Super, da ist ja das erste Combofix-Log.
Combofix2.txt: Code:
ComboFix 13-07-08.04 - Martin 09.07.2013 9:50.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16279.14159 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-09 bis 2013-07-09 ))))))))))))))))))))))))))))))
.
.
2013-07-09 07:54 . 2013-07-09 07:54 -------- d-----w- c:\users\matt\AppData\Local\temp
2013-07-09 07:54 . 2013-07-09 07:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-08 23:17 . 2013-07-08 23:17 -------- d-----w- c:\users\Martin\AppData\Roaming\Opera Software
2013-07-08 23:17 . 2013-07-08 23:17 -------- d-----w- c:\users\Martin\AppData\Local\Opera Software
2013-07-08 22:44 . 2013-07-08 22:44 -------- d-----w- C:\FRST
2013-07-07 21:29 . 2013-07-07 21:29 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-07-07 21:29 . 2013-07-07 21:29 -------- d-----w- c:\programdata\Malwarebytes
2013-07-07 21:04 . 2013-07-07 21:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-07 18:52 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-07-07 18:50 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-07-07 18:19 . 2013-07-07 18:19 -------- d-----w- c:\program files\Microsoft LifeCam
2013-07-07 18:19 . 2013-07-07 18:19 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2013-07-07 18:18 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-07-07 18:18 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-07-07 18:18 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-07-07 18:18 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-07-07 18:16 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-07-07 18:16 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-07-07 18:16 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-07-07 18:16 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-07-07 18:16 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-07-07 18:16 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-07 18:16 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-07 18:16 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-07 18:16 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-07-07 18:16 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-07 18:16 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-07 18:16 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-07 18:16 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-07-07 18:15 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-07 18:15 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-07-07 18:15 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-07-07 18:15 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-07-07 18:15 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-07-07 18:15 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-07-07 17:01 . 2013-07-07 17:01 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-07 17:01 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-07-07 17:01 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-07-07 17:01 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-07-07 17:01 . 2013-07-07 17:01 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-07 17:01 . 2013-07-07 17:01 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-07 17:01 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-07 17:01 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-07 17:01 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-07 17:01 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-14 23:16 . 2013-06-14 23:16 -------- d-----w- c:\users\Martin\AppData\Roaming\stetic
2013-06-14 23:15 . 2013-06-14 23:16 -------- d-----w- c:\users\Martin\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-14 23:15 . 2013-06-14 23:16 -------- d-----w- c:\users\Martin\AppData\Local\MonoDevelop-Unity-2.8
2013-06-14 20:48 . 2013-06-14 20:49 -------- d-----w- c:\users\Martin\AppData\Roaming\Unity
2013-06-14 20:46 . 2013-06-14 20:46 -------- d-----w- c:\users\Martin\AppData\Roaming\Apple Computer
2013-06-14 20:46 . 2013-06-14 20:46 -------- d-----w- c:\users\Martin\AppData\Local\Apple Computer
2013-06-14 20:46 . 2013-07-03 13:22 -------- d-----w- c:\programdata\Unity
2013-06-11 18:30 . 2013-06-13 21:45 -------- d-----w- c:\users\Martin\AppData\Roaming\HexChat
2013-06-11 18:30 . 2013-06-11 18:30 -------- d-----w- c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-07 16:51 . 2012-09-30 15:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-07 16:51 . 2012-09-30 15:03 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49 . 2013-07-07 18:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-07-07 18:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-07-07 18:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-07-07 18:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-07-07 18:52 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-07-07 18:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2009-09-27 08:39 369152 --sh--w- c:\windows\SysWOW64\avisynth.dll
2005-07-14 11:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 09:11 719872 --sh--w- c:\windows\SysWOW64\devil.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2004-01-24 23:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 18:54 188416 --sha-r- c:\windows\SysWOW64\winDCE32.dll
2004-01-24 23:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"LogMeIn Hamachi Ui"="f:\logmein hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"avast"="f:\avast software\Avast\avastUI.exe" [2013-05-09 4858968]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\logmein hamachi\hamachi-2.exe;f:\logmein hamachi\hamachi-2.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617326000-1486708450-1060777791-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 10:31]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617326000-1486708450-1060777791-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 10:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- f:\avast software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8w2pcce5.default\
FF - ExtSQL: 2013-07-07 19:01; wrc@avast.com; f:\avast software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-31771550.sys
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-PlanetSide 2 Beta - f:\planetside 2 beta\Uninstaller.exe
AddRemove-UnityWebPlayer - c:\users\Martin\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-617326000-1486708450-1060777791-1000\Software\SecuROM\License information*]
"datasecu"=hex:6f,5d,0d,89,4b,1b,6a,db,e4,37,f6,93,cb,0d,64,07,95,b2,df,cb,e1,
c1,a6,d7,5a,41,9d,a5,e9,ef,a7,71,af,ef,31,b0,8c,90,96,06,41,4d,07,e7,ff,9e,\
"rkeysecu"=hex:1d,5f,4b,9d,d6,51,5b,fd,4a,79,99,5d,16,8b,3a,32
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-09 09:55:08
ComboFix-quarantined-files.txt 2013-07-09 07:55
.
