GB) (Free:85.7 GB) NTFS
Drive g: (Dateien (1,81TB)) (Fixed) (Total:1863.01 GB) (Free:20.87 GB) NTFS
Drive h: (Dateien (2,72TB)) (Fixed) (Total:2794.39 GB) (Free:109.81 GB) NTFS
Drive k: (8GB STICK) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
Drive p: (My Book 4TB) (Fixed) (Total:3725.99 GB) (Free:1100.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 0B36A66C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BD1BFA18)
Partition 2: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 4820A7E8)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 2795 GB) (Disk ID: B08D6C99)

Partition: GPT Partition Type.

========================================================
Disk: 4 (Size: 7 GB) (Disk ID: 67ADC4EE)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 9.

==================== End Of Log ============================
         

Alt 24.05.2014, 17:45   #11
M-K-D-B
/// TB-Ausbilder
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
Task: {75DF9584-8173-466F-8819-8AE63685DE04} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe [2013-01-28] ()
C:\WINDOWS\AutoKMS.exe
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 24.05.2014, 23:51   #12
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-05-2014 1
Ran by Hanling at 2014-05-24 17:58:54 Run:2
Running from C:\Users\hanla_000\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Task: {75DF9584-8173-466F-8819-8AE63685DE04} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe [2013-01-28] ()
C:\WINDOWS\AutoKMS.exe
Reboot:
end
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{75DF9584-8173-466F-8819-8AE63685DE04} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75DF9584-8173-466F-8819-8AE63685DE04} => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key deleted successfully.
C:\WINDOWS\AutoKMS.exe => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2db631e97afc434eba190b1daac63bdc
# engine=18396
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-24 09:25:57
# local_time=2014-05-24 11:25:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 789976 48574887 0 0
# scanned=889128
# found=48
# cleaned=0
# scan_time=19307
sh=B05759F2D92CBA2CCB79ECF479D692883860BE85 ft=1 fh=2159802774d33b23 vn="Win32/Reveton.AJ Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A\h31gro.cpp"
sh=0F4E1019651005AEC7B0CAF78AFEC60BA1456024 ft=1 fh=365a1d7938cbe81a vn="Win64/Reveton.A Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A\org13h.dot"
sh=624B745C3A58D9AE4A9958B35BA80CE4E2B5A02E ft=1 fh=c71c001181a94371 vn="Variante von Win32/CoinMiner.QZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\hanla_000\AppData\Local\Temp\mdi064.dll.xBAD"
sh=624B745C3A58D9AE4A9958B35BA80CE4E2B5A02E ft=1 fh=c71c001181a94371 vn="Variante von Win32/CoinMiner.QZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\hanla_000\AppData\Local\Temp\mdi164.dll.xBAD"
sh=624B745C3A58D9AE4A9958B35BA80CE4E2B5A02E ft=1 fh=c71c001181a94371 vn="Variante von Win32/CoinMiner.QZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\hanla_000\AppData\Local\Temp\mdi264.dll.xBAD"
sh=624B745C3A58D9AE4A9958B35BA80CE4E2B5A02E ft=1 fh=c71c001181a94371 vn="Variante von Win32/CoinMiner.QZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\hanla_000\AppData\Local\Temp\mdi364.dll.xBAD"
sh=624B745C3A58D9AE4A9958B35BA80CE4E2B5A02E ft=1 fh=c71c001181a94371 vn="Variante von Win32/CoinMiner.QZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\hanla_000\AppData\Local\Temp\mdi464.dll.xBAD"
sh=B05759F2D92CBA2CCB79ECF479D692883860BE85 ft=1 fh=2159802774d33b23 vn="Win32/Reveton.AJ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\hanla_000\AppData\Local\Temp\~+JF1360084289308265088.dll.xBAD"
sh=D22AD54C481852029D0FDD27268500EE1568159A ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OZE Trojaner" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\23087490-7e9e9bb8"
sh=3984B1806C510EE88CA4E4F362C07772E3AFD33A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\677a8e53-68b72790"
sh=F6DAB24473F8F46FEB2ADB116BFC66C9F3D8FF26 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72859c1c-3244cd72"
sh=BB61A3022F892EF3FA7DE50808B955D02F05445B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10c6acde-77381b82"
sh=798CDDBDA37ED8AE9B7DCB2EC474592F6857F845 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5b512621-703deda8"
sh=BD32E544E2E9C905F4D19CE7077970FA58711F64 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PAF Trojaner" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2f9f2e64-72c32055"
sh=39A71630EFEBC90A719997B51B8C223938148FDB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1170daa9-27d95a65"
