| |
| |||||||
Log-Analyse und Auswertung: Avira Free Antivirus lässt sich nicht komplett deinstallierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.06.2014, 18:01
| #1 |
 |  Avira Free Antivirus lässt sich nicht komplett deinstallieren Hallo, ich hatte mich in einem anderen Thread schon an euch gewandt, da, wie es scheint, Avira den Download von einem Game-Server blockiert. Keckrem hatte mir den (naheliegenden) Tipp gegeben, Avira doch zu deinstallieren. Das habe ich auch versucht (bis auf 3 Dateien war alles weg), aber jeweils mit dem Ergebnis, dass beim nächsten Start des PC, Windows nicht mehr startete, auch nicht im abgesicherten Modus oder von DVD. Nur durch Systemwiederherstellung (vor der Avira Deinstallation) wurde der PC wieder lauffähig. Auch per Hand über das cmd-Fenster kann ich die Dateien nicht löschen. Könnt ihr bitte mal einen Blick auf die Scans werfen, ob euch irgendwas seltsames auffällt? Danke! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:42 on 30/06/2014 (L****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Linus (administrator) on PC-PC on 30-06-2014 17:44:43
Running from C:\Users\Linus\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SecureAssist) C:\Program Files\suprasavings\SecureAssist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\Linus\AppData\Local\Akamai\netsession_win.exe
(IGN Entertainment Inc.) C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
(Akamai Technologies, Inc.) C:\Users\Linus\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(GamersFirst) C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\Live.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1919000 2013-04-26] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-14] ()
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Linus\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Run: [Comrade.exe] => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe [36864 2007-06-29] (IGN Entertainment Inc.)
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Run: [PriceMeterW] => "C:\Users\Linus\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\MountPoints2: {b44eaf78-6a2d-11e2-9119-6cf049034983} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-777828185-3614882756-786469040-1001\...\MountPoints2: {b44eaf80-6a2d-11e2-9119-6cf049034983} - F:\setup_vmc_lite.exe /checkApplicationPresence
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Linus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-777828185-3614882756-786469040-1016\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x330B4C1E7441CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=mp3&utm_campaign=eXQ&utm_content=sc&from=mp3&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&ts=1383207691
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&q={searchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=473&v=a12349-267&apn_uid=5390367529024018&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=c3edba7e-ffad-1c98-9b5a-a806063c2943&searchtype=ds&q={searchTerms}&installDate=31/10/2013
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=473&v=a12349-267&apn_uid=5390367529024018&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=c3edba7e-ffad-1c98-9b5a-a806063c2943&searchtype=ds&q={searchTerms}&installDate=31/10/2013
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP700A9F52-091A-406E-A84F-9F287A2BF52E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397895443&from=tugs&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3461905019050&q={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=473&v=a12349-267&apn_uid=5390367529024018&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
BHO: Plus-HD-9.5 - {11111111-1111-1111-1111-110511311166} - C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-bho64.dll (Plus HD)
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll No File
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {11111111-1111-1111-1111-110511421146} - No File
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: No Name - {336D0C35-8A85-403a-B9D2-65C292C39087} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 24 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 24 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Linus\AppData\Roaming\Mozilla\Firefox\Profiles\suaxppy0.default
