Welcome to Smokey's Security Forums.
Guests only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

CCleaner Compromised to Gather and Transmit Information About Its Users

Piriform, the company that makes the popular CCleaner application, just announced that their application was hijacked and used to gather information about its users and send it to an unknown party.

CCleaner Compromised to Gather and Transmit Information About Its Users

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: [INACTIVE] PC goes Standby and runs Windows Calculater by itself  (Read 4895 times)

0 Members and 1 Guest are viewing this topic.

LollleTopic starter

  • Member
  • *
  • Offline Offline
  • Posts: 7
Hello,

I've already asked for help in another forum, posted an OTL-Log, overwrote my MBR, tried to save my data onto my external hard disk, checked the "autorun.inf", as I was told, and finally reformate my internal hard disk.
Some days later, the same problems appear again. My guess is, that the infection remained on my external hard disk and checking the "autorun.inf" was no use.

Thank you for your help.

PS.: Please excuse my grammer as English isn't my first language (I am from Germany).

OTL logfile created on: 14.05.2013 18:42:36 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thorben\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,69% Memory free
5,99 Gb Paging File | 3,88 Gb Available in Paging File | 64,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 439,23 Gb Free Space | 94,32% Space Free | Partition Type: NTFS
 
Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thorben\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.149\deploy\LoLLauncher.exe ()
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\WLAN-Stick\ZyXEL G-220 v2.exe (ZyXEL Technology Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\24b67c1b2ec7be301ca76726b4b205c1\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36b839247bd1d22a7fd014a74abe9729\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7d3a95d2123d5a7982a451f1319fab8d\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.149\deploy\LoLLauncher.exe ()
MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Programme\WLAN-Stick\ZDWlan.dll ()
MOD - C:\Programme\WLAN-Stick\NICDLL.dll ()
MOD - C:\Programme\WLAN-Stick\dot1x_dll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (ZY760_XP) -- C:\Windows\System32\drivers\WlanUZXP.SYS (ZyDAS Technology Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 A5 BB DD 5F 4D CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.12 19:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.09 21:51:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.05.13 18:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Extensions
[2013.05.13 18:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2013.05.12 19:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\730tr6yp.default\extensions
[2013.05.12 19:09:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\730tr6yp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.12 19:09:05 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\730tr6yp.default\extensions\ich@maltegoetz.de
[2013.05.12 19:08:32 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\firefox\profiles\730tr6yp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.09 21:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.12 19:10:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BD2E360-9AAA-43C9-81F7-E8EB31034541}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{540C6002-A1D4-4BAC-AE0F-086E05C120DB}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.05.14 18:39:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.14 18:39:36 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Malwarebytes
[2013.05.14 18:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.14 18:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.14 18:39:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.14 18:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.14 18:39:08 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Programs
[2013.05.14 18:37:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013.05.14 18:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013.05.14 18:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013.05.14 16:02:36 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Spyware Terminator
[2013.05.14 16:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.05.14 16:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.05.14 16:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2013.05.13 18:57:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.13 18:16:16 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Songbird2
[2013.05.13 18:16:16 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Songbird2
[2013.05.13 18:16:06 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\WinRAR
[2013.05.13 18:16:06 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.13 18:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.13 18:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.13 18:15:45 | 000,109,360 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2013.05.13 18:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird
[2013.05.13 18:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Songbird
[2013.05.12 19:11:35 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Google
[2013.05.12 19:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.05.12 19:11:34 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.12 19:11:34 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.12 19:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.12 19:11:33 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.05.12 19:11:32 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.12 19:11:29 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.12 19:11:26 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.12 19:11:25 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.12 19:10:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.12 19:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.12 19:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.10 11:44:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.05.10 11:43:25 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\LolClient
[2013.05.10 11:15:31 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\ATI
[2013.05.10 11:15:31 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\ATI
[2013.05.10 11:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.05.10 00:01:54 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2013.05.10 00:01:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2013.05.10 00:01:53 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.05.10 00:01:53 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.05.10 00:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2013.05.10 00:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.05.10 00:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2013.05.10 00:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2013.05.10 00:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.05.10 00:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.05.10 00:00:03 | 000,086,032 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\AtihdW73.sys