sh=FE746F4EA50ABB6D049182919443ABD02C8F5B51 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\76e369aa-35790ca0"
sh=798CDDBDA37ED8AE9B7DCB2EC474592F6857F845 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\43f710ee-17b1b0c3"
sh=F1A150ACD7C6F486266585BD63F6E9B633985CCB ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLG Trojaner" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6efc7faf-339c8f2d"
sh=FA4E25F05D0A4760F64279B94A8734C19872FBE0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\44fc3a34-1d776905"
sh=06A52BAB880B91D58ADE3CCBB43994606DD779EE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\4ecbe3f5-2badc2a1"
sh=06A52BAB880B91D58ADE3CCBB43994606DD779EE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\68d79a7e-3b39a4a2"
sh=45C7FD4D1DC31DC41DE985544F9345EDA0D9A5D4 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NLZ Trojaner" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\791e4c3f-5982184a"
sh=06A52BAB880B91D58ADE3CCBB43994606DD779EE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\4b9a0607-540d7102"
sh=8FCB2972865ABABA6F36BC2D06B11E7C9230B971 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLR Trojaner" ac=I fn="C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1e1ea988-1f6361a3"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="D:\[Progs]\DTLite4471-0333.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="E:\[Image]\Batman Arkham City - Game of the Year Edition\sr-bacgoty.iso"
sh=BC9E4B46ECB504B4C5C97701F77019BE8D6F31E4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="E:\[Image]\[Spiele]\Metro - Last Light\upmet202.rar"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.18bfbc07.16f0.492e.a045.94e654284a0e\[Image]\Batman Arkham City - Game of the Year Edition\sr-bacgoty.iso"
sh=BC9E4B46ECB504B4C5C97701F77019BE8D6F31E4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.18bfbc07.16f0.492e.a045.94e654284a0e\[Image]\[Spiele]\Metro - Last Light\upmet202.rar"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.6faabf9c.dac2.4787.a568.19cb6f816751\[Progs]\DTLite4471-0333.exe"
sh=D22AD54C481852029D0FDD27268500EE1568159A ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OZE Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\23087490-7e9e9bb8"
sh=8BEBFDFEE5F6854CD55117FABF7D698D80BAC0C3 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.RCM Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7b1886d2-729a544e"
sh=3984B1806C510EE88CA4E4F362C07772E3AFD33A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\677a8e53-68b72790"
sh=F6DAB24473F8F46FEB2ADB116BFC66C9F3D8FF26 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72859c1c-3244cd72"
sh=06A52BAB880B91D58ADE3CCBB43994606DD779EE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\5c3e3883-115157a3"
sh=BB61A3022F892EF3FA7DE50808B955D02F05445B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10c6acde-77381b82"
sh=798CDDBDA37ED8AE9B7DCB2EC474592F6857F845 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5b512621-703deda8"
sh=BD32E544E2E9C905F4D19CE7077970FA58711F64 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PAF Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2f9f2e64-72c32055"
sh=39A71630EFEBC90A719997B51B8C223938148FDB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1170daa9-27d95a65"
sh=FE746F4EA50ABB6D049182919443ABD02C8F5B51 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\76e369aa-35790ca0"
sh=798CDDBDA37ED8AE9B7DCB2EC474592F6857F845 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\43f710ee-17b1b0c3"
sh=F1A150ACD7C6F486266585BD63F6E9B633985CCB ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLG Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6efc7faf-339c8f2d"
sh=58AC61DF1B7D1D3EF4D3A53016435DA0DFFC6084 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.REL Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7eeb25f0-2af47855"
sh=FA4E25F05D0A4760F64279B94A8734C19872FBE0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\44fc3a34-1d776905"
sh=06A52BAB880B91D58ADE3CCBB43994606DD779EE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\68d79a7e-3b39a4a2"
sh=45C7FD4D1DC31DC41DE985544F9345EDA0D9A5D4 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NLZ Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\791e4c3f-5982184a"
sh=06A52BAB880B91D58ADE3CCBB43994606DD779EE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\4b9a0607-540d7102"
sh=8FCB2972865ABABA6F36BC2D06B11E7C9230B971 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLR Trojaner" ac=I fn="P:\WD SmartWare.swstor\HANLING-PC\Volume.82b9e55c.a800.4439.8808.6092b802c9c7\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1e1ea988-1f6361a3"
         


Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Bitdefender Antivirus   
Windows Defender        
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 TuneUp Utilities Language Pack (de-DE) 
 Wise Registry Cleaner 8.12  
 Java(TM) 6 Update 25  
 Java version out of Date! 
 Adobe Flash Player 	13.0.0.214  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Bitdefender Bitdefender vsserv.exe  
 Bitdefender Bitdefender updatesrv.exe  
 Bitdefender Bitdefender bdagent.exe  
 Bitdefender Bitdefender pmbxag.exe  
 Bitdefender Bitdefender antispam32 bdapppassmgr.exe 
 StarMoney 9.0 ouservice StarMoneyOnlineUpdate.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 25.05.2014, 14:02   #13
M-K-D-B
/// TB-Ausbilder
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
D:\[Progs]\DTLite4471-0333.exe
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Java(TM) 6 Update 25
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 25.05.2014, 14:27   #14
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Vielen Dank für Deine Hilfe!

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 01
Ran by Hanling at 2014-05-25 14:13:26 Run:3
Running from C:\Users\hanla_000\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
D:\[Progs]\DTLite4471-0333.exe
Reboot:
end
         
*****************

C:\Users\hanla_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 => Moved successfully.
D:\[Progs]\DTLite4471-0333.exe => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         

Was ich noch komisch finde ist, seitdem ich mir den Trojaner eingefangen habe, habe ich im Task Manager keinen Start Reiter mehr um die Systemelemente zu aktivieren oder deaktivieren. Unter CCleaner werden mir die entsprechenden Programme noch angezeigt, dass die normal starten, jedoch fehlt mir jetzt die Möglichkeit im Task Manager das zu steuern.
Wenn man mit msconfig in den Reiter Systemstart geht, dann wird man ja eigentlich in den Start vom Task Manager weitergeleitet, der ist aber leer bzw. es wird mir nur der Autostart gezeigt.
Es ist lediglich nur noch Autostart da und ich kann mich nicht erinnern, ob der schon immer da war, da ich Autostart immer über das Startmenu gesteuert habe.

Habe gelesen, dass die Trojaner gewisse Dinge in der Registry löschen oder ändern, damit man darauf keinen Zugriff mehr hat?

Alt 25.05.2014, 20:19   #15
M-K-D-B
/// TB-Ausbilder
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!