FF Homepage: google.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @gametap.com/npdd,version=1.0 - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Linus\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Linus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dosearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-06-19]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2011-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Linus\AppData\Roaming\Mozilla\Firefox\Profiles\50w71vhg.default\extensions\quick_start@gmail.com
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-11] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82944 2012-02-17] (Freemake) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-24] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-04] ()
S4 pricemeterliveUpdate; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-04-19] (PriceMeter)
S4 pricemeterliveUpdatem; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-04-19] (PriceMeter)
R2 SecureAssist; C:\Program Files\SupraSavings\SecureAssist.exe [1558032 2014-03-12] (SecureAssist) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
==================== Drivers (Whitelisted) ====================
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96768 2013-02-14] (Advanced Micro Devices) [File not signed]
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-03-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-04-24] (AnchorFree Inc.)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2008-03-27] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [13312 2008-03-27] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-03-23] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
S3 wolf; C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [82472 2013-05-10] ()
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-30 17:44 - 2014-06-30 17:46 - 00029006 _____ () C:\Users\Linus\Desktop\FRST.txt
2014-06-30 17:44 - 2014-06-30 17:44 - 00000000 ____D () C:\FRST
2014-06-30 17:42 - 2014-06-30 17:46 - 00000472 _____ () C:\Users\Linus\Desktop\defogger_disable.log
2014-06-30 17:42 - 2014-06-30 17:42 - 00000000 _____ () C:\Users\Linus\defogger_reenable
2014-06-30 17:41 - 2014-06-30 17:41 - 00380416 _____ () C:\Users\Linus\Desktop\Gmer-19357.exe
2014-06-30 17:40 - 2014-06-30 17:40 - 02083328 _____ (Farbar) C:\Users\Linus\Desktop\FRST64.exe
2014-06-30 17:39 - 2014-06-30 17:39 - 00050477 _____ () C:\Users\Linus\Desktop\Defogger.exe
2014-06-29 18:50 - 2014-06-29 18:50 - 00001224 _____ () C:\Users\Linus\Desktop\Revo Uninstaller.lnk
2014-06-29 18:50 - 2014-06-29 18:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-26 22:04 - 2014-06-26 22:15 - 106224784 _____ (Flexera Software) C:\Users\Linus\Downloads\Install_ESO(1).exe
2014-06-24 14:15 - 2014-06-24 14:15 - 04220110 _____ () C:\Users\Linus\Downloads\The Forest V0.2 Trainer +6 MrAntiFun.zip
2014-06-24 13:41 - 2014-06-24 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-24 13:41 - 2014-06-24 13:41 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-22 20:09 - 2014-06-22 20:13 - 17844827 _____ () C:\Users\Linus\Desktop\JunkZs PAYDAY 2 HACK (UPDATED 2014-06-11).rar
2014-06-21 12:45 - 2014-06-21 12:45 - 00000000 ____D () C:\Users\Linus\Documents\Steam Cloud
2014-06-21 09:50 - 2014-06-21 09:50 - 00000000 ____D () C:\Users\Linus\Documents\RPGVXAce
2014-06-21 09:25 - 2014-06-21 09:25 - 00000222 _____ () C:\Users\Linus\Desktop\RPG Maker VX Ace.url
2014-06-19 19:31 - 2014-06-19 19:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 17:05 - 2014-06-18 17:05 - 00007220 _____ () C:\Users\Linus\Downloads\platform-randomiser-0.0.5.zip
2014-06-18 17:03 - 2014-06-18 17:03 - 00021436 _____ () C:\Users\Linus\Downloads\CheatMod-master(1).zip
2014-06-12 21:00 - 2014-06-13 18:04 - 00000098 _____ () C:\Users\Linus\AppData\Roaming\LauncherSettings_live.cfg
2014-06-12 19:38 - 2014-06-12 19:38 - 00000039 _____ () C:\Users\Linus\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Linus\Documents\theHunter
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\theHunter
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Linus\AppData\Local\theHunter
2014-06-12 19:36 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\theHunterSteam
2014-06-12 19:36 - 2014-06-12 19:36 - 00000000 ____D () C:\ProgramData\Hunter
2014-06-12 17:46 - 2014-06-12 17:46 - 00000222 _____ () C:\Users\Linus\Desktop\theHunter.url
2014-06-11 18:40 - 2014-06-11 18:40 - 04124632 _____ () C:\Users\Linus\Downloads\The Forest V0.1 Trainer +3 MrAntiFun.zip