[2013.05.09 23:59:10 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2013.05.09 23:59:10 | 000,051,200 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2013.05.09 23:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.05.09 23:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.05.09 23:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013.05.09 23:51:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013.05.09 23:51:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013.05.09 23:51:19 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013.05.09 23:51:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013.05.09 23:51:19 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013.05.09 23:47:35 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.05.09 23:25:56 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.05.09 23:25:56 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.05.09 23:25:56 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.05.09 23:22:54 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.09 23:22:52 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013.05.09 23:22:51 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2013.05.09 23:22:51 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013.05.09 23:22:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013.05.09 23:22:46 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013.05.09 23:22:46 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013.05.09 23:22:46 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013.05.09 23:22:46 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2013.05.09 23:22:11 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013.05.09 23:14:18 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.05.09 23:14:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.05.09 22:55:38 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013.05.09 22:55:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013.05.09 22:54:59 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013.05.09 22:54:59 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013.05.09 22:54:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013.05.09 22:29:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2013.05.09 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Macromedia
[2013.05.09 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Macromedia
[2013.05.09 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Adobe
[2013.05.09 22:26:04 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.09 22:26:04 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.09 22:26:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013.05.09 22:25:27 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2013.05.09 22:22:41 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2013.05.09 22:22:41 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2013.05.09 22:22:41 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2013.05.09 22:22:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2013.05.09 22:21:52 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.05.09 22:21:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.05.09 22:21:48 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013.05.09 22:21:48 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.05.09 22:21:48 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2013.05.09 22:21:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2013.05.09 22:21:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2013.05.09 22:21:46 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013.05.09 22:21:45 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013.05.09 22:20:41 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.05.09 22:20:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.05.09 22:20:41 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.05.09 22:19:47 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013.05.09 22:19:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2013.05.09 22:19:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013.05.09 22:19:47 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2013.05.09 22:19:47 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2013.05.09 22:19:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2013.05.09 22:19:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013.05.09 22:19:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.05.09 22:19:00 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013.05.09 22:18:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2013.05.09 22:18:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013.05.09 22:18:20 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.05.09 22:16:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.05.09 22:16:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.05.09 22:16:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.05.09 22:16:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.05.09 22:16:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.05.09 22:16:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.05.09 22:16:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.05.09 22:16:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.05.09 22:16:13 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.05.09 22:16:13 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.05.09 22:16:13 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.05.09 22:16:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.05.09 22:16:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.05.09 22:16:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.05.09 22:16:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.05.09 22:16:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.05.09 22:15:32 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.05.09 22:15:32 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.05.09 22:15:31 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.05.09 22:15:31 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.05.09 22:15:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.05.09 22:15:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.05.09 22:15:24 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.05.09 22:15:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.05.09 22:15:18 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013.05.09 22:15:13 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.05.09 22:14:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.05.09 22:13:50 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.09 22:13:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.05.09 22:13:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.09 22:13:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.09 22:13:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.09 22:13:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.09 22:13:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.09 22:13:50 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.09 22:13:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.09 22:13:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.09 22:13:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.09 22:13:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.09 22:13:41 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013.05.09 22:13:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2013.05.09 22:13:41 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013.05.09 22:13:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2013.05.09 22:13:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013.05.09 22:13:32 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.05.09 22:13:32 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.05.09 22:13:31 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.05.09 22:13:31 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.05.09 22:13:31 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.05.09 22:13:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.05.09 22:13:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013.05.09 22:13:28 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.05.09 22:13:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.05.09 22:13:17 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013.05.09 22:13:17 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013.05.09 22:13:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013.05.09 22:13:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013.05.09 22:13:17 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013.05.09 22:13:17 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013.05.09 22:13:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013.05.09 22:13:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013.05.09 22:13:15 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2013.05.09 22:13:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013.05.09 22:13:14 | 000,187,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.05.09 22:13:13 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2013.05.09 22:13:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013.05.09 22:13:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2013.05.09 22:13:11 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2013.05.09 22:13:06 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2013.05.09 22:13:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2013.05.09 22:13:06 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2013.05.09 22:13:06 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2013.05.09 22:13:06 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2013.05.09 22:12:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.05.09 22:12:52 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013.05.09 22:12:52 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013.05.09 22:12:51 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.09 22:12:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013.05.09 22:12:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2013.05.09 22:12:50 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.05.09 22:12:49 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.05.09 22:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.05.09 22:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\League of Legends