Zitat:
Zitat von gesmo Beitrag anzeigen
Was ich noch komisch finde ist, seitdem ich mir den Trojaner eingefangen habe, habe ich im Task Manager keinen Start Reiter mehr um die Systemelemente zu aktivieren oder deaktivieren. Unter CCleaner werden mir die entsprechenden Programme noch angezeigt, dass die normal starten, jedoch fehlt mir jetzt die Möglichkeit im Task Manager das zu steuern.
Wenn man mit msconfig in den Reiter Systemstart geht, dann wird man ja eigentlich in den Start vom Task Manager weitergeleitet, der ist aber leer bzw. es wird mir nur der Autostart gezeigt.
Es ist lediglich nur noch Autostart da und ich kann mich nicht erinnern, ob der schon immer da war, da ich Autostart immer über das Startmenu gesteuert habe.

Habe gelesen, dass die Trojaner gewisse Dinge in der Registry löschen oder ändern, damit man darauf keinen Zugriff mehr hat?
Hhmm komisch... ja.

Gut möglich, dass da was verbogen wurde. Spontan fällt mir da leider nichts dazu ein ,tut mir Leid.





Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!
adobe flash player, flash player, java/exploit.agent.nlz, java/exploit.agent.olg, java/exploit.agent.olr, java/exploit.agent.oze, java/exploit.agent.paf, java/exploit.agent.rcm, java/exploit.agent.rel, monitor.exe, nvbackend, registry, riskware.bitcoinminer, security, starmoney, stick, system, temp, win32/coinminer.qz, win32/downware.l, win32/packed.vmprotect.aaa, win32/packed.vmprotect.aah, win32/reveton.aj, win64/reveton.a, windows, winlogon.exe



Ähnliche Themen: BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!


  1. GUV-Trojaner; Start in abgesichertem Modus nicht möglich; Start von FRST nicht möglich
    Log-Analyse und Auswertung - 20.12.2013 (1)
  2. GVU-Virus und der abgesicherte Modus oder Rescue-Disk funktionieren nicht
    Log-Analyse und Auswertung - 21.08.2013 (17)
  3. Auch hier: GVU Trojaner - Abgesicherte Modus blockiert - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (12)
  4. GVU Trojaner - Abgesicherte Modus blockiert - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (12)
  5. Interpolvirus auf Windows 7. Abgesicherte Modus fährt immer sofort herunter.
    Log-Analyse und Auswertung - 14.07.2013 (3)
  6. HILFE habe mir den Bundestrojaner eingefangen. Kann mich nicht mehr anmelden. Abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (21)
  7. GVU Trojaner - Start im Abgesicherten Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (18)
  8. GVU-Trojaner , Win7 , abgesicherte Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (8)
  9. GVU-Trojaner (Start des abgesicherten Modus nicht möglich)
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (15)
  10. 2x | SOS gvu trojaner hat zugeschlagen, abgesicherte modus geht auch nicht. Wie werde ich den virus los?
    Mülltonne - 02.02.2013 (14)
  11. GVU Trojaner eingefangen, WinXP, abgesicherter Modus geht nicht, Kaspersky Rescue auch nicht
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (28)
  12. GVU Trojaner eingefangen (Abgesicherter Modus nicht Möglich)
    Log-Analyse und Auswertung - 17.01.2013 (5)
  13. Win 7 Antivirus 2012 geht nichtmal im abgesicherte Modus
    Log-Analyse und Auswertung - 24.01.2012 (39)
  14. Gema virus! Abgesicherte modus und OTL geht nicht
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (1)
  15. Bundespolizei Trojaner - auch im abgesicherten Modus nicht mehr Start möglich
    Log-Analyse und Auswertung - 05.12.2011 (8)
  16. BKA Trojaner/Virus eingefangen, kann außer abgesichertem Modus nix mehr machen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (15)
  17. XP bootet nur im abgesicherte modus
    Alles rund um Windows - 02.07.2005 (3)

Zum Thema BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Hallo, ich habe mir offentsichtlich den BKA Torjaner eingefangen. Und zwar einer von der neueren Sorte, bei dem man nicht mehr in den abgesicherten Modus gelangt. Ich konnte zwar den - BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!...
Archiv
Du betrachtest: BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.