2014-06-11 18:18 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:18 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:18 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:18 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:18 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:18 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:18 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:18 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:18 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:18 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:18 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:18 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:18 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:18 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 18:18 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:18 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:18 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:18 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 18:18 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:18 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:18 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:18 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 18:18 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:18 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 18:18 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 18:18 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 18:18 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:18 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 18:18 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 18:18 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 18:18 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:18 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 18:18 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 18:18 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:18 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:18 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 18:18 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 18:18 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 18:18 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 18:18 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 18:18 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 18:18 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:18 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 18:18 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 18:18 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 18:18 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:18 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 18:18 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:18 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 18:18 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 18:18 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 18:18 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 18:12 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 18:12 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 18:12 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 18:12 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 18:12 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 18:12 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 18:12 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 18:12 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 18:12 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 18:12 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 18:12 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 18:12 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 18:12 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 18:12 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 18:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 18:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 17:23 - 2014-06-11 17:23 - 00000222 _____ () C:\Users\Linus\Desktop\The Forest.url
2014-06-05 10:59 - 2014-06-05 10:59 - 00000222 _____ () C:\Users\Linus\Desktop\American Conquest.url
2014-06-04 14:57 - 2014-06-04 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-04 14:56 - 2014-06-04 14:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan
==================== One Month Modified Files and Folders =======
2014-06-30 17:46 - 2014-06-30 17:44 - 00029006 _____ () C:\Users\Linus\Desktop\FRST.txt
2014-06-30 17:46 - 2014-06-30 17:42 - 00000472 _____ () C:\Users\Linus\Desktop\defogger_disable.log
2014-06-30 17:46 - 2011-07-14 02:06 - 00000000 ____D () C:\Users\Linus\AppData\Local\PMB Files
2014-06-30 17:44 - 2014-06-30 17:44 - 00000000 ____D () C:\FRST