[2013.05.09 22:05:41 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\PMB Files
[2013.05.09 22:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.05.09 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2013.05.09 22:05:05 | 000,000,000 | ---D | C] -- C:\Users\Thorben\.swt
[2013.05.09 22:03:24 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013.05.09 22:01:59 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.05.09 22:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013.05.09 22:01:36 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.09 22:01:36 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.05.09 22:01:26 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.05.09 22:01:25 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.05.09 22:01:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.05.09 22:01:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.05.09 22:01:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.05.09 22:01:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.05.09 22:01:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.05.09 22:01:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.05.09 22:01:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.05.09 22:01:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.05.09 22:01:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.05.09 22:01:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.05.09 22:01:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.05.09 22:01:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.05.09 22:01:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.05.09 22:01:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.05.09 22:00:58 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2013.05.09 22:00:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.05.09 21:52:04 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Mozilla
[2013.05.09 21:52:04 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Mozilla
[2013.05.09 21:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.05.09 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.05.09 21:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.09 21:44:38 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.05.09 21:44:01 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013.05.09 21:41:08 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.05.09 21:41:08 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.05.09 21:41:03 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013.05.09 21:41:03 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013.05.09 21:41:03 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013.05.09 21:40:57 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.05.09 21:40:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.05.09 21:36:07 | 000,493,696 | ---- | C] (ZyDAS Technology Corporation) -- C:\Windows\System32\drivers\WlanUZ64.SYS
[2013.05.09 21:36:07 | 000,402,944 | ---- | C] (ZyDAS Technology Corporation) -- C:\Windows\System32\drivers\WlanUZXP.SYS
[2013.05.09 21:36:07 | 000,401,920 | ---- | C] (ZyDAS Technology Corporation) -- C:\Windows\System32\WlanUZME.SYS
[2013.05.09 21:36:07 | 000,401,920 | ---- | C] (ZyDAS Technology Corporation) -- C:\Windows\System32\WlanUZ98.SYS
[2013.05.09 21:36:07 | 000,401,408 | ---- | C] (ZyDAS Technology Corporation) -- C:\Windows\System32\drivers\WlanUZ2K.SYS
[2013.05.09 21:36:07 | 000,102,400 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\ZDCN50.dll
[2013.05.09 21:36:07 | 000,102,400 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\ZDCN50.dll
[2013.05.09 21:36:07 | 000,102,400 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\W32N55.DLL
[2013.05.09 21:36:07 | 000,081,920 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\ZDPN50.dll
[2013.05.09 21:36:07 | 000,032,768 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\Zdcndis5a64.sys
[2013.05.09 21:36:07 | 000,032,768 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\Zdcndis5a64.sys
[2013.05.09 21:36:07 | 000,031,744 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\ZDPSp50a64.sys
[2013.05.09 21:36:07 | 000,029,184 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\BRGSp50a64.sys
[2013.05.09 21:36:07 | 000,020,608 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\BRGSp50.sys
[2013.05.09 21:36:07 | 000,018,944 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\ZDCndis5.sys
[2013.05.09 21:36:07 | 000,018,944 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCndis5.sys
[2013.05.09 21:36:07 | 000,017,664 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\ZDPSp50.sys
[2013.05.09 21:36:07 | 000,017,151 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\ZDPNDIS5.sys
[2013.05.09 21:36:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013.05.09 21:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZyXEL G-220 v2 Wireless Adapter Utility-Programm
[2013.05.09 21:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\WLAN-Stick
[2013.05.09 21:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013.05.09 21:32:08 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Diagnostics
[2013.05.09 21:29:08 | 000,000,000 | R--D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.09 21:29:08 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Searches
[2013.05.09 21:29:08 | 000,000,000 | R--D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.09 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Identities
[2013.05.09 21:28:59 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Contacts
[2013.05.09 21:28:54 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\VirtualStore
[2013.05.09 21:28:53 | 000,000,000 | --SD | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Videos
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Saved Games
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Pictures
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Music
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Links
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Favorites
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Downloads
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Documents
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\Desktop
[2013.05.09 21:28:53 | 000,000,000 | R--D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Vorlagen
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\AppData\Local\Verlauf
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\AppData\Local\Temporary Internet Files
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\StartmenĂĽ
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\SendTo
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Recent
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Netzwerkumgebung
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Lokale Einstellungen
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Documents\Eigene Videos
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Documents\Eigene Musik
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Eigene Dateien
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Documents\Eigene Bilder
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Druckumgebung
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Cookies