Vor Suchlauf: 10 Verzeichnis(se), 38.177.050.624 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 37.778.898.944 Bytes frei
.
- - End Of File - - 01E62505AA6FAE8DC0F7CD9CCB5972E5
A36C5E4F47E84449FF07ED3517B43A31
AdwCleaner Log: Code:
# AdwCleaner v2.304 - Datei am 09/07/2013 um 11:11:02 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Martin - CHEESEBLOCK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8w2pcce5.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [949 octets] - [09/07/2013 11:11:02]
########## EOF - C:\AdwCleaner[S1].txt - [1008 octets] ##########
JRT.txt: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.1 (07.08.2013:5)
OS: Windows 7 Professional x64
Ran by Martin on 09.07.2013 at 11:14:16,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2013 at 11:16:33,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frisches FRST Log.
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-07-2013
Ran by Martin (administrator) on 09-07-2013 11:20:20
Running from C:\Users\Martin\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) F:\AVAST Software\Avast\AvastSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(LogMeIn Inc.) F:\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) F:\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn Inc.) F:\LogMeIn Hamachi\hamachi-2.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [6900024 2012-07-24] (Logitech Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "F:\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKLM-x32\...\Run: [avast] "F:\AVAST Software\Avast\avastUI.exe" /nogui [x]
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - F:\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - F:\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\AVAST Software\Avast\aswWebRepIE.dll No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8w2pcce5.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] F:\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - F:\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Turn Off the Lights) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.6_0
CHR Extension: (James White) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Wunderlist - To-do & Task List) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\2.1.1_0
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
==================== Services (Whitelisted) =================
R2 avast! Antivirus; F:\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
R2 Hamachi2Svc; F:\LogMeIn Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-16] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-09-30] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [59224 2011-09-22] (Focusrite Audio Engineering Limited.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-09-30] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-09 11:16 - 2013-07-09 11:16 - 00000626 ____A C:\Users\Martin\Desktop\JRT.txt
2013-07-09 11:14 - 2013-07-09 11:14 - 00000000 ____D C:\Windows\ERUNT
2013-07-09 11:11 - 2013-07-09 11:11 - 00001077 ____A C:\AdwCleaner[S1].txt
2013-07-09 11:07 - 2013-07-09 11:07 - 00552081 ____A (Oleg N. Scherbakov) C:\Users\Martin\Desktop\JRT.exe
2013-07-09 11:04 - 2013-07-09 11:04 - 00650027 ____A C:\Users\Martin\Desktop\adwcleaner.exe
2013-07-09 10:09 - 2013-07-09 10:07 - 00018128 ____A C:\Users\Martin\Desktop\ComboFix.txt
2013-07-09 10:07 - 2013-07-09 10:07 - 00018128 ____A C:\ComboFix.txt
2013-07-09 09:49 - 2013-07-09 10:07 - 00000000 ____D C:\Qoobox
2013-07-09 09:49 - 2013-07-09 09:54 - 00000000 ____D C:\Windows\erdnt
2013-07-09 09:49 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-09 09:49 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-09 09:49 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-09 09:49 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-09 09:49 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-09 09:49 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-09 09:49 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-09 09:49 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-09 09:42 - 2013-07-09 09:42 - 05086951 ____R (Swearware) C:\Users\Martin\Desktop\ComboFix.exe
2013-07-09 01:17 - 2013-07-09 01:17 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Opera Software
2013-07-09 01:17 - 2013-07-09 01:17 - 00000000 ____D C:\Users\Martin\AppData\Local\Opera Software
2013-07-09 00:45 - 2013-07-09 00:45 - 00020090 ____A C:\Users\Martin\Desktop\Addition.txt
2013-07-09 00:44 - 2013-07-09 00:44 - 00000000 ____D C:\FRST
2013-07-09 00:43 - 2013-07-09 00:43 - 01934554 ____A (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2013-07-08 21:40 - 2013-07-08 21:40 - 00353391 ____A C:\Users\Martin\Desktop\Gmer.txt
2013-07-08 21:21 - 2013-07-08 21:21 - 00091340 ____A C:\Users\Martin\Desktop\Extras.Txt
2013-07-08 21:20 - 2013-07-08 21:20 - 00094020 ____A C:\Users\Martin\Desktop\OTL.Txt
2013-07-08 21:17 - 2013-07-08 21:12 - 00377856 ____A C:\Users\Martin\Desktop\gmer_2.1.19163.exe
2013-07-08 21:07 - 2013-07-08 21:07 - 00002639 ____A C:\Users\Martin\Desktop\trojboard_anweisung.txt
2013-07-08 21:05 - 2013-07-08 21:06 - 00000000 ____D C:\Users\Martin\Desktop\GE Project
2013-07-08 21:04 - 2013-07-08 21:05 - 00602112 ____A (OldTimer Tools) C:\Users\Martin\Desktop\OTL.exe
2013-07-08 21:04 - 2013-07-08 21:04 - 00000000 ____A C:\Users\Martin\defogger_reenable
2013-07-08 16:45 - 2013-07-08 16:46 - 00004608 ____A C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-08 14:38 - 2013-07-08 14:38 - 00000000 ____D C:\Windows\pss
2013-07-08 13:33 - 2013-07-08 13:34 - 00000499 ____A C:\Users\Martin\Desktop\scans.txt
2013-07-08 12:32 - 2013-07-08 12:32 - 00003788 ____A C:\Users\Martin\Desktop\Rkill.txt
2013-07-08 12:32 - 2013-07-08 12:32 - 00000000 ____D C:\Users\Martin\Desktop\rkill
2013-07-07 23:29 - 2013-07-07 23:29 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Malwarebytes
2013-07-07 23:29 - 2013-07-07 23:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-07 23:21 - 2013-07-09 10:10 - 00004678 ____A C:\Windows\PFRO.log
2013-07-07 23:04 - 2013-07-07 23:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-07 20:53 - 2012-12-07 15:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-07-07 20:53 - 2012-12-07 15:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-07-07 20:53 - 2012-12-07 14:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-07-07 20:53 - 2012-12-07 14:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-07 20:53 - 2012-12-07 13:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-07-07 20:53 - 2012-12-07 13:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-07-07 20:53 - 2012-12-07 13:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-07-07 20:53 - 2012-12-07 13:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-07-07 20:53 - 2012-12-07 13:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-07-07 20:53 - 2012-12-07 13:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-07-07 20:53 - 2012-12-07 13:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-07-07 20:53 - 2012-12-07 13:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-07-07 20:53 - 2012-12-07 13:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-07-07 20:53 - 2012-12-07 13:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-07-07 20:53 - 2012-12-07 13:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-07-07 20:53 - 2012-12-07 13:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-07-07 20:53 - 2012-12-07 13:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-07-07 20:53 - 2012-12-07 13:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-07-07 20:53 - 2012-12-07 12:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-07-07 20:53 - 2012-10-03 19:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-07-07 20:53 - 2012-10-03 19:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-07-07 20:53 - 2012-10-03 19:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-07-07 20:53 - 2012-10-03 19:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-07-07 20:53 - 2012-10-03 19:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-07-07 20:53 - 2012-10-03 19:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-07-07 20:53 - 2012-10-03 18:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-07-07 20:53 - 2012-10-03 18:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-07-07 20:53 - 2012-10-03 18:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-07-07 20:53 - 2012-10-03 18:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-07-07 20:53 - 2012-01-13 09:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-07 20:52 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-07-07 20:52 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-07 20:52 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-07-07 20:52 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-07-07 20:52 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-07-07 20:52 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-07-07 20:52 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-07-07 20:52 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-07-07 20:52 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-07-07 20:52 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-07 20:52 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-07 20:52 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-07 20:52 - 2012-11-30 07:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-07-07 20:52 - 2012-11-30 07:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-07-07 20:52 - 2012-11-30 07:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-07-07 20:52 - 2012-11-30 07:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-07-07 20:52 - 2012-11-30 07:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-07-07 20:52 - 2012-11-30 07:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-07 20:52 - 2012-11-30 06:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 05:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-07-07 20:52 - 2012-11-30 04:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 04:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 04:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 04:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-07-07 20:52 - 2012-11-30 01:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-07-07 20:52 - 2012-11-30 01:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-07-07 20:52 - 2012-11-23 05:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-07-07 20:52 - 2012-11-22 07:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-07-07 20:52 - 2012-11-22 06:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-07 20:52 - 2012-11-09 07:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-07-07 20:52 - 2012-11-09 06:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-07 20:52 - 2012-10-09 20:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-07-07 20:52 - 2012-10-09 20:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-07-07 20:52 - 2012-10-09 19:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-07-07 20:52 - 2012-10-09 19:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-07-07 20:50 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-07-07 20:19 - 2013-07-07 20:19 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-07-07 20:19 - 2013-07-07 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-07-07 20:18 - 2012-12-16 19:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-07-07 20:18 - 2012-12-16 16:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-07-07 20:18 - 2012-12-16 16:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-07 20:18 - 2012-12-16 16:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-07 20:17 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-07-07 20:17 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-07-07 20:17 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-07-07 20:17 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-07-07 20:17 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-07 20:17 - 2013-02-15 08:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-07 20:17 - 2013-02-15 08:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-07 20:17 - 2013-02-15 08:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-07 20:17 - 2013-02-15 06:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-07 20:17 - 2013-02-15 06:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-07 20:17 - 2013-02-15 05:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-07 20:17 - 2013-02-12 06:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2013-07-07 20:17 - 2013-02-12 06:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-07-07 20:17 - 2013-01-04 07:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-07-07 20:17 - 2013-01-04 06:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-07 20:17 - 2013-01-04 04:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-07 20:17 - 2013-01-04 04:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-07 20:17 - 2013-01-04 04:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-07 20:17 - 2013-01-04 04:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-07 20:17 - 2013-01-03 08:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-07-07 20:17 - 2012-11-20 07:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-07-07 20:17 - 2012-11-20 06:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-07-07 20:17 - 2012-11-02 07:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-07-07 20:17 - 2012-11-02 07:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-07 20:17 - 2012-11-01 07:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-07-07 20:17 - 2012-11-01 07:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-07-07 20:17 - 2012-11-01 06:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-07 20:17 - 2012-11-01 06:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-07 20:17 - 2012-09-26 00:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-07-07 20:16 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-07-07 20:16 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-07-07 20:16 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-07-07 20:16 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-07-07 20:16 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-07 20:16 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-07 20:16 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-07 20:16 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-07-07 20:16 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-07 20:16 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-07-07 20:16 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-07-07 20:16 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-07 20:16 - 2012-09-26 00:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-07 20:15 - 2013-03-19 08:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-07-07 20:15 - 2013-03-19 07:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-07-07 20:15 - 2013-03-19 07:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-07 20:15 - 2013-03-19 07:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-07 20:15 - 2013-03-19 06:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-07 20:15 - 2013-03-19 05:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-07-07 19:01 - 2013-07-07 19:01 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-07 19:01 - 2013-07-07 19:01 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-07 19:01 - 2013-07-07 19:01 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-07 19:01 - 2013-07-07 19:01 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-07 19:01 - 2013-07-07 19:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-07 19:01 - 2013-07-07 19:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-07 19:01 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-07-07 19:01 - 2013-05-09 10:59 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-07-07 19:01 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-07-07 19:01 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-07-07 19:01 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-07-07 19:01 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-07-07 19:01 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-07-07 18:29 - 2013-07-07 18:29 - 00008398 ____A C:\Users\Martin\Desktop\cc_20130707_182939.reg
2013-07-07 18:25 - 2013-07-09 11:18 - 02440963 ____A C:\Windows\setupact.log
2013-07-07 18:25 - 2013-07-07 18:25 - 00000000 ____A C:\Windows\setuperr.log
2013-07-07 18:24 - 2013-07-07 18:24 - 00052188 ____A C:\Users\Martin\Desktop\cc_20130707_182425.reg
2013-07-02 22:44 - 2013-07-02 22:44 - 00000202 ____A C:\Users\Martin\Desktop\Deadpool.url
2013-07-01 00:59 - 2013-07-01 00:59 - 00290381 ____A C:\Users\Martin\Desktop\Kiste.c4d
2013-06-27 16:40 - 2013-06-27 16:40 - 00018022 ____A C:\Users\Martin\Desktop\Farbenfroh.esp
2013-06-26 18:58 - 2013-06-26 18:58 - 00000000 ____D C:\Users\Martin\Desktop\Fackelfarben
2013-06-26 18:45 - 2013-06-26 18:45 - 15530220 ____A C:\Users\Martin\Desktop\Fackelfarben.rar
2013-06-17 23:03 - 2013-06-17 23:03 - 00416436 ____A C:\Users\Martin\Desktop\Stalker paradise2.pptx
2013-06-17 22:46 - 2013-06-17 22:46 - 00000000 ____D C:\Users\Martin\Desktop\Clickdummy_stalkerparadise
2013-06-17 20:52 - 2013-06-17 20:52 - 00640952 ____A C:\Users\Martin\Desktop\Farbenfroh (2).rar
2013-06-17 13:18 - 2013-06-17 13:18 - 00638653 ____A C:\Users\Martin\Desktop\Farbenfroh (1).rar
2013-06-17 10:34 - 2013-06-17 10:34 - 00658111 ____A C:\Users\Martin\Desktop\Farbenfroh.rar
2013-06-16 23:27 - 2013-06-16 23:27 - 34365484 ____A C:\Users\Martin\Desktop\shmaatz isht shlimm - tün leidet.wav
2013-06-15 18:23 - 2013-06-15 18:23 - 04969330 ____A C:\Users\Martin\Desktop\Harvest_Flora_for_Nehrim-40558-V1.rar
2013-06-15 01:16 - 2013-06-15 01:16 - 00000000 ____D C:\Users\Martin\AppData\Roaming\stetic
2013-06-15 01:15 - 2013-06-15 01:16 - 00000000 ____D C:\Users\Martin\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-15 01:15 - 2013-06-15 01:16 - 00000000 ____D C:\Users\Martin\AppData\Local\MonoDevelop-Unity-2.8
2013-06-14 22:48 - 2013-06-14 22:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Unity
2013-06-14 22:46 - 2013-07-03 15:22 - 00000000 ____D C:\ProgramData\Unity
2013-06-14 22:46 - 2013-06-14 22:46 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Apple Computer
2013-06-14 22:46 - 2013-06-14 22:46 - 00000000 ____D C:\Users\Martin\AppData\Local\Apple Computer
2013-06-14 14:41 - 2013-06-29 21:34 - 00000000 ____D C:\Users\Martin\Desktop\plaster and concrete
2013-06-12 23:54 - 2013-06-12 23:54 - 00000661 ____A C:\Users\Public\Desktop\Unity.lnk
2013-06-12 23:54 - 2013-06-12 23:54 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-06-12 17:41 - 2013-06-12 17:41 - 00008644 ____A C:\Users\Martin\Desktop\Nehrim XP Progess Bar DV.rar
2013-06-11 20:30 - 2013-06-13 23:45 - 00000000 ____D C:\Users\Martin\AppData\Roaming\HexChat
2013-06-11 20:30 - 2013-06-11 20:30 - 00000000 ____D C:\ProgramData\Package Cache
==================== One Month Modified Files and Folders =======
2013-07-09 11:18 - 2013-07-07 18:25 - 02440963 ____A C:\Windows\setupact.log
2013-07-09 11:18 - 2013-01-17 20:04 - 00000000 ____D C:\Users\Martin\AppData\Local\LogMeIn Hamachi
2013-07-09 11:18 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 11:17 - 2012-11-07 20:47 - 01295037 ____A C:\Windows\WindowsUpdate.log
2013-07-09 11:17 - 2009-07-14 06:45 - 00021808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 11:17 - 2009-07-14 06:45 - 00021808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 11:16 - 2013-07-09 11:16 - 00000626 ____A C:\Users\Martin\Desktop\JRT.txt
2013-07-09 11:14 - 2013-07-09 11:14 - 00000000 ____D C:\Windows\ERUNT
2013-07-09 11:11 - 2013-07-09 11:11 - 00001077 ____A C:\AdwCleaner[S1].txt
2013-07-09 11:07 - 2013-07-09 11:07 - 00552081 ____A (Oleg N. Scherbakov) C:\Users\Martin\Desktop\JRT.exe
2013-07-09 11:04 - 2013-07-09 11:04 - 00650027 ____A C:\Users\Martin\Desktop\adwcleaner.exe
2013-07-09 10:58 - 2012-09-30 12:31 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617326000-1486708450-1060777791-1000UA.job
2013-07-09 10:16 - 2011-04-12 09:43 - 00696714 ____A C:\Windows\System32\perfh007.dat
2013-07-09 10:16 - 2011-04-12 09:43 - 00148010 ____A C:\Windows\System32\perfc007.dat
2013-07-09 10:16 - 2009-07-14 07:13 - 01612864 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 10:10 - 2013-07-07 23:21 - 00004678 ____A C:\Windows\PFRO.log
2013-07-09 10:07 - 2013-07-09 10:09 - 00018128 ____A C:\Users\Martin\Desktop\ComboFix.txt
2013-07-09 10:07 - 2013-07-09 10:07 - 00018128 ____A C:\ComboFix.txt
2013-07-09 10:07 - 2013-07-09 09:49 - 00000000 ____D C:\Qoobox
2013-07-09 10:07 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-09 09:54 - 2013-07-09 09:49 - 00000000 ____D C:\Windows\erdnt
2013-07-09 09:42 - 2013-07-09 09:42 - 05086951 ____R (Swearware) C:\Users\Martin\Desktop\ComboFix.exe
2013-07-09 01:17 - 2013-07-09 01:17 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Opera Software
2013-07-09 01:17 - 2013-07-09 01:17 - 00000000 ____D C:\Users\Martin\AppData\Local\Opera Software
2013-07-09 00:45 - 2013-07-09 00:45 - 00020090 ____A C:\Users\Martin\Desktop\Addition.txt
2013-07-09 00:44 - 2013-07-09 00:44 - 00000000 ____D C:\FRST
2013-07-09 00:43 - 2013-07-09 00:43 - 01934554 ____A (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2013-07-09 00:25 - 2012-10-02 20:11 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Audacity
2013-07-09 00:20 - 2012-10-01 10:48 - 00000023 ____A C:\Windows\BlendSettings.ini
2013-07-08 22:58 - 2012-09-30 12:31 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617326000-1486708450-1060777791-1000Core.job
2013-07-08 21:40 - 2013-07-08 21:40 - 00353391 ____A C:\Users\Martin\Desktop\Gmer.txt
2013-07-08 21:21 - 2013-07-08 21:21 - 00091340 ____A C:\Users\Martin\Desktop\Extras.Txt
2013-07-08 21:20 - 2013-07-08 21:20 - 00094020 ____A C:\Users\Martin\Desktop\OTL.Txt
2013-07-08 21:12 - 2013-07-08 21:17 - 00377856 ____A C:\Users\Martin\Desktop\gmer_2.1.19163.exe
2013-07-08 21:07 - 2013-07-08 21:07 - 00002639 ____A C:\Users\Martin\Desktop\trojboard_anweisung.txt
2013-07-08 21:06 - 2013-07-08 21:05 - 00000000 ____D C:\Users\Martin\Desktop\GE Project
2013-07-08 21:05 - 2013-07-08 21:04 - 00602112 ____A (OldTimer Tools) C:\Users\Martin\Desktop\OTL.exe
2013-07-08 21:04 - 2013-07-08 21:04 - 00000000 ____A C:\Users\Martin\defogger_reenable
2013-07-08 21:04 - 2012-11-07 20:34 - 00000000 ____D C:\users\Martin
2013-07-08 16:46 - 2013-07-08 16:45 - 00004608 ____A C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-08 14:38 - 2013-07-08 14:38 - 00000000 ____D C:\Windows\pss
2013-07-08 13:34 - 2013-07-08 13:33 - 00000499 ____A C:\Users\Martin\Desktop\scans.txt
2013-07-08 12:32 - 2013-07-08 12:32 - 00003788 ____A C:\Users\Martin\Desktop\Rkill.txt
2013-07-08 12:32 - 2013-07-08 12:32 - 00000000 ____D C:\Users\Martin\Desktop\rkill
2013-07-08 11:46 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-08 01:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-07 23:29 - 2013-07-07 23:29 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Malwarebytes
2013-07-07 23:29 - 2013-07-07 23:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-07 23:11 - 2013-07-07 23:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-07 22:27 - 2013-02-13 21:35 - 01589822 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-07 21:16 - 2012-11-07 21:00 - 00162592 ____A C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-07 21:14 - 2009-07-14 06:45 - 10065392 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-07 21:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-07 20:42 - 2012-10-22 18:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-07 20:42 - 2012-10-22 18:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-07 20:19 - 2013-07-07 20:19 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-07-07 20:19 - 2013-07-07 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-07-07 19:01 - 2013-07-07 19:01 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-07 19:01 - 2013-07-07 19:01 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-07 19:01 - 2013-07-07 19:01 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-07 19:01 - 2013-07-07 19:01 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-07 19:01 - 2013-07-07 19:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-07 19:01 - 2013-07-07 19:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-07 19:01 - 2012-09-30 22:34 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-07-07 19:01 - 2012-09-30 22:33 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-07 18:51 - 2012-10-03 01:43 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2013-07-07 18:51 - 2012-09-30 17:03 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-07 18:51 - 2012-09-30 17:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-07 18:29 - 2013-07-07 18:29 - 00008398 ____A C:\Users\Martin\Desktop\cc_20130707_182939.reg
2013-07-07 18:25 - 2013-07-07 18:25 - 00000000 ____A C:\Windows\setuperr.log
2013-07-07 18:24 - 2013-07-07 18:24 - 00052188 ____A C:\Users\Martin\Desktop\cc_20130707_182425.reg
2013-07-07 18:23 - 2012-11-07 20:29 - 00000000 ____D C:\Windows\Panther
2013-07-07 18:23 - 2012-10-03 01:38 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Azureus
2013-07-07 16:37 - 2012-10-17 18:46 - 00000132 ____A C:\Users\Martin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-07-04 18:58 - 2012-10-17 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 15:22 - 2013-06-14 22:46 - 00000000 ____D C:\ProgramData\Unity
2013-07-03 04:16 - 2012-09-30 15:28 - 00000000 ____D C:\Users\Martin\Documents\My Games
2013-07-02 23:07 - 2012-10-01 18:48 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2013-07-02 22:44 - 2013-07-02 22:44 - 00000202 ____A C:\Users\Martin\Desktop\Deadpool.url
2013-07-01 00:59 - 2013-07-01 00:59 - 00290381 ____A C:\Users\Martin\Desktop\Kiste.c4d
2013-06-30 14:36 - 2012-10-06 14:18 - 00000000 ____D C:\Users\Martin\AppData\Local\Skyrim
2013-06-30 14:35 - 2012-12-24 13:09 - 00000000 ____D C:\Users\Martin\Documents\Nexus Mod Manager
2013-06-29 21:34 - 2013-06-14 14:41 - 00000000 ____D C:\Users\Martin\Desktop\plaster and concrete
2013-06-27 16:40 - 2013-06-27 16:40 - 00018022 ____A C:\Users\Martin\Desktop\Farbenfroh.esp
2013-06-26 18:58 - 2013-06-26 18:58 - 00000000 ____D C:\Users\Martin\Desktop\Fackelfarben
2013-06-26 18:45 - 2013-06-26 18:45 - 15530220 ____A C:\Users\Martin\Desktop\Fackelfarben.rar
2013-06-23 20:54 - 2012-09-30 12:31 - 00002331 ____A C:\Users\Martin\Desktop\Google Chrome.lnk
2013-06-19 14:28 - 2012-12-29 14:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\GetRightToGo
2013-06-18 21:27 - 2013-04-30 02:23 - 00000000 ____D C:\Users\Martin\AppData\Local\Game Dev Tycoon
2013-06-17 23:03 - 2013-06-17 23:03 - 00416436 ____A C:\Users\Martin\Desktop\Stalker paradise2.pptx
2013-06-17 22:46 - 2013-06-17 22:46 - 00000000 ____D C:\Users\Martin\Desktop\Clickdummy_stalkerparadise
2013-06-17 20:52 - 2013-06-17 20:52 - 00640952 ____A C:\Users\Martin\Desktop\Farbenfroh (2).rar
2013-06-17 13:18 - 2013-06-17 13:18 - 00638653 ____A C:\Users\Martin\Desktop\Farbenfroh (1).rar
2013-06-17 10:34 - 2013-06-17 10:34 - 00658111 ____A C:\Users\Martin\Desktop\Farbenfroh.rar
2013-06-16 23:27 - 2013-06-16 23:27 - 34365484 ____A C:\Users\Martin\Desktop\shmaatz isht shlimm - tün leidet.wav
2013-06-16 18:55 - 2012-12-24 13:09 - 00000604 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2013-06-15 18:23 - 2013-06-15 18:23 - 04969330 ____A C:\Users\Martin\Desktop\Harvest_Flora_for_Nehrim-40558-V1.rar
2013-06-15 13:56 - 2013-01-12 03:10 - 00001456 ____A C:\Users\Martin\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-06-15 01:16 - 2013-06-15 01:16 - 00000000 ____D C:\Users\Martin\AppData\Roaming\stetic
2013-06-15 01:16 - 2013-06-15 01:15 - 00000000 ____D C:\Users\Martin\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-15 01:16 - 2013-06-15 01:15 - 00000000 ____D C:\Users\Martin\AppData\Local\MonoDevelop-Unity-2.8
2013-06-14 22:49 - 2013-06-14 22:48 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Unity
2013-06-14 22:46 - 2013-06-14 22:46 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Apple Computer
2013-06-14 22:46 - 2013-06-14 22:46 - 00000000 ____D C:\Users\Martin\AppData\Local\Apple Computer
2013-06-14 22:46 - 2013-04-13 22:37 - 00000000 ____D C:\Users\Martin\AppData\Local\Unity
2013-06-13 23:45 - 2013-06-11 20:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\HexChat
2013-06-12 23:54 - 2013-06-12 23:54 - 00000661 ____A C:\Users\Public\Desktop\Unity.lnk
2013-06-12 23:54 - 2013-06-12 23:54 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-06-12 17:41 - 2013-06-12 17:41 - 00008644 ____A C:\Users\Martin\Desktop\Nehrim XP Progess Bar DV.rar
2013-06-11 20:30 - 2013-06-11 20:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-10 18:07 - 2012-10-09 18:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Origin
2013-06-10 18:07 - 2012-10-09 18:07 - 00000000 ____D C:\ProgramData\Origin
2013-06-10 18:03 - 2012-10-09 18:08 - 00000000 ____D C:\Users\Martin\AppData\Local\Origin
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 05:59
==================== End Of Log ============================ --- --- --- |