2014-06-30 17:42 - 2014-06-30 17:42 - 00000000 _____ () C:\Users\Linus\defogger_reenable
2014-06-30 17:42 - 2011-07-13 17:08 - 00000000 ____D () C:\Users\Linus
2014-06-30 17:42 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:42 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:41 - 2014-06-30 17:41 - 00380416 _____ () C:\Users\Linus\Desktop\Gmer-19357.exe
2014-06-30 17:40 - 2014-06-30 17:40 - 02083328 _____ (Farbar) C:\Users\Linus\Desktop\FRST64.exe
2014-06-30 17:39 - 2014-06-30 17:39 - 00050477 _____ () C:\Users\Linus\Desktop\Defogger.exe
2014-06-30 17:39 - 2011-07-13 16:40 - 01751636 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 17:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-06-30 17:35 - 2014-04-19 10:19 - 00001448 _____ () C:\Windows\Tasks\c74ae590-57b1-4a3a-95db-04969a405d7b-5.job
2014-06-30 17:35 - 2014-04-19 10:18 - 00002178 _____ () C:\Windows\Tasks\c74ae590-57b1-4a3a-95db-04969a405d7b-4.job
2014-06-30 17:35 - 2014-04-19 10:18 - 00001522 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5.job
2014-06-30 17:35 - 2014-04-19 10:18 - 00001448 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1.job
2014-06-30 17:35 - 2014-04-19 10:18 - 00001426 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2.job
2014-06-30 17:35 - 2014-04-19 10:18 - 00001382 _____ () C:\Windows\Tasks\c74ae590-57b1-4a3a-95db-04969a405d7b-1.job
2014-06-30 17:35 - 2014-04-19 10:18 - 00001372 _____ () C:\Windows\Tasks\c74ae590-57b1-4a3a-95db-04969a405d7b-2.job
2014-06-30 17:35 - 2014-04-19 10:17 - 00003126 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3.job
2014-06-30 17:35 - 2014-04-19 10:17 - 00002774 _____ () C:\Windows\Tasks\c74ae590-57b1-4a3a-95db-04969a405d7b-3.job
2014-06-30 17:35 - 2014-04-19 10:17 - 00002206 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4.job
2014-06-30 17:35 - 2014-04-19 10:17 - 00000960 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-06-30 17:35 - 2013-08-01 14:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-30 17:35 - 2013-01-29 19:35 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-30 17:35 - 2012-12-15 17:28 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 17:35 - 2012-06-09 23:49 - 00000000 ____D () C:\Users\Linus\AppData\Local\LogMeIn Hamachi
2014-06-30 17:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 17:35 - 2009-07-14 06:51 - 00254762 _____ () C:\Windows\setupact.log
2014-06-29 21:35 - 2012-12-15 17:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 21:22 - 2014-04-19 10:17 - 00000964 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-06-29 21:22 - 2013-11-02 19:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-29 21:22 - 2013-08-05 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-29 21:22 - 2013-08-05 20:17 - 00000000 ____D () C:\ProgramData\Avira
2014-06-29 21:22 - 2013-08-05 20:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-29 21:22 - 2012-02-23 15:30 - 00000000 ____D () C:\Users\Linus\AppData\Local\Akamai
2014-06-29 21:22 - 2011-07-20 04:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-29 21:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-29 21:03 - 2014-05-21 15:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-29 19:41 - 2011-07-13 23:20 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\IrfanView
2014-06-29 19:09 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-29 18:53 - 2009-07-14 19:58 - 08157254 _____ () C:\Windows\system32\perfh007.dat
2014-06-29 18:53 - 2009-07-14 19:58 - 02474878 _____ () C:\Windows\system32\perfc007.dat
2014-06-29 18:53 - 2009-07-14 07:13 - 00006466 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 18:50 - 2014-06-29 18:50 - 00001224 _____ () C:\Users\Linus\Desktop\Revo Uninstaller.lnk
2014-06-29 18:50 - 2014-06-29 18:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-26 22:15 - 2014-06-26 22:04 - 106224784 _____ (Flexera Software) C:\Users\Linus\Downloads\Install_ESO(1).exe
2014-06-24 20:46 - 2011-11-17 20:07 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\TS3Client
2014-06-24 18:28 - 2011-07-13 19:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-24 18:27 - 2012-07-04 20:13 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\Skype
2014-06-24 18:20 - 2011-07-18 16:10 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-24 14:15 - 2014-06-24 14:15 - 04220110 _____ () C:\Users\Linus\Downloads\The Forest V0.2 Trainer +6 MrAntiFun.zip
2014-06-24 13:45 - 2013-08-05 20:18 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 13:41 - 2014-06-24 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-24 13:41 - 2014-06-24 13:41 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-23 17:53 - 2012-08-13 21:58 - 00000000 ____D () C:\Users\Linus\AppData\Local\ArmA 2 OA
2014-06-22 20:13 - 2014-06-22 20:09 - 17844827 _____ () C:\Users\Linus\Desktop\JunkZs PAYDAY 2 HACK (UPDATED 2014-06-11).rar
2014-06-21 23:59 - 2014-03-21 14:24 - 00000222 _____ () C:\Users\Linus\Desktop\PAYDAY 2.url
2014-06-21 18:24 - 2011-12-08 20:34 - 00021840 ____T () C:\Windows\SysWOW64\SIntfNT.dll
2014-06-21 18:24 - 2011-12-08 20:34 - 00017212 ____T () C:\Windows\SysWOW64\SIntf32.dll
2014-06-21 18:24 - 2011-12-08 20:34 - 00012067 ____T () C:\Windows\SysWOW64\SIntf16.dll
2014-06-21 12:45 - 2014-06-21 12:45 - 00000000 ____D () C:\Users\Linus\Documents\Steam Cloud
2014-06-21 09:50 - 2014-06-21 09:50 - 00000000 ____D () C:\Users\Linus\Documents\RPGVXAce
2014-06-21 09:25 - 2014-06-21 09:25 - 00000222 _____ () C:\Users\Linus\Desktop\RPG Maker VX Ace.url
2014-06-21 09:25 - 2011-08-24 12:26 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-20 14:12 - 2012-05-23 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 19:32 - 2014-06-19 19:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 17:46 - 2013-10-20 10:19 - 00000000 ____D () C:\Users\Linus\AppData\Local\Game Dev Tycoon - Steam
2014-06-18 17:05 - 2014-06-18 17:05 - 00007220 _____ () C:\Users\Linus\Downloads\platform-randomiser-0.0.5.zip
2014-06-18 17:03 - 2014-06-18 17:03 - 00021436 _____ () C:\Users\Linus\Downloads\CheatMod-master(1).zip
2014-06-17 14:28 - 2012-12-15 17:28 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 14:28 - 2012-12-15 17:28 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-16 20:43 - 2011-07-14 01:51 - 00000000 ____D () C:\Users\Linus\Documents\gothic3
2014-06-13 18:04 - 2014-06-12 21:00 - 00000098 _____ () C:\Users\Linus\AppData\Roaming\LauncherSettings_live.cfg
2014-06-13 06:55 - 2014-04-11 14:28 - 00000000 ____D () C:\Windows\rescache
2014-06-13 06:15 - 2014-01-11 13:00 - 00000222 _____ () C:\Users\Linus\Desktop\DayZ.url
2014-06-13 06:14 - 2014-05-10 19:15 - 00000220 _____ () C:\Users\Linus\Desktop\Sid Meier's Civilization V.url
2014-06-13 06:13 - 2014-03-15 09:38 - 00000222 _____ () C:\Users\Linus\Desktop\Neverwinter.url
2014-06-12 19:38 - 2014-06-12 19:38 - 00000039 _____ () C:\Users\Linus\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Linus\Documents\theHunter
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\theHunter
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Linus\AppData\Local\theHunter
2014-06-12 19:36 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\theHunterSteam
2014-06-12 19:36 - 2014-06-12 19:36 - 00000000 ____D () C:\ProgramData\Hunter
2014-06-12 19:34 - 2014-03-31 18:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-12 19:34 - 2012-07-04 20:12 - 00000000 ____D () C:\ProgramData\Skype
2014-06-12 17:46 - 2014-06-12 17:46 - 00000222 _____ () C:\Users\Linus\Desktop\theHunter.url
2014-06-12 16:57 - 2013-10-20 10:14 - 00000222 _____ () C:\Users\Linus\Desktop\Game Dev Tycoon.url
2014-06-12 15:13 - 2014-05-21 15:11 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-12 15:13 - 2014-05-21 15:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 15:13 - 2014-05-21 15:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-12 14:55 - 2013-07-23 08:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 14:45 - 2011-07-13 18:24 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 14:45 - 2011-07-13 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 14:42 - 2014-05-03 09:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 18:40 - 2014-06-11 18:40 - 04124632 _____ () C:\Users\Linus\Downloads\The Forest V0.1 Trainer +3 MrAntiFun.zip
2014-06-11 17:25 - 2014-04-19 10:22 - 00000000 ____D () C:\Program Files\003
2014-06-11 17:23 - 2014-06-11 17:23 - 00000222 _____ () C:\Users\Linus\Desktop\The Forest.url
2014-06-08 11:13 - 2014-06-11 18:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 18:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 20:22 - 2013-08-25 11:38 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\.minecraft
2014-06-05 20:17 - 2013-10-20 13:38 - 00000000 ____D () C:\Users\Linus\AppData\Roaming\Craften Terminal
2014-06-05 10:59 - 2014-06-05 10:59 - 00000222 _____ () C:\Users\Linus\Desktop\American Conquest.url
2014-06-04 15:28 - 2013-08-05 20:18 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-04 14:57 - 2014-06-04 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-04 14:57 - 2013-03-06 16:58 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-04 14:56 - 2014-06-04 14:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan
Files to move or delete:
====================
C:\Users\Linus\AppData\Roaming\CamLayout.ini
C:\Users\Linus\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Linus\AppData\Local\Temp\7z920.exe
C:\Users\Linus\AppData\Local\Temp\AutoRun.exe
C:\Users\Linus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Linus\AppData\Local\Temp\avgnt.exe
C:\Users\Linus\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Linus\AppData\Local\Temp\CH.dll
C:\Users\Linus\AppData\Local\Temp\Copy.dll
C:\Users\Linus\AppData\Local\Temp\Delta.exe
C:\Users\Linus\AppData\Local\Temp\DeltaTB.exe
C:\Users\Linus\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Linus\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Linus\AppData\Local\Temp\drm_dyndata_7370010.dll
C:\Users\Linus\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Linus\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Linus\AppData\Local\Temp\f.exe
C:\Users\Linus\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Linus\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Linus\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Linus\AppData\Local\Temp\GothicVDFS.exe
C:\Users\Linus\AppData\Local\Temp\htmlayout.dll
C:\Users\Linus\AppData\Local\Temp\iiuninst.exe
C:\Users\Linus\AppData\Local\Temp\Installer.exe
C:\Users\Linus\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Linus\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Linus\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Linus\AppData\Local\Temp\libsndfile.dll
C:\Users\Linus\AppData\Local\Temp\MFC71.dll
C:\Users\Linus\AppData\Local\Temp\MFC71DEU.DLL
C:\Users\Linus\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\Linus\AppData\Local\Temp\msvcr71.dll
C:\Users\Linus\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Linus\AppData\Local\Temp\nscA83B.exe
C:\Users\Linus\AppData\Local\Temp\nsdC239.exe
C:\Users\Linus\AppData\Local\Temp\nshA59B.exe
C:\Users\Linus\AppData\Local\Temp\nsm76CC.exe
C:\Users\Linus\AppData\Local\Temp\nsr795C.exe
C:\Users\Linus\AppData\Local\Temp\ose00000.exe
C:\Users\Linus\AppData\Local\Temp\ose00001.exe
C:\Users\Linus\AppData\Local\Temp\rad28223.tmp_update.exe
C:\Users\Linus\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Linus\AppData\Local\Temp\sdapskill.exe
C:\Users\Linus\AppData\Local\Temp\sdaspwn.exe
C:\Users\Linus\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Linus\AppData\Local\Temp\sprachrohr.exe
C:\Users\Linus\AppData\Local\Temp\SPSetup.exe
C:\Users\Linus\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Linus\AppData\Local\Temp\tmp21D.exe
C:\Users\Linus\AppData\Local\Temp\tmp3093.exe
C:\Users\Linus\AppData\Local\Temp\tmp390E.exe
C:\Users\Linus\AppData\Local\Temp\tmp655E.tmp.exe
C:\Users\Linus\AppData\Local\Temp\tmpFA1E.exe
C:\Users\Linus\AppData\Local\Temp\u-nqcksm.dll
C:\Users\Linus\AppData\Local\Temp\ubi16A1.tmp.exe
C:\Users\Linus\AppData\Local\Temp\ubi5E9A.tmp.exe
C:\Users\Linus\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Linus\AppData\Local\Temp\WSSetup.exe
C:\Users\Linus\AppData\Local\Temp\_is2490.exe
C:\Users\Linus\AppData\Local\Temp\_is2903.exe
C:\Users\Linus\AppData\Local\Temp\_is2FA7.exe
C:\Users\Linus\AppData\Local\Temp\_is4E10.exe
C:\Users\Linus\AppData\Local\Temp\_is5179.exe
C:\Users\Linus\AppData\Local\Temp\_is72EF.exe
C:\Users\Linus\AppData\Local\Temp\_is7CC.exe
C:\Users\Linus\AppData\Local\Temp\_is82B7.exe
C:\Users\Linus\AppData\Local\Temp\_is8A73.exe
C:\Users\Linus\AppData\Local\Temp\_isADCD.exe
C:\Users\Linus\AppData\Local\Temp\_isB157.exe
C:\Users\Linus\AppData\Local\Temp\_isB53C.exe
C:\Users\Linus\AppData\Local\Temp\_isB94.exe
C:\Users\Linus\AppData\Local\Temp\_isC535.exe
C:\Users\Linus\AppData\Local\Temp\_isE34C.exe
C:\Users\Linus\AppData\Local\Temp\_isEDF8.exe
C:\Users\Linus\AppData\Local\Temp\_isFD80.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 13:56
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-30 18:39:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP6T0L0-8 SAMSUNG_HD502HJ rev.1AJ100E4 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Linus\AppData\Local\Temp\pxldapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\services.exe[500] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000077620880 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[376] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000077620880 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\ProgramData\IePluginService\PluginService.exe[1428] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000100429100
.text C:\ProgramData\IePluginService\PluginService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\ProgramData\IePluginService\PluginService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2316] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000100b19100
.text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2544] C:\Windows\syswow64\KERNEL32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000100ba9100
.text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe[2708] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000100689100
.text C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000100bc9100
.text C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073961a22 2 bytes [96, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073961ad0 2 bytes [96, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073961b08 2 bytes [96, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073961bba 2 bytes [96, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073961bda 2 bytes [96, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2612] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000077620880 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3784] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000102dd9100
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3784] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3784] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4812] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075f38791 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4812] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 00000001006e9100
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Users\Linus\AppData\Local\Akamai\netsession_win.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Users\Linus\AppData\Local\Akamai\netsession_win.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[4852] C:\Windows\syswow64\KERNEL32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 00000001079a9100
.text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[4852] C:\Windows\syswow64\WS2_32.dll!sendto 00000000753334b5 5 bytes JMP 0000000104e91bb0
.text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[4852] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007534b30c 5 bytes JMP 0000000104e91bf0
.text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[4852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe[4852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Users\Linus\AppData\Local\Akamai\netsession_win.exe[4904] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000102129100
.text C:\Users\Linus\AppData\Local\Akamai\netsession_win.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Users\Linus\AppData\Local\Akamai\netsession_win.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\Live.exe[5052] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000102fc9100
.text C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\Live.exe[5052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\Live.exe[5052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[5152] C:\Windows\syswow64\KERNEL32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000104ae9100
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5852] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000077620880 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5836] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000077620880 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1248] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000100569100
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bb1465 2 bytes [BB, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bb14bb 2 bytes [BB, 75]
.text ... * 2
.text C:\Users\Linus\Desktop\Gmer-19357.exe[7856] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 0000000075fab2fe 5 bytes JMP 0000000103f79100
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [500:3800] 000000000160f430
Thread C:\Windows\system32\services.exe [500:3804] 000000000160f430
Thread C:\Windows\system32\services.exe [500:3808] 000000000160f430
Thread C:\Windows\system32\services.exe [500:3812] 000000000160f430
Thread C:\Windows\system32\services.exe [500:3820] 000000000162dc30
Thread C:\Windows\system32\services.exe [500:4072] 000000000162dc30
Thread C:\Windows\system32\svchost.exe [840:884] 0000000000b1f430
Thread C:\Windows\system32\svchost.exe [840:888] 0000000000b1f430
Thread C:\Windows\system32\svchost.exe [840:892] 0000000000b1f430
Thread C:\Windows\system32\svchost.exe [840:896] 0000000000b1f430
Thread C:\Windows\system32\svchost.exe [840:904] 0000000000b3dc30
Thread C:\Windows\system32\svchost.exe [376:1496] 00000000012cf430
Thread C:\Windows\system32\svchost.exe [376:1500] 00000000012cf430
Thread C:\Windows\system32\svchost.exe [376:1504] 00000000012cf430
Thread C:\Windows\system32\svchost.exe [376:1508] 00000000012cf430
Thread C:\Windows\system32\svchost.exe [376:1516] 00000000012edc30
Thread C:\Windows\system32\svchost.exe [376:1556] 00000000012edc30
Thread C:\Windows\System32\spoolsv.exe [1540:1220] 00000000020bf430
Thread C:\Windows\System32\spoolsv.exe [1540:1600] 00000000020bf430
Thread C:\Windows\System32\spoolsv.exe [1540:1608] 00000000020bf430
Thread C:\Windows\System32\spoolsv.exe [1540:1612] 00000000020bf430
Thread C:\Windows\system32\svchost.exe [2104:2188] 0000000000c1f430
Thread C:\Windows\system32\svchost.exe [2104:2192] 0000000000c1f430
Thread C:\Windows\system32\svchost.exe [2104:2196] 0000000000c1f430
Thread C:\Windows\system32\svchost.exe [2104:2200] 0000000000c1f430
Thread C:\Windows\system32\svchost.exe [2104:2208] 0000000000c3dc30
Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1776:3376] 0000000001ccf430
Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1776:3380] 0000000001ccf430
Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1776:3384] 0000000001ccf430
Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1776:3388] 0000000001ccf430
Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1776:3396] 0000000001cedc30
Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1776:3512] 0000000001cedc30
Thread C:\Windows\System32\alg.exe [3832:2616] 0000000000c1f430
Thread C:\Windows\System32\alg.exe [3832:2284] 0000000000c1f430
Thread C:\Windows\System32\alg.exe [3832:2520] 0000000000c1f430
Thread C:\Windows\System32\alg.exe [3832:3868] 0000000000c1f430
Thread C:\Windows\System32\alg.exe [3832:3900] 0000000000c3dc30
Thread C:\Windows\System32\alg.exe [3832:4320] 0000000000c3dc30
Thread C:\Windows\system32\svchost.exe [4220:4380] 000000000054f430
Thread C:\Windows\system32\svchost.exe [4220:4384] 000000000054f430
Thread C:\Windows\system32\svchost.exe [4220:4388] 000000000054f430
Thread C:\Windows\system32\svchost.exe [4220:4392] 000000000054f430
Thread C:\Windows\system32\svchost.exe [4220:4400] 000000000056dc30
Thread C:\Windows\system32\svchost.exe [4220:4464] 000000000056dc30
Thread C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4812:4440] 00000000006ec3f0
Thread C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4812:4596] 00000000006ec3f0
Thread C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4812:4620] 00000000006ec3f0
Thread C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4812:4628] 00000000006ec3f0
Thread C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4812:1680] 0000000000704f30
Thread C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4812:120] 0000000000704f30
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5836:5280] 000000000122f430
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5836:5648] 000000000122f430
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5836:4368] 000000000122f430
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5836:1216] 000000000122f430
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5836:4536] 000000000124dc30
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5836:6148] 000000000124dc30
Thread C:\Windows\System32\svchost.exe [5164:4364] 000000000062f430
Thread C:\Windows\System32\svchost.exe [5164:4104] 000000000062f430
Thread C:\Windows\System32\svchost.exe [5164:5084] 000000000062f430
Thread C:\Windows\System32\svchost.exe [5164:5364] 000000000062f430
Thread C:\Windows\System32\svchost.exe [5164:5484] 000000000064dc30
Thread C:\Windows\System32\svchost.exe [5164:5412] 000000000064dc30
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2544] (FreemakeUtilsService/Freemake)(2012-02-19 08:08:06) 0000000000e10000
Library C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\libcef.dll (*** suspicious ***) @ C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\Live.exe [5052](2012-04-26 22:38:30) 0000000068c10000
Library C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\icudt.dll (*** suspicious ***) @ C:\Users\Linus\AppData\Local\GamersFirst\LIVE!\Live.exe [5052] (ICU Data DLL/The ICU Project)(2012-04-26 22:38:30) 0000000074060000
---- EOF - GMER 2.1 ----
Geändert von Knaeckebrot (30.06.2014 um 18:06 Uhr) Grund: Addition.txt ist zu groß |
Baum-Darstellung