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\AppData\Local\Anwendungsdaten
[2013.05.09 21:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Thorben\Anwendungsdaten
[2013.05.09 21:28:53 | 000,000,000 | -H-D | C] -- C:\Users\Thorben\AppData
[2013.05.09 21:28:53 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Temp
[2013.05.09 21:28:53 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Microsoft
[2013.05.09 21:28:53 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Media Center Programs
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\StartmenĂĽ
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.05.09 21:28:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.05.09 21:22:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.05.09 21:20:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.05.09 21:19:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.14 18:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.14 18:39:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.14 18:39:21 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.14 18:37:05 | 000,001,078 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013.05.14 18:36:58 | 000,000,898 | ---- | M] () -- C:\Users\Thorben\Desktop\NTREGOPT.lnk
[2013.05.14 18:36:58 | 000,000,879 | ---- | M] () -- C:\Users\Thorben\Desktop\ERUNT.lnk
[2013.05.14 16:02:35 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.05.14 15:42:11 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 15:42:11 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 15:41:57 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.14 15:41:57 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.14 15:41:57 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.14 15:41:57 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.14 15:35:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.14 15:34:53 | 2412,929,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.13 18:57:11 | 233,969,646 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.13 18:15:46 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk
[2013.05.12 19:11:34 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.12 19:11:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.10 16:13:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.10 11:09:16 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.05.10 00:00:21 | 000,002,005 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2013.05.09 23:53:16 | 000,268,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.09 23:51:19 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.05.09 22:26:04 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.09 22:26:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.09 22:01:58 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.09 21:51:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.09 21:36:06 | 000,001,698 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZyXEL G-220 v2 Wireless Adapter Utility-Programm.lnk
[2013.05.09 21:23:52 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.14 18:39:21 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.14 18:37:05 | 000,001,078 | ---- | C] () -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013.05.14 18:36:58 | 000,000,898 | ---- | C] () -- C:\Users\Thorben\Desktop\NTREGOPT.lnk
[2013.05.14 18:36:58 | 000,000,879 | ---- | C] () -- C:\Users\Thorben\Desktop\ERUNT.lnk
[2013.05.14 16:02:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013.05.14 16:02:35 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.05.13 18:57:11 | 233,969,646 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.05.13 18:15:46 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk
[2013.05.12 19:11:34 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.12 19:11:29 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.12 19:11:28 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.10 16:13:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.10 11:09:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.05.10 00:00:21 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2013.05.09 23:59:10 | 000,235,072 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2013.05.09 23:59:10 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2013.05.09 23:59:10 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2013.05.09 23:59:10 | 000,037,305 | ---- | C] () -- C:\Windows\atiogl.xml
[2013.05.09 23:59:10 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013.05.09 23:51:19 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.05.09 22:55:39 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.05.09 22:54:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.05.09 22:26:06 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 22:01:58 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.09 21:51:58 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.09 21:51:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.09 21:36:07 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2013.05.09 21:36:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2013.05.09 21:36:07 | 000,019,524 | ---- | C] () -- C:\Windows\System32\BRGSp31.VXD
[2013.05.09 21:36:07 | 000,015,941 | ---- | C] () -- C:\Windows\System32\ZDPNDIS3.VXD
[2013.05.09 21:36:07 | 000,015,941 | ---- | C] () -- C:\Windows\ZDCNDIS3.VXD
[2013.05.09 21:36:07 | 000,015,941 | ---- | C] () -- C:\Windows\System32\ZDCNDIS3.VXD
[2013.05.09 21:36:07 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2013.05.09 21:36:07 | 000,015,428 | ---- | C] () -- C:\Windows\System32\ZDPSp31.VXD
[2013.05.09 21:36:07 | 000,012,497 | ---- | C] () -- C:\Windows\System32\drivers\WlanUZG.inf
[2013.05.09 21:36:07 | 000,008,754 | ---- | C] () -- C:\Windows\System32\drivers\wlanuzg.cat
[2013.05.09 21:36:07 | 000,001,162 | ---- | C] () -- C:\Windows\System32\W32N55.INI
[2013.05.09 21:36:06 | 000,001,698 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZyXEL G-220 v2 Wireless Adapter Utility-Programm.lnk
[2013.05.09 21:29:49 | 000,001,413 | ---- | C] () -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.09 21:23:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.05.09 21:23:40 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.05.09 21:19:35 | 2412,929,024 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 10:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.10 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\LolClient
[2013.05.13 18:16:16 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Songbird2
[2013.05.14 16:02:36 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Spyware Terminator
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST500DM002-1BD142 ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466,00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013.05.14 15:34:53 | 2412,929,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.14 15:34:59 | 3217,240,064 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2009.07.14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.sys /90 >
[2013.03.01 05:11:14 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.02.14 16:13:56 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.04.10 10:19:15 | 000,867,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.04.10 10:19:15 | 000,867,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.04.10 10:19:15 | 000,867,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009.07.14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009.07.14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009.07.14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.03.02 07:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013.03.02 07:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.04.10 10:19:15 | 000,867,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.04.10 10:19:15 | 000,867,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.04.10 10:19:15 | 000,867,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009.07.14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009.07.14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009.07.14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.03.02 07:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013.03.02 07:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation)

< End of report >
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle