Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hesperbot nach Telebanking

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2014, 13:05   #1
Ohtarwen
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hallo und grüß' euch!

Ich habe hier einen Rechner mit Windows 7 Home Premium, 64 Bit-Version. Security Essentials findet "TrojanDropper:Win32/Hesperbot.B"
Eine Systemwiederherstellung machen lässt er mich nicht. Sonst habe ich noch nichts versucht.

Kann mir jemand helfen?
Vielen Dank!

Alt 02.04.2014, 13:15   #2
Bootsektor
Ruhe in Frieden
† 2019
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [code][/code]
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also [CODE] Logfile [/CODE]
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Hast du von MSE Logs? Wenn ja, poste bitte diese hier. Wo findet es das?

Schritt 2
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 02.04.2014, 13:35   #3
Ohtarwen
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hallo Sandra! Danke, dass du mir helfen willst!

Leider habe ich von mse kein log, und leider zeigt er mir auch nicht an, wo er den Trojaner findet. Auf c:\ProgramData entstehen seltsame Ordner mit seltsamen .exe-Dateien.

frst.txt

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by landumhollabrunn (administrator) on LANDUMHOLLABRUN on 02-04-2014 14:27:00
Running from C:\Users\landumhollabrunn\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2630256319-3024140862-959217918-1000\...\Run: [erurodej] - C:\ProgramData\onlr\orudojuj.exe [282624 2014-04-02] ()
HKU\S-1-5-21-2630256319-3024140862-959217918-1000\...\Run: [ofuhubec] - C:\ProgramData\fvan\avhniqin.exe [282624 2014-04-02] ()
HKU\S-1-5-21-2630256319-3024140862-959217918-1000\...\MountPoints2: {ba164b09-a36e-11e3-a2f6-2cd4448fb45c} - E:\LaunchU3.exe -a
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://landumhollabrunn.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {19BF8574-BCDD-4FDB-90B2-115759B4B8FD} URL = 
SearchScopes: HKCU - {19BF8574-BCDD-4FDB-90B2-115759B4B8FD} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

==================== Services (Whitelisted) =================

R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-24] (FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-02 14:27 - 2014-04-02 14:27 - 00011938 _____ () C:\Users\landumhollabrunn\Desktop\FRST.txt
2014-04-02 14:26 - 2014-04-02 14:27 - 00000000 ____D () C:\FRST
2014-04-02 14:11 - 2014-04-02 14:10 - 02157056 _____ (Farbar) C:\Users\landumhollabrunn\Desktop\FRST64.exe
2014-04-02 12:08 - 2014-04-02 12:08 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{D4D4BD83-A465-4628-BE50-F99B2ECE4106}
2014-04-02 11:49 - 2014-04-02 11:49 - 00000000 ____D () C:\ProgramData\fvan
2014-04-02 11:48 - 2014-04-02 11:48 - 00000000 ____D () C:\ProgramData\onlr
2014-04-02 11:48 - 2014-04-02 11:48 - 00000000 ____D () C:\ProgramData\exgn
2014-04-01 08:48 - 2014-04-01 08:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{59848102-330C-4FE5-AABD-F9F020FC7EB2}
2014-03-31 10:49 - 2014-03-31 10:52 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\Siegerwein
2014-03-31 09:01 - 2014-03-31 09:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{CAE9EA0C-B471-475F-85B2-78941E001E17}
2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{4C681DBC-2746-4DB9-B59A-7252ACFF6964}
2014-03-27 14:37 - 2014-03-27 14:39 - 00000000 ____D () C:\AdwCleaner
2014-03-27 14:16 - 2014-03-27 16:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 14:15 - 2014-03-27 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 14:15 - 2014-03-27 14:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-27 14:15 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 14:15 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 14:15 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 09:44 - 2014-03-27 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3B581A92-C415-4CD1-9998-7DE823F1F6E2}
2014-03-26 09:53 - 2014-03-26 09:54 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{88F9F5EF-FA11-441F-A765-4B2096E914C8}
2014-03-25 09:13 - 2014-03-25 09:13 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{90A3350E-AAB3-4D60-9785-F16D173F445E}
2014-03-24 10:00 - 2014-03-24 10:00 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DBF45460-D52B-4337-ACD8-7F7D4C48FB00}
2014-03-21 09:32 - 2014-03-21 09:33 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{447E48D2-D74F-47A9-BBB8-75D974A3201C}
2014-03-19 10:29 - 2014-03-19 10:29 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B1BBBE17-7F4F-4044-8B3B-2EF03E3BF39A}
2014-03-18 09:12 - 2014-03-18 09:12 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{A71E70F9-6789-4F28-AAB9-E2EB0421E10E}
2014-03-17 11:20 - 2014-03-17 11:20 - 00001543 _____ () C:\Users\landumhollabrunn\AppData\Local\recently-used.xbel
2014-03-17 09:26 - 2014-03-17 09:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{39321BCF-8928-477F-9C5A-E7A0715923A5}
2014-03-14 10:14 - 2014-03-14 10:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{9CAF92FB-63F9-4650-897F-262D57E904F0}
2014-03-14 09:18 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 09:18 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 09:18 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 09:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 09:18 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 09:18 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 09:18 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 09:18 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 09:18 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 09:18 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 09:18 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 09:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 09:18 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 09:18 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 09:18 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 09:18 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 09:18 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 09:18 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 09:18 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 09:18 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 09:18 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 09:17 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 09:17 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 09:17 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 09:17 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 09:17 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 09:17 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 09:17 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 09:17 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 09:17 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 09:17 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 09:17 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 09:17 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 09:17 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 09:17 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 09:17 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 09:17 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 09:17 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 09:17 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 09:17 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 09:17 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 09:17 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 09:17 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 09:17 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 09:16 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 09:16 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 09:16 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 09:16 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 09:18 - 2014-03-13 09:18 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{E12FD4C4-9A32-438F-AA30-419D45349138}
2014-03-12 09:44 - 2014-03-12 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DA97A697-88E1-4F2D-B9B1-7FC1AF83655A}
2014-03-11 09:51 - 2014-04-02 13:52 - 00000000 ____D () C:\ProgramData\jsivebom
2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{8BFB0828-F46E-42F0-8CCD-204F374666D4}
2014-03-10 09:17 - 2014-03-10 09:17 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{711BF6FB-AAF0-44A5-8532-23D388F4E9AD}
2014-03-07 10:20 - 2014-03-07 10:20 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{56156112-1BB8-4EA5-BA8C-D5D5739FB7BB}
2014-03-06 10:26 - 2014-03-06 10:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{EAF36207-84D1-4451-BC3B-8C52FF3D95A0}
2014-03-05 09:58 - 2014-03-05 09:58 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3BDD6960-547E-4615-B78A-E41164F128DD}
2014-03-04 10:11 - 2014-03-04 10:11 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\U3
2014-03-04 09:32 - 2014-03-04 09:32 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B9198B65-E25C-4179-9469-F981ABFCE385}
2014-03-03 09:43 - 2014-03-03 09:43 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{24C7B322-0E08-4D28-AE7A-889AFAB80133}

==================== One Month Modified Files and Folders =======

2014-04-02 14:27 - 2014-04-02 14:27 - 00011938 _____ () C:\Users\landumhollabrunn\Desktop\FRST.txt
2014-04-02 14:27 - 2014-04-02 14:26 - 00000000 ____D () C:\FRST
2014-04-02 14:26 - 2009-07-14 06:51 - 00084185 _____ () C:\Windows\setupact.log
2014-04-02 14:10 - 2014-04-02 14:11 - 02157056 _____ (Farbar) C:\Users\landumhollabrunn\Desktop\FRST64.exe
2014-04-02 14:05 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-02 14:05 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 13:55 - 2012-01-06 19:54 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-02 13:55 - 2012-01-06 19:54 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-02 13:55 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 13:54 - 2013-04-05 11:59 - 01073370 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 13:52 - 2014-03-11 09:51 - 00000000 ____D () C:\ProgramData\jsivebom
2014-04-02 13:52 - 2014-01-28 10:37 - 00000000 ____D () C:\ProgramData\Sun
2014-04-02 13:52 - 2013-07-15 10:27 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\FreePDF_XP
2014-04-02 13:52 - 2013-04-05 12:25 - 00000000 ____D () C:\Users\landumhollabrunn\Documents\Youcam
2014-04-02 13:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-02 13:29 - 2013-09-02 09:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 12:08 - 2014-04-02 12:08 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{D4D4BD83-A465-4628-BE50-F99B2ECE4106}
2014-04-02 11:49 - 2014-04-02 11:49 - 00000000 ____D () C:\ProgramData\fvan
2014-04-02 11:48 - 2014-04-02 11:48 - 00000000 ____D () C:\ProgramData\onlr
2014-04-02 11:48 - 2014-04-02 11:48 - 00000000 ____D () C:\ProgramData\exgn
2014-04-02 11:41 - 2013-04-05 12:01 - 00000000 ____D () C:\Users\landumhollabrunn
2014-04-02 11:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-01 08:48 - 2014-04-01 08:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{59848102-330C-4FE5-AABD-F9F020FC7EB2}
2014-03-31 10:52 - 2014-03-31 10:49 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\Siegerwein
2014-03-31 09:01 - 2014-03-31 09:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{CAE9EA0C-B471-475F-85B2-78941E001E17}
2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{4C681DBC-2746-4DB9-B59A-7252ACFF6964}
2014-03-27 16:10 - 2014-03-27 14:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 14:39 - 2014-03-27 14:37 - 00000000 ____D () C:\AdwCleaner
2014-03-27 14:15 - 2014-03-27 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 14:15 - 2014-03-27 14:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-27 09:54 - 2013-04-17 10:59 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\CrashDumps
2014-03-27 09:44 - 2014-03-27 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3B581A92-C415-4CD1-9998-7DE823F1F6E2}
2014-03-26 10:33 - 2013-04-08 09:45 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 10:33 - 2013-04-08 09:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 10:33 - 2013-04-08 09:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-26 09:54 - 2014-03-26 09:53 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{88F9F5EF-FA11-441F-A765-4B2096E914C8}
2014-03-25 09:13 - 2014-03-25 09:13 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{90A3350E-AAB3-4D60-9785-F16D173F445E}
2014-03-24 10:00 - 2014-03-24 10:00 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DBF45460-D52B-4337-ACD8-7F7D4C48FB00}
2014-03-21 09:33 - 2014-03-21 09:32 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{447E48D2-D74F-47A9-BBB8-75D974A3201C}
2014-03-19 10:29 - 2014-03-19 10:29 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B1BBBE17-7F4F-4044-8B3B-2EF03E3BF39A}
2014-03-18 09:12 - 2014-03-18 09:12 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{A71E70F9-6789-4F28-AAB9-E2EB0421E10E}
2014-03-17 11:20 - 2014-03-17 11:20 - 00001543 _____ () C:\Users\landumhollabrunn\AppData\Local\recently-used.xbel
2014-03-17 11:20 - 2013-09-02 09:34 - 00000000 ____D () C:\Users\landumhollabrunn\.gimp-2.8
2014-03-17 09:26 - 2014-03-17 09:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{39321BCF-8928-477F-9C5A-E7A0715923A5}
2014-03-14 12:09 - 2009-07-14 06:45 - 00351552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 12:08 - 2013-04-08 16:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 12:08 - 2013-04-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 12:05 - 2013-04-08 09:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 10:14 - 2014-03-14 10:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{9CAF92FB-63F9-4650-897F-262D57E904F0}
2014-03-13 09:18 - 2014-03-13 09:18 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{E12FD4C4-9A32-438F-AA30-419D45349138}
2014-03-12 11:29 - 2013-09-02 09:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 11:29 - 2013-04-08 13:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 11:29 - 2013-04-08 13:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 09:44 - 2014-03-12 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DA97A697-88E1-4F2D-B9B1-7FC1AF83655A}
2014-03-11 10:52 - 2013-01-20 15:59 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{8BFB0828-F46E-42F0-8CCD-204F374666D4}
2014-03-10 09:17 - 2014-03-10 09:17 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{711BF6FB-AAF0-44A5-8532-23D388F4E9AD}
2014-03-07 10:20 - 2014-03-07 10:20 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{56156112-1BB8-4EA5-BA8C-D5D5739FB7BB}
2014-03-06 12:15 - 2013-04-05 12:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\Windows Live
2014-03-06 10:26 - 2014-03-06 10:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{EAF36207-84D1-4451-BC3B-8C52FF3D95A0}
2014-03-05 10:26 - 2014-03-27 14:15 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-27 14:15 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-27 14:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 09:58 - 2014-03-05 09:58 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3BDD6960-547E-4615-B78A-E41164F128DD}
2014-03-04 10:11 - 2014-03-04 10:11 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\U3
2014-03-04 09:32 - 2014-03-04 09:32 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B9198B65-E25C-4179-9469-F981ABFCE385}
2014-03-03 09:43 - 2014-03-03 09:43 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{24C7B322-0E08-4D28-AE7A-889AFAB80133}

Some content of TEMP:
====================
C:\Users\landumhollabrunn\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\landumhollabrunn\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 13:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by landumhollabrunn at 2014-04-02 14:27:45
Running from C:\Users\landumhollabrunn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1521 - CyberLink Corp.)
CyberLink YouCam 5 (x32 Version: 5.0.1521 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
DeskUpdate 4.12 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.12.0088 - Fujitsu Technology Solutions)
ELBA5 (C:\Program Files (x86)\ELBA5) (HKLM-x32\...\ELBA5 (C:_Program Files (x86)_ELBA5)) (Version: 5.0.0.0 - RACON Software GmbH)
ELBA5 (C:\Program Files (x86)\ELBA5_neu) (HKLM-x32\...\ELBA5 (C:_Program Files (x86)_ELBA5_neu)) (Version: 5.0.0.0 - RACON Software GmbH)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52032.0_WHQL - Sonix)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.002 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2626 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
LIFEBOOK Application Panel (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.038 - FUJITSU LIMITED)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

03-03-2014 07:50:46 Windows Update
06-03-2014 08:32:29 Windows Update
10-03-2014 07:26:05 Windows Update
14-03-2014 07:19:57 Windows Update
14-03-2014 10:01:33 Windows Update
19-03-2014 08:38:26 Windows Update
24-03-2014 07:25:20 Windows Update
26-03-2014 08:32:25 Windows Update
31-03-2014 07:09:46 Windows Update
02-04-2014 09:29:07 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1B77CFBE-197B-449F-A6E9-17F642460D22} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {1F4E1AA7-4F37-4F9F-B8C9-704DDD15D852} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {5F524DC6-1EAF-476B-A379-4105987E1F46} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {95C9326D-A1B9-485B-9A65-24F03D12C2AB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {A721E6DB-106D-4E96-A91B-41B3C63065BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {F8F95A7B-DE68-4892-879D-DC40042AAC43} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-07-09 12:20 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-02-08 02:59 - 2012-01-18 08:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-05 12:21 - 2011-12-16 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2014 01:51:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 01:23:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 00:04:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 11:41:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 11:37:05 AM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x8000ffff.

Error: (04/02/2014 11:36:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 11:32:59 AM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x8000ffff.

Error: (04/02/2014 11:32:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 10:37:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 08:44:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/02/2014 01:52:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/02/2014 01:09:49 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/02/2014 00:56:40 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.243
registriert werden. Der Computer mit IP-Adresse 192.168.0.241 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/02/2014 00:44:29 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.243
registriert werden. Der Computer mit IP-Adresse 192.168.0.241 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/02/2014 00:33:41 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SM23",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6B7B8B0A-450B-41A6-BB84-87FFF110A836}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/02/2014 00:20:02 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.243
registriert werden. Der Computer mit IP-Adresse 192.168.0.241 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/02/2014 00:07:49 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.243
registriert werden. Der Computer mit IP-Adresse 192.168.0.241 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/02/2014 11:57:15 AM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/02/2014 11:54:50 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 20. Der interne Fehlerstatus lautet: 960.

Error: (04/02/2014 11:54:50 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 20. Der interne Fehlerstatus lautet: 960.


Microsoft Office Sessions:
=========================
Error: (04/02/2014 01:51:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 01:23:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 00:04:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 11:41:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 11:37:05 AM) (Source: System Restore)(User: )
Description: Windows Update0x8000ffff

Error: (04/02/2014 11:36:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 11:32:59 AM) (Source: System Restore)(User: )
Description: Windows Update0x8000ffff

Error: (04/02/2014 11:32:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 10:37:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 08:44:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-04-02 14:25:55.133
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 13:52:14.388
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 13:23:58.704
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 13:07:54.996
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 12:04:44.600
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 11:42:04.763
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 11:37:16.774
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 11:33:12.657
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 11:24:07.635
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-02 10:37:32.118
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 3949.63 MB
Available physical RAM: 2437.12 MB
Total Pagefile: 7897.43 MB
Available Pagefile: 6283.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:448.75 GB) (Free:401.15 GB) NTFS
Drive e: (Transcend) (Removable) (Total:3.75 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B8755606)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 02.04.2014, 16:49   #4
Bootsektor
Ruhe in Frieden
† 2019
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hallo Ohtarwen,

danke, dann machen wir so weiter:

Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Alt 03.04.2014, 09:42   #5
Ohtarwen
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Combofix:
"Heutiges Datum ist 2014-04-03. Combofix ist abgelaufen
Klicke 'Ja' um ComboFix in reduzierter Funktionalität auszuführen
Klicke 'Nein' umd ComboFix zu beenden."

Ich klicke 'Ja' - das Fenster geht zu, die combofix.exe verschwindet vom Desktop, keine weitere Funktion, kein log.

Er tuts doch! Combofix mag sich nicht gerne per USB-Stick herum tragen lassen. Hatte den infizierten Rechner vom Netz genommen. Jetzt ist er mit Breitband-Stick online und Combofix direkt heruntergeladen - läuft.

Code:
ATTFilter
ComboFix 14-03-24.01 - landumhollabrunn 03.04.2014   8:03.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3950.2145 [GMT 2:00]
ausgeführt von:: c:\users\landumhollabrunn\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\exgn\enoredod.exe
c:\programdata\fvan\avhniqin.exe
c:\programdata\onlr\orudojuj.exe
c:\programdata\Roaming
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-03 bis 2014-04-03  ))))))))))))))))))))))))))))))
.
.
2014-04-03 07:08 . 2014-04-03 07:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-03 07:07 . 2014-04-03 07:07	--------	d-----w-	c:\programdata\tlwj
2014-04-02 14:48 . 2014-04-02 14:48	--------	d-----w-	c:\users\landumhollabrunn\AppData\Roaming\Sierra Wireless
2014-04-02 14:48 . 2014-04-02 14:57	--------	d-----w-	c:\users\landumhollabrunn\AppData\Roaming\TAG
2014-04-02 14:48 . 2011-08-16 19:47	223232	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2014-04-02 14:48 . 2014-04-02 14:48	--------	d-----w-	c:\program files (x86)\A1 Dashboard
2014-04-02 14:14 . 2014-04-02 14:14	--------	d-----w-	c:\users\landumhollabrunn\AppData\Roaming\Vodafone
2014-04-02 14:11 . 2014-04-02 14:43	--------	d-----w-	c:\programdata\Vodafone
2014-04-02 14:10 . 2014-04-02 14:10	--------	d-----w-	c:\programdata\FLEXnet
2014-04-02 14:09 . 2014-04-02 14:09	--------	d-----w-	c:\users\landumhollabrunn\AppData\Local\Downloaded Installations
2014-04-02 13:50 . 2007-03-21 17:46	23424	----a-w-	c:\windows\SysWow64\drivers\ewdcsc.sys
2014-04-02 13:50 . 2007-03-21 17:46	101120	----a-w-	c:\windows\SysWow64\drivers\ewusbmdm.sys
2014-04-02 13:49 . 2014-04-02 13:49	--------	d-----w-	c:\program files (x86)\Huawei technologies
2014-04-02 13:48 . 2004-10-22 00:16	180224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2014-04-02 13:48 . 2004-10-22 00:18	749568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2014-04-02 13:48 . 2004-10-22 00:17	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2014-04-02 13:48 . 2004-10-22 00:17	274432	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2014-04-02 13:48 . 2004-10-22 00:16	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-04-02 13:47 . 2014-04-02 13:47	323716	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2014-04-02 13:47 . 2014-04-02 13:47	192644	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2014-04-02 12:26 . 2014-04-02 12:28	--------	d-----w-	C:\FRST
2014-04-02 09:49 . 2014-04-03 07:07	--------	d-----w-	c:\programdata\fvan
2014-04-02 09:48 . 2014-04-03 07:07	--------	d-----w-	c:\programdata\onlr
2014-04-02 09:48 . 2014-04-03 07:07	--------	d-----w-	c:\programdata\exgn
2014-04-02 08:58 . 2014-02-21 07:51	1031560	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EEDFDD3-C3C5-4CAC-9F4D-3E65FF4B497F}\gapaengine.dll
2014-04-02 08:50 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8BA923B-3634-4EA4-B10E-C4805335950A}\mpengine.dll
2014-03-31 07:10 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-27 12:37 . 2014-03-27 12:39	--------	d-----w-	C:\AdwCleaner
2014-03-27 12:16 . 2014-04-02 14:58	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-27 12:15 . 2014-03-27 12:15	--------	d-----w-	c:\programdata\Malwarebytes
2014-03-27 12:15 . 2014-03-27 12:15	--------	d-----w-	c:\users\landumhollabrunn\AppData\Local\Programs
2014-03-27 12:14 . 2014-04-02 14:46	--------	d-----w-	C:\Downloads
2014-03-14 07:17 . 2014-03-01 05:08	7211520	----a-w-	c:\program files\Internet Explorer\F12Resources.dll
2014-03-14 07:16 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-14 07:16 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-14 07:16 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-14 07:16 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 07:51 . 2014-04-03 05:35	--------	d-----w-	c:\programdata\jsivebom
2014-03-04 08:11 . 2014-03-04 08:11	--------	d-----w-	c:\users\landumhollabrunn\AppData\Roaming\U3
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 09:29 . 2013-04-08 11:42	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 09:29 . 2013-04-08 11:42	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 08:52 . 2013-01-20 13:59	133928	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-21 07:51 . 2013-04-25 07:05	1031560	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-28 08:37 . 2014-01-28 08:37	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-25 00:19 . 2014-01-25 00:19	268512	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:33 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ubomubqm"="c:\programdata\tlwj\inaqinwq.exe" [2014-04-03 282624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-06 291608]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2012-03-21 255208]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"TAG_A1Dashboard_Launcher.exe"="c:\program files (x86)\A1 Dashboard\A1Dashboard_Launcher.exe" [2013-07-03 531000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\lcStarter.exe [2012-1-19 21504]
newreminderdialog.lnk - c:\program files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe [2012-1-25 931096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys;c:\windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 FUJ02E3Service;FUJ02E3Service;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 TAG_Service;A1 Dashboard Service;c:\program files (x86)\A1 Dashboard\A1Dashboard_Service.exe;c:\program files (x86)\A1 Dashboard\A1Dashboard_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys;c:\windows\SYSNATIVE\drivers\FUJ02E3.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 09:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-12-20 589176]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\fuj02e3.exe" [2011-11-24 76104]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2011-10-03 205168]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2011-10-01 158024]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2011-10-01 23368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-30 440600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://landumhollabrunn.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-erurodej - c:\programdata\onlr\orudojuj.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-03  09:22:23
ComboFix-quarantined-files.txt  2014-04-03 07:22
.
Vor Suchlauf: 13 Verzeichnis(se), 428.966.244.352 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 431.049.072.640 Bytes frei
.
- - End Of File - - C12C71379FC584CC3528225EE26DCEB8
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by landumhollabrunn (administrator) on LANDUMHOLLABRUN on 03-04-2014 10:38:48
Running from C:\Users\landumhollabrunn\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TAG_A1Dashboard_Launcher.exe] - C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Launcher.exe [531000 2013-07-03] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2630256319-3024140862-959217918-1000\...\Run: [ubomubqm] - C:\ProgramData\tlwj\inaqinwq.exe [282624 2014-04-03] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://landumhollabrunn.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {19BF8574-BCDD-4FDB-90B2-115759B4B8FD} URL = 
SearchScopes: HKCU - {19BF8574-BCDD-4FDB-90B2-115759B4B8FD} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\..\Interfaces\{0505D1E1-F888-4885-A0EE-12748D60855D}: [NameServer]194.48.139.254 194.48.128.199

==================== Services (Whitelisted) =================

R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-24] (FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
R2 TAG_Service; C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Service.exe [510520 2013-07-03] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-01-06] (Microsoft Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [101120 2007-03-21] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-28] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 10:38 - 2014-04-03 10:38 - 00011697 _____ () C:\Users\landumhollabrunn\Desktop\FRST.txt
2014-04-03 09:22 - 2014-04-03 09:22 - 00021956 _____ () C:\ComboFix.txt
2014-04-03 09:07 - 2014-04-03 09:07 - 00000000 ____D () C:\ProgramData\tlwj
2014-04-03 08:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-03 08:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-03 08:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-03 07:59 - 2014-04-03 07:59 - 05192353 ____R (Swearware) C:\Users\landumhollabrunn\Desktop\ComboFix.exe
2014-04-02 17:14 - 2014-04-03 09:22 - 00000000 ____D () C:\Qoobox
2014-04-02 17:13 - 2014-04-03 09:20 - 00000000 ____D () C:\Windows\erdnt
2014-04-02 16:59 - 2014-04-02 16:09 - 01426178 _____ () C:\Users\landumhollabrunn\Desktop\adwcleaner.exe
2014-04-02 16:48 - 2014-04-02 16:57 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\TAG
2014-04-02 16:48 - 2014-04-02 16:48 - 00001974 _____ () C:\Users\Public\Desktop\A1 Dashboard.lnk
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\Sierra Wireless
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Program Files (x86)\A1 Dashboard
2014-04-02 16:48 - 2011-08-16 21:47 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-04-02 16:17 - 2014-04-02 16:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-04-02 16:14 - 2014-04-02 16:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\Vodafone
2014-04-02 16:12 - 2014-04-02 16:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2014-04-02 16:11 - 2014-04-02 16:43 - 00000000 ____D () C:\ProgramData\Vodafone
2014-04-02 16:11 - 2014-04-02 16:11 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\export_Wein
2014-04-02 16:10 - 2014-04-02 16:10 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-02 16:09 - 2014-04-02 16:09 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\Downloaded Installations
2014-04-02 15:50 - 2007-03-21 19:46 - 00101120 _____ (Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\Drivers\ewusbmdm.sys
2014-04-02 15:50 - 2007-03-21 19:46 - 00023424 _____ (Huawei Tech. Co., Ltd.) C:\Windows\SysWOW64\Drivers\ewdcsc.sys
2014-04-02 15:49 - 2014-04-02 15:49 - 00000000 ____D () C:\Program Files (x86)\Huawei technologies
2014-04-02 14:26 - 2014-04-03 10:38 - 00000000 ____D () C:\FRST
2014-04-02 14:11 - 2014-04-02 14:10 - 02157056 _____ (Farbar) C:\Users\landumhollabrunn\Desktop\FRST64.exe
2014-04-02 12:08 - 2014-04-02 12:08 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{D4D4BD83-A465-4628-BE50-F99B2ECE4106}
2014-04-02 11:49 - 2014-04-03 09:07 - 00000000 ____D () C:\ProgramData\fvan
2014-04-02 11:48 - 2014-04-03 09:07 - 00000000 ____D () C:\ProgramData\onlr
2014-04-02 11:48 - 2014-04-03 09:07 - 00000000 ____D () C:\ProgramData\exgn
2014-04-01 08:48 - 2014-04-01 08:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{59848102-330C-4FE5-AABD-F9F020FC7EB2}
2014-03-31 10:49 - 2014-03-31 10:52 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\Siegerwein
2014-03-31 09:01 - 2014-03-31 09:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{CAE9EA0C-B471-475F-85B2-78941E001E17}
2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{4C681DBC-2746-4DB9-B59A-7252ACFF6964}
2014-03-27 14:37 - 2014-03-27 14:39 - 00000000 ____D () C:\AdwCleaner
2014-03-27 14:16 - 2014-04-02 16:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 14:15 - 2014-03-27 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 09:44 - 2014-03-27 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3B581A92-C415-4CD1-9998-7DE823F1F6E2}
2014-03-26 09:53 - 2014-03-26 09:54 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{88F9F5EF-FA11-441F-A765-4B2096E914C8}
2014-03-25 09:13 - 2014-03-25 09:13 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{90A3350E-AAB3-4D60-9785-F16D173F445E}
2014-03-24 10:00 - 2014-03-24 10:00 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DBF45460-D52B-4337-ACD8-7F7D4C48FB00}
2014-03-21 09:32 - 2014-03-21 09:33 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{447E48D2-D74F-47A9-BBB8-75D974A3201C}
2014-03-19 10:29 - 2014-03-19 10:29 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B1BBBE17-7F4F-4044-8B3B-2EF03E3BF39A}
2014-03-18 09:12 - 2014-03-18 09:12 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{A71E70F9-6789-4F28-AAB9-E2EB0421E10E}
2014-03-17 11:20 - 2014-03-17 11:20 - 00001543 _____ () C:\Users\landumhollabrunn\AppData\Local\recently-used.xbel
2014-03-17 09:26 - 2014-03-17 09:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{39321BCF-8928-477F-9C5A-E7A0715923A5}
2014-03-14 10:14 - 2014-03-14 10:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{9CAF92FB-63F9-4650-897F-262D57E904F0}
2014-03-14 09:18 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 09:18 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 09:18 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 09:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 09:18 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 09:18 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 09:18 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 09:18 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 09:18 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 09:18 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 09:18 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 09:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 09:18 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 09:18 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 09:18 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 09:18 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 09:18 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 09:18 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 09:18 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 09:18 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 09:18 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 09:17 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 09:17 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 09:17 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 09:17 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 09:17 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 09:17 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 09:17 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 09:17 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 09:17 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 09:17 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 09:17 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 09:17 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 09:17 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 09:17 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 09:17 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 09:17 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 09:17 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 09:17 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 09:17 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 09:17 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 09:17 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 09:17 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 09:17 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 09:16 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 09:16 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 09:16 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 09:16 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 09:18 - 2014-03-13 09:18 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{E12FD4C4-9A32-438F-AA30-419D45349138}
2014-03-12 09:44 - 2014-03-12 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DA97A697-88E1-4F2D-B9B1-7FC1AF83655A}
2014-03-11 09:51 - 2014-04-03 07:35 - 00000000 ____D () C:\ProgramData\jsivebom
2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{8BFB0828-F46E-42F0-8CCD-204F374666D4}
2014-03-10 09:17 - 2014-03-10 09:17 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{711BF6FB-AAF0-44A5-8532-23D388F4E9AD}
2014-03-07 10:20 - 2014-03-07 10:20 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{56156112-1BB8-4EA5-BA8C-D5D5739FB7BB}
2014-03-06 10:26 - 2014-03-06 10:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{EAF36207-84D1-4451-BC3B-8C52FF3D95A0}
2014-03-05 09:58 - 2014-03-05 09:58 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3BDD6960-547E-4615-B78A-E41164F128DD}
2014-03-04 10:11 - 2014-03-04 10:11 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\U3
2014-03-04 09:32 - 2014-03-04 09:32 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B9198B65-E25C-4179-9469-F981ABFCE385}

==================== One Month Modified Files and Folders =======

2014-04-03 10:38 - 2014-04-03 10:38 - 00011697 _____ () C:\Users\landumhollabrunn\Desktop\FRST.txt
2014-04-03 10:38 - 2014-04-02 14:26 - 00000000 ____D () C:\FRST
2014-04-03 10:29 - 2013-09-02 09:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 09:22 - 2014-04-03 09:22 - 00021956 _____ () C:\ComboFix.txt
2014-04-03 09:22 - 2014-04-02 17:14 - 00000000 ____D () C:\Qoobox
2014-04-03 09:22 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-03 09:20 - 2014-04-02 17:13 - 00000000 ____D () C:\Windows\erdnt
2014-04-03 09:19 - 2013-04-05 11:59 - 01109539 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 09:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-03 09:07 - 2014-04-03 09:07 - 00000000 ____D () C:\ProgramData\tlwj
2014-04-03 09:07 - 2014-04-02 11:49 - 00000000 ____D () C:\ProgramData\fvan
2014-04-03 09:07 - 2014-04-02 11:48 - 00000000 ____D () C:\ProgramData\onlr
2014-04-03 09:07 - 2014-04-02 11:48 - 00000000 ____D () C:\ProgramData\exgn
2014-04-03 07:59 - 2014-04-03 07:59 - 05192353 ____R (Swearware) C:\Users\landumhollabrunn\Desktop\ComboFix.exe
2014-04-03 07:54 - 2012-01-06 19:54 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 07:54 - 2012-01-06 19:54 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 07:54 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 07:41 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 07:41 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 07:36 - 2013-04-05 12:25 - 00000000 ____D () C:\Users\landumhollabrunn\Documents\Youcam
2014-04-03 07:35 - 2014-03-11 09:51 - 00000000 ____D () C:\ProgramData\jsivebom
2014-04-03 07:35 - 2014-01-28 10:37 - 00000000 ____D () C:\ProgramData\Sun
2014-04-03 07:35 - 2013-07-15 10:27 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\FreePDF_XP
2014-04-03 07:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 07:33 - 2009-07-14 06:51 - 00087015 _____ () C:\Windows\setupact.log
2014-04-02 16:58 - 2014-03-27 14:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 16:57 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\TAG
2014-04-02 16:48 - 2014-04-02 16:48 - 00001974 _____ () C:\Users\Public\Desktop\A1 Dashboard.lnk
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\Sierra Wireless
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Program Files (x86)\A1 Dashboard
2014-04-02 16:45 - 2013-04-05 12:01 - 00090136 _____ () C:\Users\landumhollabrunn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-02 16:44 - 2009-07-14 06:45 - 00351552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-02 16:43 - 2014-04-02 16:11 - 00000000 ____D () C:\ProgramData\Vodafone
2014-04-02 16:17 - 2014-04-02 16:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-04-02 16:14 - 2014-04-02 16:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\Vodafone
2014-04-02 16:12 - 2014-04-02 16:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2014-04-02 16:11 - 2014-04-02 16:11 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\export_Wein
2014-04-02 16:10 - 2014-04-02 16:10 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-02 16:09 - 2014-04-02 16:59 - 01426178 _____ () C:\Users\landumhollabrunn\Desktop\adwcleaner.exe
2014-04-02 16:09 - 2014-04-02 16:09 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\Downloaded Installations
2014-04-02 15:49 - 2014-04-02 15:49 - 00000000 ____D () C:\Program Files (x86)\Huawei technologies
2014-04-02 15:49 - 2012-03-02 20:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-02 14:10 - 2014-04-02 14:11 - 02157056 _____ (Farbar) C:\Users\landumhollabrunn\Desktop\FRST64.exe
2014-04-02 12:08 - 2014-04-02 12:08 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{D4D4BD83-A465-4628-BE50-F99B2ECE4106}
2014-04-02 11:41 - 2013-04-05 12:01 - 00000000 ____D () C:\Users\landumhollabrunn
2014-04-02 11:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-01 08:48 - 2014-04-01 08:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{59848102-330C-4FE5-AABD-F9F020FC7EB2}
2014-03-31 10:52 - 2014-03-31 10:49 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\Siegerwein
2014-03-31 09:01 - 2014-03-31 09:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{CAE9EA0C-B471-475F-85B2-78941E001E17}
2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{4C681DBC-2746-4DB9-B59A-7252ACFF6964}
2014-03-27 14:39 - 2014-03-27 14:37 - 00000000 ____D () C:\AdwCleaner
2014-03-27 14:15 - 2014-03-27 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 09:54 - 2013-04-17 10:59 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\CrashDumps
2014-03-27 09:44 - 2014-03-27 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3B581A92-C415-4CD1-9998-7DE823F1F6E2}
2014-03-26 10:33 - 2013-04-08 09:45 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 10:33 - 2013-04-08 09:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 10:33 - 2013-04-08 09:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-26 09:54 - 2014-03-26 09:53 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{88F9F5EF-FA11-441F-A765-4B2096E914C8}
2014-03-25 09:13 - 2014-03-25 09:13 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{90A3350E-AAB3-4D60-9785-F16D173F445E}
2014-03-24 10:00 - 2014-03-24 10:00 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DBF45460-D52B-4337-ACD8-7F7D4C48FB00}
2014-03-21 09:33 - 2014-03-21 09:32 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{447E48D2-D74F-47A9-BBB8-75D974A3201C}
2014-03-19 10:29 - 2014-03-19 10:29 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B1BBBE17-7F4F-4044-8B3B-2EF03E3BF39A}
2014-03-18 09:12 - 2014-03-18 09:12 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{A71E70F9-6789-4F28-AAB9-E2EB0421E10E}
2014-03-17 11:20 - 2014-03-17 11:20 - 00001543 _____ () C:\Users\landumhollabrunn\AppData\Local\recently-used.xbel
2014-03-17 11:20 - 2013-09-02 09:34 - 00000000 ____D () C:\Users\landumhollabrunn\.gimp-2.8
2014-03-17 09:26 - 2014-03-17 09:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{39321BCF-8928-477F-9C5A-E7A0715923A5}
2014-03-14 12:08 - 2013-04-08 16:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 12:08 - 2013-04-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 12:05 - 2013-04-08 09:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 10:14 - 2014-03-14 10:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{9CAF92FB-63F9-4650-897F-262D57E904F0}
2014-03-13 09:18 - 2014-03-13 09:18 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{E12FD4C4-9A32-438F-AA30-419D45349138}
2014-03-12 11:29 - 2013-09-02 09:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 11:29 - 2013-04-08 13:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 11:29 - 2013-04-08 13:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 09:44 - 2014-03-12 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DA97A697-88E1-4F2D-B9B1-7FC1AF83655A}
2014-03-11 10:52 - 2013-01-20 15:59 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{8BFB0828-F46E-42F0-8CCD-204F374666D4}
2014-03-10 09:17 - 2014-03-10 09:17 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{711BF6FB-AAF0-44A5-8532-23D388F4E9AD}
2014-03-07 10:20 - 2014-03-07 10:20 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{56156112-1BB8-4EA5-BA8C-D5D5739FB7BB}
2014-03-06 12:15 - 2013-04-05 12:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\Windows Live
2014-03-06 10:26 - 2014-03-06 10:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{EAF36207-84D1-4451-BC3B-8C52FF3D95A0}
2014-03-05 09:58 - 2014-03-05 09:58 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3BDD6960-547E-4615-B78A-E41164F128DD}
2014-03-04 10:11 - 2014-03-04 10:11 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\U3
2014-03-04 09:32 - 2014-03-04 09:32 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B9198B65-E25C-4179-9469-F981ABFCE385}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 13:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 03.04.2014, 20:31   #6
Bootsektor
Ruhe in Frieden
† 2019
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hallo Ohtarwen,

wir müssen da noch mal etwas manuell löschen.

Schritt 1
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Folder::
    c:\programdata\fvan
    c:\programdata\onlr
    c:\programdata\exgn
    c:\programdata\jsivebom
    c:\programdata\tlwj
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ubomubqm"=-
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!



Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
--> Hesperbot nach Telebanking

Alt 04.04.2014, 08:39   #7
Ohtarwen
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Code:
ATTFilter
ComboFix 14-04-03.01 - landumhollabrunn 04.04.2014   7:55.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3950.2353 [GMT 2:00]
ausgeführt von:: c:\users\landumhollabrunn\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\landumhollabrunn\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\exgn
c:\programdata\fvan
c:\programdata\Imac
c:\programdata\jsivebom
c:\programdata\jsivebom\axajesil.dat
c:\programdata\jsivebom\hqusyqat.dat
c:\programdata\jsivebom\imavupok.dat
c:\programdata\jsivebom\irymazil.dat
c:\programdata\jsivebom\isazyghd.dat
c:\programdata\jsivebom\kkegktas.dat
c:\programdata\jsivebom\ojexibik.dat
c:\programdata\jsivebom\yzepikad.dat
c:\programdata\onlr
c:\programdata\tlwj
c:\programdata\ubot
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-04 bis 2014-04-04  ))))))))))))))))))))))))))))))
.
.
2014-04-04 07:05 . 2014-04-04 07:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-04 05:36 . 2014-04-04 05:36	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8FA783C-8CE3-42DF-B07B-A8426042EFA2}\offreg.dll
2014-04-04 05:35 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8FA783C-8CE3-42DF-B07B-A8426042EFA2}\mpengine.dll
2014-04-03 13:36 . 2014-04-03 13:36	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-03 13:36 . 2014-03-05 07:26	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-03 13:36 . 2014-03-05 07:26	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 13:36 . 2014-03-05 07:26	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-03 13:25 . 2014-04-03 13:27	--------	d-----w-	c:\programdata\icuf
2014-04-03 13:25 . 2014-04-03 13:25	--------	d-----w-	c:\programdata\usjk
2014-04-03 13:24 . 2014-04-03 13:25	--------	d-----w-	c:\programdata\kghd
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\equg
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\exqr
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\imif
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\ynyp
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\objm
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\jjun
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\oqup
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\axaq
2014-04-03 13:24 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\alan
2014-04-03 13:22 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\exuj
2014-04-03 13:22 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\btaw
2014-04-03 13:22 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\olep
2014-04-03 13:22 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\ufjh
2014-04-03 13:22 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\knaq
2014-04-03 13:22 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\agyx
2014-04-03 13:22 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\gmos
2014-04-03 13:22 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\xluv
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\ixaq
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\owut
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\ipix
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\iril
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\ekez
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\yjyl
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\uron
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\odpn
2014-04-03 13:21 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\ific
2014-04-03 13:20 . 2014-04-03 13:21	--------	d-----w-	c:\programdata\owef
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\yvid
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\jjoj
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\etow
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\uhut
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\oveg
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\ifyt
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\jxur
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\rdox
2014-04-03 13:20 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\yfim
2014-04-03 13:19 . 2014-04-03 13:19	--------	d-----w-	c:\programdata\aziw
2014-04-03 13:19 . 2014-04-03 13:19	--------	d-----w-	c:\programdata\yktk
2014-04-03 13:19 . 2014-04-03 13:19	--------	d-----w-	c:\programdata\ygix
2014-04-03 13:19 . 2014-04-03 13:25	--------	d-----w-	c:\programdata\okew
2014-04-03 13:19 . 2014-04-03 13:19	--------	d-----w-	c:\programdata\ycik
2014-04-03 13:19 . 2014-04-03 13:19	--------	d-----w-	c:\programdata\onex
2014-04-03 13:19 . 2014-04-03 13:19	--------	d-----w-	c:\programdata\oceb
2014-04-03 13:19 . 2014-04-03 13:19	--------	d-----w-	c:\programdata\upug
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\ywas
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\uqep
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\obot
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\usuk
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\ikam
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\lmob
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\araq
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\awtw
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\uvov
2014-04-03 13:18 . 2014-04-03 13:18	--------	d-----w-	c:\programdata\anap
2014-04-03 13:17 . 2014-04-03 13:17	--------	d-----w-	c:\programdata\ipyj
2014-04-03 13:17 . 2014-04-03 13:24	--------	d-----w-	c:\programdata\ujen
2014-04-03 13:17 . 2014-04-03 13:17	--------	d-----w-	c:\programdata\uned
2014-04-03 13:17 . 2014-04-03 13:17	--------	d-----w-	c:\programdata\vlep
2014-04-03 13:17 . 2014-04-03 13:17	--------	d-----w-	c:\programdata\akyt
2014-04-03 13:16 . 2014-04-03 13:17	--------	d-----w-	c:\programdata\axag
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\ebek
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\idal
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\uwut
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\avir
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\ekeh
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\utgh
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\ufub
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\ixav
2014-04-03 13:16 . 2014-04-03 13:22	--------	d-----w-	c:\programdata\ebum
2014-04-03 13:16 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\idav
2014-04-03 13:15 . 2014-04-03 13:16	--------	d-----w-	c:\programdata\ylyn
2014-04-03 13:15 . 2014-04-03 13:15	--------	d-----w-	c:\programdata\egep
2014-04-03 13:15 . 2014-04-03 13:15	--------	d-----w-	c:\programdata\ifzc
2014-04-03 13:15 . 2014-04-03 13:15	--------	d-----w-	c:\programdata\ugqg
2014-04-03 13:15 . 2014-04-03 13:15	--------	d-----w-	c:\programdata\ylij
2014-04-03 13:15 . 2014-04-03 13:15	--------	d-----w-	c:\programdata\okoz
2014-04-03 13:15 . 2014-04-03 13:15	--------	d-----w-	c:\programdata\ofuh
2014-04-03 13:14 . 2014-04-03 13:15	--------	d-----w-	c:\programdata\ymaf
2014-04-03 13:14 . 2014-04-03 13:14	--------	d-----w-	c:\programdata\asih
2014-04-03 13:14 . 2014-04-03 13:14	--------	d-----w-	c:\programdata\unun
2014-04-03 13:14 . 2014-04-03 13:14	--------	d-----w-	c:\programdata\azah
2014-04-03 13:14 . 2014-04-03 13:14	--------	d-----w-	c:\programdata\ofoz
2014-04-03 13:14 . 2014-04-03 13:14	--------	d-----w-	c:\programdata\awib
2014-04-03 13:14 . 2014-04-03 13:14	--------	d-----w-	c:\programdata\azys
2014-04-03 13:14 . 2014-04-03 13:14	--------	d-----w-	c:\programdata\otnh
2014-04-03 13:13 . 2014-04-03 13:14	--------	d-----w-	c:\programdata\lsom
2014-04-03 13:13 . 2014-04-03 13:13	--------	d-----w-	c:\programdata\oxun
2014-04-03 13:13 . 2014-04-03 13:13	--------	d-----w-	c:\programdata\enor
2014-04-03 13:13 . 2014-04-03 13:13	--------	d-----w-	c:\programdata\oxor
2014-04-03 13:13 . 2014-04-03 13:13	--------	d-----w-	c:\programdata\jnjn
2014-04-03 13:13 . 2014-04-03 13:13	--------	d-----w-	c:\programdata\bsbs
2014-04-03 13:13 . 2014-04-03 13:13	--------	d-----w-	c:\programdata\ugov
2014-04-03 13:13 . 2014-04-03 13:13	--------	d-----w-	c:\programdata\upol
2014-04-03 13:13 . 2014-04-03 13:13	--------	d-----w-	c:\programdata\hxil
2014-04-03 13:12 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\ezjf
2014-04-03 13:12 . 2014-04-03 13:20	--------	d-----w-	c:\programdata\ohuf
2014-04-03 13:12 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\oboc
2014-04-03 13:12 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\jfgs
2014-04-03 13:12 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\awih
2014-04-03 13:12 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\dwqc
2014-04-03 13:12 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\idyq
2014-04-03 13:12 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\otlb
2014-04-03 13:12 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\ypin
2014-04-03 13:11 . 2014-04-03 13:12	--------	d-----w-	c:\programdata\fral
2014-04-03 13:11 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\ydav
2014-04-03 13:11 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\edur
2014-04-03 13:11 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\qnex
2014-04-03 13:11 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\inig
2014-04-03 13:11 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\ekew
2014-04-03 13:11 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\pron
2014-04-03 13:11 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\erxr
2014-04-03 13:11 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\uvoq
2014-04-03 13:10 . 2014-04-03 13:11	--------	d-----w-	c:\programdata\akzk
2014-04-03 13:10 . 2014-04-03 13:10	--------	d-----w-	c:\programdata\knal
2014-04-03 13:10 . 2014-04-03 13:10	--------	d-----w-	c:\programdata\ewec
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 09:29 . 2013-04-08 11:42	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 09:29 . 2013-04-08 11:42	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 08:52 . 2013-01-20 13:59	133928	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-21 07:51 . 2013-04-25 07:05	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-28 08:37 . 2014-01-28 08:37	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-25 00:19 . 2014-01-25 00:19	268512	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:33 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-06 291608]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2012-03-21 255208]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"TAG_A1Dashboard_Launcher.exe"="c:\program files (x86)\A1 Dashboard\A1Dashboard_Launcher.exe" [2013-07-03 531000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\lcStarter.exe [2012-1-19 21504]
newreminderdialog.lnk - c:\program files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe [2012-1-25 931096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys;c:\windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 FUJ02E3Service;FUJ02E3Service;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 TAG_Service;A1 Dashboard Service;c:\program files (x86)\A1 Dashboard\A1Dashboard_Service.exe;c:\program files (x86)\A1 Dashboard\A1Dashboard_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys;c:\windows\SYSNATIVE\drivers\FUJ02E3.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 09:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-12-20 589176]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\fuj02e3.exe" [2011-11-24 76104]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2011-10-03 205168]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2011-10-01 158024]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2011-10-01 23368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-30 440600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://landumhollabrunn.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 20.20.20.2
TCP: Interfaces\{0505D1E1-F888-4885-A0EE-12748D60855D}: NameServer = 194.48.139.254 194.48.128.199
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-04  09:08:54
ComboFix-quarantined-files.txt  2014-04-04 07:08
.
Vor Suchlauf: 16 Verzeichnis(se), 431.969.820.672 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 431.556.599.808 Bytes frei
.
- - End Of File - - 1933647D0891DCEDD317EF48F0D0F9C5
         
ComboFix hat keine Meldungen gebracht, auch von einem Upload habe ich nichts gesehen.

frst.txt kann ich nicht posten, der Text ist zu lang.

Alt 04.04.2014, 09:02   #8
Bootsektor
Ruhe in Frieden
† 2019
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hallo Ohtarwen,

sehr gut. Das war richtig so.

Teile bitte das Log von FRST in mehrere Stücke und poste es dann in mehreren Beiträgen hier in deinen Thread.

Alt 04.04.2014, 09:29   #9
Ohtarwen
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



OK, ich teile.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by landumhollabrunn (administrator) on LANDUMHOLLABRUN on 04-04-2014 09:29:46
Running from C:\Users\landumhollabrunn\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TAG_A1Dashboard_Launcher.exe] - C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Launcher.exe [531000 2013-07-03] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://landumhollabrunn.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {19BF8574-BCDD-4FDB-90B2-115759B4B8FD} URL = 
SearchScopes: HKCU - {19BF8574-BCDD-4FDB-90B2-115759B4B8FD} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0505D1E1-F888-4885-A0EE-12748D60855D}: [NameServer]194.48.139.254 194.48.128.199

==================== Services (Whitelisted) =================

R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-24] (FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
R2 TAG_Service; C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Service.exe [510520 2013-07-03] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-01-06] (Microsoft Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [101120 2007-03-21] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 09:29 - 2014-04-04 09:29 - 00012236 _____ () C:\Users\landumhollabrunn\Desktop\FRST.txt
2014-04-04 09:28 - 2014-04-04 09:28 - 00028228 _____ () C:\Users\landumhollabrunn\Desktop\ComboFix.txt
2014-04-04 09:08 - 2014-04-04 09:08 - 00028228 _____ () C:\ComboFix.txt
2014-04-04 07:49 - 2014-04-04 07:49 - 05193944 ____R (Swearware) C:\Users\landumhollabrunn\Desktop\ComboFix.exe
2014-04-03 15:36 - 2014-04-03 15:36 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-03 15:36 - 2014-04-03 15:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-03 15:36 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 15:36 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 15:36 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 15:25 - 2014-04-03 15:27 - 00000000 ____D () C:\ProgramData\icuf
2014-04-03 15:25 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\usjk
2014-04-03 15:24 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\kghd
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\ynyp
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\oqup
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\objm
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\jjun
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\imif
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\exqr
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\equg
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\axaq
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\alan
2014-04-03 15:23 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\uznm
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ysab
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhyw
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhys
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhis
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\xlug
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\uwum
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ipaj
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\inyv
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\engx
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ejed
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ahiw
2014-04-03 15:22 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\epuq
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\xluv
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\ufjh
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\olep
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\knaq
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\gmos
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\exuj
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\btaw
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\agyx
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\yjyl
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\uron
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\owut
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\odpn
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ixaq
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\iril
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ipix
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ific
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ekez
2014-04-03 15:20 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\owef
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\yvid
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\yfim
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\uhut
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\rdox
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\oveg
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\jxur
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\jjoj
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\ifyt
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\etow
2014-04-03 15:19 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\okew
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\yktk
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\ygix
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\ycik
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\upug
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\onex
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\oceb
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\aziw
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\ywas
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\uvov
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\usuk
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\uqep
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\obot
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\lmob
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\ikam
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\awtw
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\araq
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\anap
2014-04-03 15:17 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\ujen
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\vlep
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\uned
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\ipyj
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\akyt
2014-04-03 15:16 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\ebum
2014-04-03 15:16 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\axag
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\uwut
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\utgh
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ufub
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ixav
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\idav
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\idal
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ekeh
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ebek
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\avir
2014-04-03 15:15 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ylyn
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ylij
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ugqg
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\okoz
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ofuh
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ifzc
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\egep
2014-04-03 15:14 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ymaf
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\unun
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\otnh
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\ofoz
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\azys
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\azah
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\awib
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\asih
2014-04-03 15:13 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\lsom
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\upol
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\ugov
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\oxun
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\oxor
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\jnjn
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\hxil
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\enor
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\bsbs
2014-04-03 15:12 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\ohuf
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ypin
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\otlb
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\oboc
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\jfgs
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\idyq
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ezjf
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\dwqc
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\awih
2014-04-03 15:11 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\fral
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\ydav
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\uvoq
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\qnex
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\pron
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\inig
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\erxr
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\ekew
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\edur
2014-04-03 15:10 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\akzk
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\yfyt
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ulqp
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ulov
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\knal
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\isiw
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ewec
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\apir
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\agax
2014-04-03 15:09 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\yvan
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ywyz
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ugug
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\opeg
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ipyd
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\erjx
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\dbot
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\akak
2014-04-03 15:08 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\ozet
2014-04-03 15:08 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ujoj
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\yfat
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ufeh
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ofeb
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\lsek
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\iqyr
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ilbn
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\icyk
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\adtv
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\adfg
2014-04-03 15:07 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\asyw
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\yzsz
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ywiw
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\yril
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ypkx
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ygan
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\udnd
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\amim
2014-04-03 15:06 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\efos
2014-04-03 15:06 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\upop
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\ywiz
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\odor
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\iryv
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\edgd
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\akkf
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\abaw
2014-04-03 15:05 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\orej
2014-04-03 15:05 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\ygyj
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\uzuc
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\uror
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\umps
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\qwet
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\jjon
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ilad
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ijiv
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\anmv
2014-04-03 15:04 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\aryp
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\uxoj
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\omuw
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\obum
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\jlol
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\jkez
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\exux
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\djud
2014-04-03 15:03 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\ykam
2014-04-03 15:03 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\olev
2014-04-03 15:03 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\ajig
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ylaj
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ykaf
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\uhum
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\osoc
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\egug
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\aryg
2014-04-03 15:02 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ecuw
2014-04-03 15:02 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\lzec
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\opjl
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\ndur
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\kzas
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\iraq
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\erur
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\azyh
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\asaw
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\asas
2014-04-03 15:01 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\acac
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ywss
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\oqpp
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\okgw
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ogug
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ofow
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\jteb
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\izah
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\igar
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ejqd
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\egll
2014-04-03 15:00 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\izyw
2014-04-03 15:00 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\yfic
2014-04-03 15:00 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\zhis
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\uvuv
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ifyc
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\evop
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\esef
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ejon
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ahys
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\acyt
2014-04-03 14:59 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\icic
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\ytat
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\ygij
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uvel
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uveg
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uhok
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\udxr
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\oded
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\bcik
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\awyw
2014-04-03 14:58 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\etus
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ytyf
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ycac
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\qzef
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ohjf
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ivbx
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\dlog
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\avmn
2014-04-03 14:57 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\odod
2014-04-03 14:57 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ojdn
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\yfkk
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\pzoc
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\otos
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\hmim
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\epog
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\ebec
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\avyj
2014-04-03 14:56 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\ehem
2014-04-03 14:56 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ulug
2014-04-03 14:56 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\ydip
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ugog
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ivij
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\evel
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\emez
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ebrt
2014-04-03 14:55 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ywaw
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\uruj
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\unpd
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\odox
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\obuf
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\izmw
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\enqn
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\azih
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\atif
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\agar
2014-04-03 14:54 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ehot
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\ygax
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\itif
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\isib
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\imat
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\exen
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\emoh
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\aril
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\afak
2014-04-03 14:53 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ityk
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\vsut
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ogov
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\icak
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ezdc
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\agyj
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\afyt
2014-04-03 14:52 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ozum
2014-04-03 14:52 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ofob
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ymak
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\usek
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\uluv
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\smac
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ozjt
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ilax
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\igax
2014-04-03 14:51 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\omow
2014-04-03 14:51 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\esec
2014-04-03 14:51 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\hhyh
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\wmit
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\utew
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\orun
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\oquv
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\jfus
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\ixiq
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\efqh
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\axal
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\asys
2014-04-03 14:50 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\bxal
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\yzih
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\xklh
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\usef
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ozuk
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ijig
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\idip
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\esuk
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ehuf
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\agij
2014-04-03 14:49 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\awaz
2014-04-03 14:49 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\ywah
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ykwf
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\otuw
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\otew
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\opul
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ollg
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\isah
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\icam
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\epep
2014-04-03 14:48 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\emeb
2014-04-03 14:48 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\eduj
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\yzah
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\yvyj
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\tfit
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\shis
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\ipin
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\ihyw
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\exoj
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\chys
2014-04-03 14:47 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\oqep
2014-04-03 14:47 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\otow
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\yxiq
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\ysyw
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\oxex
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\lzoc
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\iqyd
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\gcuz
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\fwyz
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\acif
2014-04-03 14:46 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\ehuc
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\utub
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\upep
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\unox
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\ubjm
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\oxej
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\omoz
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\ohuc
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\mqsd
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\isyh
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\agyr
2014-04-03 14:45 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ydyq
2014-04-03 14:45 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\fvir
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\yzas
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ynil
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\utak
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\urej
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\tcat
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ifim
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ibaz
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\asab
2014-04-03 14:44 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\ycym
2014-04-03 14:44 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ajyq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\uqlq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\uguq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\olgq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ihyb
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\hsiz
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ewoc
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ajip
2014-04-03 14:43 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\adig
2014-04-03 14:43 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\inal
2014-04-03 14:43 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ahih
2014-04-03 14:43 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\iftc
2014-04-03 14:43 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\atit
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\ydyv
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\upuq
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\olul
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\okeb
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\esdt
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\aqyj
2014-04-03 14:42 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\yjiv
2014-04-03 14:42 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ozof
2014-04-03 14:42 - 2014-04-03 14:43 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\Mails
2014-04-03 14:42 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\yntp
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ypij
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ygyx
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\owof
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\inyl
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ewjm
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\etuh
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\arkv
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\arcg
2014-04-03 14:41 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ufob
2014-04-03 14:41 - 2014-04-03 14:42 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{8659CC7B-74B5-47E7-B1DC-1CB395F008D5}
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ykyc
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\yjag
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\uqpp
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\orex
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\kfat
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\igmd
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ibah
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\epdp
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\enun
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ejod
2014-04-03 14:40 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ifym
2014-04-03 14:40 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\ipij
2014-04-03 14:40 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\igij
2014-04-03 14:40 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\jder
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\yxaq
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\yfif
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\ovlg
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\nmuw
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\nboc
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\iqar
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\afyf
2014-04-03 14:39 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ifyf
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ydap
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ycyc
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ufuh
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ubum
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\scit
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\otoh
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ogup
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\odur
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\icit
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\eqoq
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\afaf
2014-04-03 14:38 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ohoc
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ynaq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ylyr
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\vdox
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\umos
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\uloq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\uhec
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\sxiq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\omob
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\iryg
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ipyx
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\anbl
2014-04-03 14:37 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ilsx
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\yxig
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\ykyk
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\upjl
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\twys
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\pgvq
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\iwyz
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\iwih
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\etub
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\emuw
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\bdyl
2014-04-03 14:36 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\ufow
2014-04-03 14:36 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\ykyf
2014-04-03 14:36 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\epoq
2014-04-03 14:36 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\ilyn
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\uwok
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\upul
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\owgk
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\otus
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ofeh
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ekus
2014-04-03 14:35 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ikac
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ykim
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uxur
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\urjx
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uqol
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\unqn
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uhoc
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\kbts
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ifit
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ezoc
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ewut
2014-04-03 14:34 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\ewof
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ugup
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\udex
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\opeq
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\inyg
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ikak
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ezrf
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ezom
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\edud
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\asyb
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ahib
2014-04-03 14:33 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\erox
2014-04-03 14:33 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\otqz
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\zvyj
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ytac
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\opuq
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\opel
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ixag
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ahiz
2014-04-03 14:32 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\ohef
2014-04-03 14:32 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ackt
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\yrap
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\uwoc
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\iziz
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\imik
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\igyj
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\hxag
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\awab
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\arip
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\adap
2014-04-03 14:31 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\erux
2014-04-03 14:31 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\awas
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ubok
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\orux
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ohof
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ifaf
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\idzq
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ecrs
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ajiq
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\acik
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\abih
2014-04-03 14:30 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ajag
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\wbyh
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ssss
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ojux
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\obok
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\lxvn
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\inyp
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ihih
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\afyc
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\afac
2014-04-03 14:29 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\afik
2014-04-03 14:29 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\utoz
2014-04-03 14:29 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\uduj
2014-04-03 14:29 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ewuk
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\yfyc
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\xxon
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\xkes
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\vnpd
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\tbys
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\oxux
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\ewem
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\aksc
2014-04-03 14:28 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\amic
2014-04-03 14:28 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\owok
2014-04-03 14:28 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\udjj
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ydiq
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ydcq
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\udur
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ivmn
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\idiv
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\etoh
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\amyc
2014-04-03 14:27 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ylad
2014-04-03 14:27 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\uxod
2014-04-03 14:27 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ybyb
2014-04-03 14:27 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\uhof
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\yhiw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\ybmw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\usot
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\mwaw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\epop
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\aryq
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\adyv
2014-04-03 14:26 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ymam
2014-04-03 14:26 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\ebuk
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\yvax
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\uxdx
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\umes
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ohgt
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\jhok
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ivsj
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ikmt
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\idyp
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\dwem
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ajsv
2014-04-03 14:25 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\egup
2014-04-03 14:25 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ebuc
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\uqeg
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\unex
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\udud
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\oqqv
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\izyz
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\iriq
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\imit
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\hcyc
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\edon
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\afif
2014-04-03 14:24 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\eset
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\yziw
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\uxox
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\tlan
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\ored
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\opug
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\ityf
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\epul
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\eguq
2014-04-03 14:23 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\yxip
2014-04-03 14:23 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ylin
2014-04-03 14:23 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\otez
2014-04-03 14:23 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\oleg
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\wjav
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\uhdm
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ovog
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ohrk
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ibts
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\anyp
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ajiv
2014-04-03 14:22 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\jfew
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\wnyl
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\unur
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\pdex
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\kzab
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\inip
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\eqeq
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\epug
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\atff
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\asis
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\ashh
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\adal
2014-04-03 14:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ejen
2014-04-03 14:21 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\udon
2014-04-03 14:21 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\egop
2014-04-03 14:21 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\upeg
2014-04-03 14:21 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\yzyh
2014-04-03 14:21 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\erdd
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\uvop
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\unor
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\pren
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\orgj
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\ahas
2014-04-03 14:20 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\ozoc
2014-04-03 14:20 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\ydig
2014-04-03 14:20 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\yrav
2014-04-03 14:20 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\ebef
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ytaf
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\unoj
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\tpaj
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\slir
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\jqug
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ikif
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\fhaw
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ahis
2014-04-03 14:19 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\yjil
2014-04-03 14:19 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\otob
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\sryp
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\sdyg
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\qzum
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\iwib
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ivwr
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ilyx
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ilix
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\dxrd
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\dmes
2014-04-03 14:18 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\ikic
2014-04-03 14:18 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\asib
2014-04-03 14:18 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uxed
2014-04-03 14:18 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\ejoj
2014-04-03 14:18 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ppug
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\usok
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\upev
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ogol
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ofrz
2014-04-03 14:17 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\ydal
2014-04-03 14:17 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\bjiv
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\upeq
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\tmac
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\pzdc
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ozef
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ojed
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ksab
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\epov
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\eceh
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\amyk
2014-04-03 14:16 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\ipid
2014-04-03 14:16 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\axil
2014-04-03 14:16 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ivix
2014-04-03 14:16 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\ohot
2014-04-03 14:16 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\okes
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ujux
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ojox
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ilyr
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\efus
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\alix
2014-04-03 14:15 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\avaj
2014-04-03 14:15 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\yqaj
2014-04-03 14:15 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\iriv
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ynag
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ybis
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\vgoq
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ukez
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\udrr
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ucph
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ezrc
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ewed
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ebok
2014-04-03 14:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\upel
2014-04-03 14:14 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\icif
2014-04-03 14:14 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\eguv
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\yzis
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\ysyb
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\ujrj
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\qfus
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\pkrh
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\orud
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\exud
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\awiz
2014-04-03 14:13 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ecuh
2014-04-03 14:13 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\ijag
2014-04-03 14:13 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ylir
2014-04-03 14:13 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\izis
2014-04-03 14:13 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ygar
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ypmj
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\wsaz
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ofew
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ewek
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\evog
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\eprv
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\anyv
2014-04-03 14:12 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\ujor
2014-04-03 14:12 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\evov
2014-04-03 14:12 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\afym
2014-04-03 14:12 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\iwab
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ywib
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ugel
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\shaw
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\rjej
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ityt
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\epev
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\axyg
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\aqix
2014-04-03 14:11 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ujod
2014-04-03 14:11 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ykat
2014-04-03 14:11 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ezuf
2014-04-03 14:11 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\iwis
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\uzok
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ugeg
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\inhv
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ewef
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\dded
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\awzs
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\aryv
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\aqad
2014-04-03 14:10 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\ylan
2014-04-03 14:10 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\ihys
2014-04-03 14:10 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\epeg
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\skwf
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\oqop
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ojpx
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\idhg
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\fmkt
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ezec
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\elog
2014-04-03 14:09 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\udun
2014-04-03 14:09 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\yqir
2014-04-03 14:09 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\uvol
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\otoz
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\oklh
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ofes
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ocos
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\icyt
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ewum
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\eveg
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\eloq
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\aqax
2014-04-03 14:08 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\ijyl
2014-04-03 14:08 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ylix
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ubom
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ipir
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\efjh
2014-04-03 11:05 - 2014-04-03 11:05 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{CAC68900-655D-41C8-B222-3D2CFA1EC8E4}
2014-04-03 08:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-03 08:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-03 08:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-03 08:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-02 17:14 - 2014-04-04 09:08 - 00000000 ____D () C:\Qoobox
2014-04-02 17:13 - 2014-04-03 09:20 - 00000000 ____D () C:\Windows\erdnt
2014-04-02 16:59 - 2014-04-02 16:09 - 01426178 _____ () C:\Users\landumhollabrunn\Desktop\adwcleaner.exe
2014-04-02 16:48 - 2014-04-02 16:57 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\TAG
2014-04-02 16:48 - 2014-04-02 16:48 - 00001974 _____ () C:\Users\Public\Desktop\A1 Dashboard.lnk
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\Sierra Wireless
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Program Files (x86)\A1 Dashboard
2014-04-02 16:48 - 2011-08-16 21:47 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-04-02 16:17 - 2014-04-02 16:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-04-02 16:14 - 2014-04-02 16:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\Vodafone
2014-04-02 16:12 - 2014-04-02 16:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2014-04-02 16:11 - 2014-04-02 16:43 - 00000000 ____D () C:\ProgramData\Vodafone
2014-04-02 16:10 - 2014-04-02 16:10 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-02 16:09 - 2014-04-02 16:09 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\Downloaded Installations
2014-04-02 15:50 - 2007-03-21 19:46 - 00101120 _____ (Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\Drivers\ewusbmdm.sys
2014-04-02 15:50 - 2007-03-21 19:46 - 00023424 _____ (Huawei Tech. Co., Ltd.) C:\Windows\SysWOW64\Drivers\ewdcsc.sys
2014-04-02 15:49 - 2014-04-02 15:49 - 00000000 ____D () C:\Program Files (x86)\Huawei technologies
2014-04-02 14:26 - 2014-04-04 09:29 - 00000000 ____D () C:\FRST
2014-04-02 14:11 - 2014-04-02 14:10 - 02157056 _____ (Farbar) C:\Users\landumhollabrunn\Desktop\FRST64.exe
2014-04-02 12:08 - 2014-04-02 12:08 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{D4D4BD83-A465-4628-BE50-F99B2ECE4106}
2014-04-01 08:48 - 2014-04-01 08:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{59848102-330C-4FE5-AABD-F9F020FC7EB2}
2014-03-31 10:49 - 2014-03-31 10:52 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\Siegerwein
2014-03-31 09:01 - 2014-03-31 09:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{CAE9EA0C-B471-475F-85B2-78941E001E17}
2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{4C681DBC-2746-4DB9-B59A-7252ACFF6964}
2014-03-27 14:37 - 2014-03-27 14:39 - 00000000 ____D () C:\AdwCleaner
2014-03-27 14:16 - 2014-04-03 15:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 14:15 - 2014-03-27 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 09:44 - 2014-03-27 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3B581A92-C415-4CD1-9998-7DE823F1F6E2}
2014-03-26 09:53 - 2014-03-26 09:54 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{88F9F5EF-FA11-441F-A765-4B2096E914C8}
2014-03-25 09:13 - 2014-03-25 09:13 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{90A3350E-AAB3-4D60-9785-F16D173F445E}
2014-03-24 10:00 - 2014-03-24 10:00 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DBF45460-D52B-4337-ACD8-7F7D4C48FB00}
2014-03-21 09:32 - 2014-03-21 09:33 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{447E48D2-D74F-47A9-BBB8-75D974A3201C}
2014-03-19 10:29 - 2014-03-19 10:29 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B1BBBE17-7F4F-4044-8B3B-2EF03E3BF39A}
2014-03-18 09:12 - 2014-03-18 09:12 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{A71E70F9-6789-4F28-AAB9-E2EB0421E10E}
2014-03-17 11:20 - 2014-03-17 11:20 - 00001543 _____ () C:\Users\landumhollabrunn\AppData\Local\recently-used.xbel
2014-03-17 09:26 - 2014-03-17 09:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{39321BCF-8928-477F-9C5A-E7A0715923A5}
2014-03-14 10:14 - 2014-03-14 10:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{9CAF92FB-63F9-4650-897F-262D57E904F0}
2014-03-14 09:18 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 09:18 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 09:18 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 09:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 09:18 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 09:18 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 09:18 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 09:18 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 09:18 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 09:18 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 09:18 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 09:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 09:18 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 09:18 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 09:18 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 09:18 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 09:18 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 09:18 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 09:18 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 09:18 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 09:18 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 09:17 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 09:17 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 09:17 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 09:17 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 09:17 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 09:17 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 09:17 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 09:17 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 09:17 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 09:17 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 09:17 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 09:17 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 09:17 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 09:17 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 09:17 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 09:17 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 09:17 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 09:17 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 09:17 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 09:17 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 09:17 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 09:17 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 09:17 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 09:16 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 09:16 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 09:16 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 09:16 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 09:18 - 2014-03-13 09:18 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{E12FD4C4-9A32-438F-AA30-419D45349138}
2014-03-12 09:44 - 2014-03-12 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DA97A697-88E1-4F2D-B9B1-7FC1AF83655A}
2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{8BFB0828-F46E-42F0-8CCD-204F374666D4}
2014-03-10 09:17 - 2014-03-10 09:17 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{711BF6FB-AAF0-44A5-8532-23D388F4E9AD}
2014-03-07 10:20 - 2014-03-07 10:20 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{56156112-1BB8-4EA5-BA8C-D5D5739FB7BB}
2014-03-06 10:26 - 2014-03-06 10:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{EAF36207-84D1-4451-BC3B-8C52FF3D95A0}
2014-03-05 09:58 - 2014-03-05 09:58 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3BDD6960-547E-4615-B78A-E41164F128DD}
         

Alt 04.04.2014, 09:30   #10
Ohtarwen
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Code:
ATTFilter
==================== One Month Modified Files and Folders =======

2014-04-04 09:29 - 2014-04-04 09:29 - 00012236 _____ () C:\Users\landumhollabrunn\Desktop\FRST.txt
2014-04-04 09:29 - 2014-04-02 14:26 - 00000000 ____D () C:\FRST
2014-04-04 09:29 - 2013-09-02 09:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 09:28 - 2014-04-04 09:28 - 00028228 _____ () C:\Users\landumhollabrunn\Desktop\ComboFix.txt
2014-04-04 09:08 - 2014-04-04 09:08 - 00028228 _____ () C:\ComboFix.txt
2014-04-04 09:08 - 2014-04-02 17:14 - 00000000 ____D () C:\Qoobox
2014-04-04 09:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-04 08:11 - 2013-04-05 11:59 - 01184274 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 07:49 - 2014-04-04 07:49 - 05193944 ____R (Swearware) C:\Users\landumhollabrunn\Desktop\ComboFix.exe
2014-04-04 07:48 - 2012-01-06 19:54 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 07:48 - 2012-01-06 19:54 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 07:48 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 07:41 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 07:41 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 07:35 - 2013-04-05 12:25 - 00000000 ____D () C:\Users\landumhollabrunn\Documents\Youcam
2014-04-04 07:34 - 2013-07-15 10:27 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\FreePDF_XP
2014-04-04 07:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 07:33 - 2009-07-14 06:51 - 00087183 _____ () C:\Windows\setupact.log
2014-04-03 15:56 - 2013-04-17 10:59 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\CrashDumps
2014-04-03 15:37 - 2014-03-27 14:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 15:36 - 2014-04-03 15:36 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-03 15:36 - 2014-04-03 15:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-03 15:27 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\icuf
2014-04-03 15:25 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\usjk
2014-04-03 15:25 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\kghd
2014-04-03 15:25 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\okew
2014-04-03 15:25 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ozet
2014-04-03 15:25 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\yjil
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\ynyp
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\oqup
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\objm
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\jjun
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\imif
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\exqr
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\equg
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\axaq
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\alan
2014-04-03 15:24 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\uznm
2014-04-03 15:24 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\ujen
2014-04-03 15:24 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ufow
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ysab
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhyw
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhys
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhis
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\xlug
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\uwum
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ipaj
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\inyv
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\engx
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ejed
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ahiw
2014-04-03 15:23 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\epuq
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\xluv
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\ufjh
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\olep
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\knaq
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\gmos
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\exuj
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\btaw
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\agyx
2014-04-03 15:22 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ebum
2014-04-03 15:22 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\oqep
2014-04-03 15:22 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ozoc
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\yjyl
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\uron
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\owut
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\odpn
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ixaq
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\iril
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ipix
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ific
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ekez
2014-04-03 15:21 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\owef
2014-04-03 15:21 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ozum
2014-04-03 15:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\ejen
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\yvid
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\yfim
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\uhut
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\rdox
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\oveg
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\jxur
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\jjoj
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\ifyt
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\etow
2014-04-03 15:20 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ohuf
2014-04-03 15:20 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ehem
2014-04-03 15:20 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\udon
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\yktk
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\ygix
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\ycik
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\upug
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\onex
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\oceb
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\aziw
2014-04-03 15:19 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\asyw
2014-04-03 15:19 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\etus
2014-04-03 15:19 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ycym
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\ywas
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\uvov
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\usuk
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\uqep
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\obot
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\lmob
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\ikam
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\awtw
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\araq
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\anap
2014-04-03 15:18 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\efos
2014-04-03 15:18 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\omow
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\vlep
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\uned
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\ipyj
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\akyt
2014-04-03 15:17 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\axag
2014-04-03 15:17 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ykam
2014-04-03 15:17 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\izyw
2014-04-03 15:17 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\emeb
2014-04-03 15:17 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ipid
2014-04-03 15:17 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\axil
2014-04-03 15:17 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ylan
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\uwut
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\utgh
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ufub
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ixav
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\idav
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\idal
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ekeh
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ebek
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\avir
2014-04-03 15:16 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ylyn
2014-04-03 15:16 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\ecuw
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ylij
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ugqg
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\okoz
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ofuh
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ifzc
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\egep
2014-04-03 15:15 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\ymaf
2014-04-03 15:15 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\ywaw
2014-04-03 15:15 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\adig
2014-04-03 15:15 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\ifym
2014-04-03 15:15 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ymam
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\unun
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\otnh
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\ofoz
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\azys
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\azah
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\awib
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\asih
2014-04-03 15:14 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\lsom
2014-04-03 15:14 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\ipij
2014-04-03 15:14 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\yxip
2014-04-03 15:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\upel
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\upol
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\ugov
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\oxun
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\oxor
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\jnjn
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\hxil
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\enor
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\bsbs
2014-04-03 15:13 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\orej
2014-04-03 15:13 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\ohef
2014-04-03 15:13 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\avaj
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ypin
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\otlb
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\oboc
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\jfgs
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\idyq
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ezjf
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\dwqc
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\awih
2014-04-03 15:12 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\fral
2014-04-03 15:12 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ityk
2014-04-03 15:12 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ivix
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\ydav
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\uvoq
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\qnex
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\pron
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\inig
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\erxr
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\ekew
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\edur
2014-04-03 15:11 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\akzk
2014-04-03 15:11 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\odod
2014-04-03 15:11 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ykyf
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\yfyt
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ulqp
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ulov
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\knal
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\isiw
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ewec
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\apir
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\agax
2014-04-03 15:10 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\yvan
2014-04-03 15:10 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\upop
2014-04-03 15:10 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\yfic
2014-04-03 15:10 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\ehot
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ywyz
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ugug
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\opeg
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ipyd
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\erjx
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\dbot
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\akak
2014-04-03 15:09 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ujoj
2014-04-03 15:09 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\olev
2014-04-03 15:09 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\eduj
2014-04-03 15:09 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\inal
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\yfat
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ufeh
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ofeb
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\lsek
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\iqyr
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ilbn
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\icyk
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\adtv
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\adfg
2014-04-03 15:08 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ylin
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\yzsz
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ywiw
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\yril
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ypkx
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ygan
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\udnd
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\amim
2014-04-03 15:07 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ulug
2014-04-03 15:07 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\yjiv
2014-04-03 15:07 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\ylad
2014-04-03 15:07 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\udun
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\ywiz
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\odor
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\iryv
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\edgd
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\akkf
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\abaw
2014-04-03 15:06 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ygyj
2014-04-03 15:06 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\awaz
2014-04-03 15:06 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ydig
2014-04-03 15:06 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ikic
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\uzuc
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\uror
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\umps
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\qwet
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\jjon
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ilad
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ijiv
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\anmv
2014-04-03 15:05 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\aryp
2014-04-03 15:05 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\afik
2014-04-03 15:05 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ecuh
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\uxoj
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\omuw
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\obum
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\jlol
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\jkez
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\exux
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\djud
2014-04-03 15:04 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ajig
2014-04-03 15:04 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ywah
2014-04-03 15:04 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\asib
2014-04-03 15:04 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ijyl
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ylaj
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ykaf
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\uhum
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\osoc
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\egug
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\aryg
2014-04-03 15:03 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\lzec
2014-04-03 15:03 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ufob
2014-04-03 15:03 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\egop
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\opjl
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\ndur
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\kzas
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\iraq
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\erur
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\azyh
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\asaw
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\asas
2014-04-03 15:02 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\acac
2014-04-03 15:02 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ydip
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ywss
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\oqpp
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\okgw
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ogug
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ofow
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\jteb
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\izah
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\igar
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ejqd
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\egll
2014-04-03 15:01 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\zhis
2014-04-03 15:01 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\erox
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\uvuv
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ifyc
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\evop
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\esef
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ejon
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ahys
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\acyt
2014-04-03 15:00 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\icic
2014-04-03 15:00 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\egup
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\ytat
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\ygij
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uvel
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uveg
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uhok
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\udxr
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\oded
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\bcik
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\awyw
2014-04-03 14:59 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\uxed
2014-04-03 14:59 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ydal
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ytyf
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ycac
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\qzef
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ohjf
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ivbx
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\dlog
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\avmn
2014-04-03 14:58 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\ojdn
2014-04-03 14:58 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\yrav
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\yfkk
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\pzoc
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\otos
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\hmim
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\epog
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\ebec
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\avyj
2014-04-03 14:57 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\igij
2014-04-03 14:57 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ejoj
2014-04-03 14:57 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ohot
2014-04-03 14:57 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ijag
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ugog
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ivij
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\evel
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\emez
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ebrt
2014-04-03 14:56 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\esec
2014-04-03 14:56 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\amic
2014-04-03 14:56 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ylir
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\uruj
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\unpd
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\odox
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\obuf
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\izmw
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\enqn
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\azih
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\atif
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\agar
2014-04-03 14:55 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\epoq
2014-04-03 14:55 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\upeg
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\ygax
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\itif
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\isib
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\imat
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\exen
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\emoh
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\aril
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\afak
2014-04-03 14:54 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\uxod
2014-04-03 14:54 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ujor
2014-04-03 14:54 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\yqir
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\vsut
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ogov
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\icak
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ezdc
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\agyj
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\afyt
2014-04-03 14:53 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ofob
2014-04-03 14:53 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ydyq
2014-04-03 14:53 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\owok
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ymak
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\usek
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\uluv
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\smac
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ozjt
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ilax
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\igax
2014-04-03 14:52 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\hhyh
2014-04-03 14:52 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\ahih
2014-04-03 14:52 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\utoz
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\wmit
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\utew
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\orun
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\oquv
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\jfus
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\ixiq
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\efqh
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\axal
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\asys
2014-04-03 14:51 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\bxal
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\yzih
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\xklh
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\usef
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ozuk
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ijig
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\idip
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\esuk
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ehuf
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\agij
2014-04-03 14:50 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ujod
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ykwf
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\otuw
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\otew
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\opul
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ollg
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\isah
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\icam
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\epep
2014-04-03 14:49 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\otow
2014-04-03 14:49 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\ybyb
2014-04-03 14:49 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\evov
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\yzah
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\yvyj
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\tfit
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\shis
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\ipin
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\ihyw
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\exoj
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\chys
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\yxiq
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\ysyw
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\oxex
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\lzoc
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\iqyd
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\gcuz
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\fwyz
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\acif
2014-04-03 14:47 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\ehuc
2014-04-03 14:47 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ewof
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\utub
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\upep
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\unox
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\ubjm
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\oxej
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\omoz
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\ohuc
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\mqsd
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\isyh
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\agyr
2014-04-03 14:46 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\fvir
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\yzas
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ynil
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\utak
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\urej
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\tcat
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ifim
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ibaz
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\asab
2014-04-03 14:45 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ajyq
2014-04-03 14:45 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ozof
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\uqlq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\uguq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\olgq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ihyb
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\hsiz
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ewoc
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ajip
2014-04-03 14:44 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\iftc
2014-04-03 14:44 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\atit
2014-04-03 14:44 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ifyf
2014-04-03 14:44 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\erux
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\ydyv
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\upuq
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\olul
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\okeb
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\esdt
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\aqyj
2014-04-03 14:43 - 2014-04-03 14:42 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\Mails
2014-04-03 14:43 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\yntp
2014-04-03 14:43 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ihys
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ypij
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ygyx
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\owof
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\inyl
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ewjm
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\etuh
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\arkv
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\arcg
2014-04-03 14:42 - 2014-04-03 14:41 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{8659CC7B-74B5-47E7-B1DC-1CB395F008D5}
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ykyc
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\yjag
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\uqpp
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\orex
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\kfat
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\igmd
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ibah
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\epdp
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\enun
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ejod
2014-04-03 14:41 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\jder
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\yxaq
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\yfif
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\ovlg
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\nmuw
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\nboc
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\iqar
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\afyf
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ydap
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ycyc
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ufuh
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ubum
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\scit
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\otoh
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ogup
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\odur
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\icit
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\eqoq
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\afaf
2014-04-03 14:39 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ohoc
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ynaq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ylyr
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\vdox
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\umos
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\uloq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\uhec
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\sxiq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\omob
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\iryg
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ipyx
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\anbl
2014-04-03 14:38 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\ilsx
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\yxig
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\ykyk
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\upjl
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\twys
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\pgvq
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\iwyz
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\iwih
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\etub
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\emuw
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\bdyl
2014-04-03 14:37 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ilyn
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\uwok
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\upul
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\owgk
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\otus
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ofeh
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ekus
2014-04-03 14:36 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ikac
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ykim
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uxur
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\urjx
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uqol
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\unqn
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uhoc
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\kbts
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ifit
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ezoc
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ewut
2014-04-03 14:35 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\yzyh
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ugup
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\udex
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\opeq
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\inyg
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ikak
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ezrf
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ezom
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\edud
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\asyb
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ahib
2014-04-03 14:34 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\otqz
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\zvyj
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ytac
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\opuq
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\opel
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ixag
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ahiz
2014-04-03 14:33 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\ackt
2014-04-03 14:33 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\afym
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\yrap
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\uwoc
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\iziz
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\imik
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\igyj
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\hxag
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\awab
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\arip
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\adap
2014-04-03 14:32 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\awas
2014-04-03 14:32 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\uduj
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ubok
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\orux
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ohof
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ifaf
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\idzq
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ecrs
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ajiq
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\acik
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\abih
2014-04-03 14:31 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ajag
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\wbyh
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ssss
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ojux
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\obok
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\lxvn
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\inyp
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ihih
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\afyc
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\afac
2014-04-03 14:30 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\ewuk
2014-04-03 14:30 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\izis
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\yfyc
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\xxon
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\xkes
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\vnpd
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\tbys
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\oxux
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\ewem
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\aksc
2014-04-03 14:29 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\udjj
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ydiq
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ydcq
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\udur
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ivmn
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\idiv
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\etoh
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\amyc
2014-04-03 14:28 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\uhof
2014-04-03 14:28 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\icif
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\yhiw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\ybmw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\usot
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\mwaw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\epop
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\aryq
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\adyv
2014-04-03 14:27 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ebuk
2014-04-03 14:27 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\otez
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\yvax
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\uxdx
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\umes
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ohgt
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\jhok
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ivsj
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ikmt
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\idyp
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\dwem
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ajsv
2014-04-03 14:26 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\ebuc
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\uqeg
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\unex
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\udud
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\oqqv
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\izyz
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\iriq
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\imit
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\hcyc
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\edon
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\afif
2014-04-03 14:25 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\eset
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\yziw
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\uxox
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\tlan
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\ored
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\opug
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\ityf
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\epul
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\eguq
2014-04-03 14:24 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\oleg
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\wjav
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\uhdm
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ovog
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ohrk
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ibts
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\anyp
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ajiv
2014-04-03 14:23 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\jfew
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\wnyl
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\unur
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\pdex
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\kzab
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\inip
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\eqeq
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\epug
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\atff
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\asis
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\ashh
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\adal
2014-04-03 14:22 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\erdd
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\uvop
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\unor
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\pren
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\orgj
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\ahas
2014-04-03 14:21 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ebef
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ytaf
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\unoj
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\tpaj
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\slir
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\jqug
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ikif
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\fhaw
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ahis
2014-04-03 14:20 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\otob
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\sryp
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\sdyg
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\qzum
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\iwib
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ivwr
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ilyx
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ilix
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\dxrd
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\dmes
2014-04-03 14:19 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ppug
2014-04-03 14:19 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ygar
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\usok
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\upev
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ogol
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ofrz
2014-04-03 14:18 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\bjiv
2014-04-03 14:18 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\yqaj
2014-04-03 14:18 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ykat
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\upeq
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\tmac
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\pzdc
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ozef
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ojed
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ksab
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\epov
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\eceh
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\amyk
2014-04-03 14:17 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\okes
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ujux
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ojox
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ilyr
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\efus
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\alix
2014-04-03 14:16 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\iriv
2014-04-03 14:16 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ezuf
2014-04-03 14:16 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\epeg
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ynag
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ybis
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\vgoq
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ukez
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\udrr
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ucph
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ezrc
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ewed
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ebok
2014-04-03 14:15 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\eguv
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\yzis
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\ysyb
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\ujrj
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\qfus
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\pkrh
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\orud
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\exud
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\awiz
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ypmj
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\wsaz
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ofew
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ewek
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\evog
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\eprv
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\anyv
2014-04-03 14:13 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\iwab
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ywib
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ugel
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\shaw
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\rjej
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ityt
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\epev
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\axyg
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\aqix
2014-04-03 14:12 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\iwis
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\uzok
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ugeg
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\inhv
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ewef
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\dded
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\awzs
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\aryv
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\aqad
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\skwf
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\oqop
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ojpx
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\idhg
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\fmkt
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ezec
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\elog
2014-04-03 14:10 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\uvol
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\otoz
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\oklh
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ofes
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ocos
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\icyt
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ewum
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\eveg
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\eloq
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\aqax
2014-04-03 14:09 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ylix
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ubom
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ipir
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\efjh
2014-04-03 13:12 - 2014-01-28 10:37 - 00000000 ____D () C:\ProgramData\Sun
2014-04-03 13:11 - 2010-11-21 05:47 - 00941858 _____ () C:\Windows\PFRO.log
2014-04-03 11:05 - 2014-04-03 11:05 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{CAC68900-655D-41C8-B222-3D2CFA1EC8E4}
2014-04-03 09:22 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-03 09:20 - 2014-04-02 17:13 - 00000000 ____D () C:\Windows\erdnt
2014-04-02 16:57 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\TAG
2014-04-02 16:48 - 2014-04-02 16:48 - 00001974 _____ () C:\Users\Public\Desktop\A1 Dashboard.lnk
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\Sierra Wireless
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Program Files (x86)\A1 Dashboard
2014-04-02 16:45 - 2013-04-05 12:01 - 00090136 _____ () C:\Users\landumhollabrunn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-02 16:44 - 2009-07-14 06:45 - 00351552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-02 16:43 - 2014-04-02 16:11 - 00000000 ____D () C:\ProgramData\Vodafone
2014-04-02 16:17 - 2014-04-02 16:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-04-02 16:14 - 2014-04-02 16:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Roaming\Vodafone
2014-04-02 16:12 - 2014-04-02 16:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2014-04-02 16:10 - 2014-04-02 16:10 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-02 16:09 - 2014-04-02 16:59 - 01426178 _____ () C:\Users\landumhollabrunn\Desktop\adwcleaner.exe
2014-04-02 16:09 - 2014-04-02 16:09 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\Downloaded Installations
2014-04-02 15:49 - 2014-04-02 15:49 - 00000000 ____D () C:\Program Files (x86)\Huawei technologies
2014-04-02 15:49 - 2012-03-02 20:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-02 14:10 - 2014-04-02 14:11 - 02157056 _____ (Farbar) C:\Users\landumhollabrunn\Desktop\FRST64.exe
2014-04-02 12:08 - 2014-04-02 12:08 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{D4D4BD83-A465-4628-BE50-F99B2ECE4106}
2014-04-02 11:41 - 2013-04-05 12:01 - 00000000 ____D () C:\Users\landumhollabrunn
2014-04-02 11:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-01 08:48 - 2014-04-01 08:48 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{59848102-330C-4FE5-AABD-F9F020FC7EB2}
2014-03-31 10:52 - 2014-03-31 10:49 - 00000000 ____D () C:\Users\landumhollabrunn\Desktop\Siegerwein
2014-03-31 09:01 - 2014-03-31 09:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{CAE9EA0C-B471-475F-85B2-78941E001E17}
2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{4C681DBC-2746-4DB9-B59A-7252ACFF6964}
2014-03-27 14:39 - 2014-03-27 14:37 - 00000000 ____D () C:\AdwCleaner
2014-03-27 14:15 - 2014-03-27 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 09:44 - 2014-03-27 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3B581A92-C415-4CD1-9998-7DE823F1F6E2}
2014-03-26 10:33 - 2013-04-08 09:45 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 10:33 - 2013-04-08 09:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 10:33 - 2013-04-08 09:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-26 09:54 - 2014-03-26 09:53 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{88F9F5EF-FA11-441F-A765-4B2096E914C8}
2014-03-25 09:13 - 2014-03-25 09:13 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{90A3350E-AAB3-4D60-9785-F16D173F445E}
2014-03-24 10:00 - 2014-03-24 10:00 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DBF45460-D52B-4337-ACD8-7F7D4C48FB00}
2014-03-21 09:33 - 2014-03-21 09:32 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{447E48D2-D74F-47A9-BBB8-75D974A3201C}
2014-03-19 10:29 - 2014-03-19 10:29 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{B1BBBE17-7F4F-4044-8B3B-2EF03E3BF39A}
2014-03-18 09:12 - 2014-03-18 09:12 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{A71E70F9-6789-4F28-AAB9-E2EB0421E10E}
2014-03-17 11:20 - 2014-03-17 11:20 - 00001543 _____ () C:\Users\landumhollabrunn\AppData\Local\recently-used.xbel
2014-03-17 11:20 - 2013-09-02 09:34 - 00000000 ____D () C:\Users\landumhollabrunn\.gimp-2.8
2014-03-17 09:26 - 2014-03-17 09:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{39321BCF-8928-477F-9C5A-E7A0715923A5}
2014-03-14 12:08 - 2013-04-08 16:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 12:08 - 2013-04-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 12:05 - 2013-04-08 09:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 10:14 - 2014-03-14 10:14 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{9CAF92FB-63F9-4650-897F-262D57E904F0}
2014-03-13 09:18 - 2014-03-13 09:18 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{E12FD4C4-9A32-438F-AA30-419D45349138}
2014-03-12 11:29 - 2013-09-02 09:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 11:29 - 2013-04-08 13:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 11:29 - 2013-04-08 13:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 09:44 - 2014-03-12 09:44 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{DA97A697-88E1-4F2D-B9B1-7FC1AF83655A}
2014-03-11 10:52 - 2013-01-20 15:59 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{8BFB0828-F46E-42F0-8CCD-204F374666D4}
2014-03-10 09:17 - 2014-03-10 09:17 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{711BF6FB-AAF0-44A5-8532-23D388F4E9AD}
2014-03-07 10:20 - 2014-03-07 10:20 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{56156112-1BB8-4EA5-BA8C-D5D5739FB7BB}
2014-03-06 12:15 - 2013-04-05 12:01 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\Windows Live
2014-03-06 10:26 - 2014-03-06 10:26 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{EAF36207-84D1-4451-BC3B-8C52FF3D95A0}
2014-03-05 09:58 - 2014-03-05 09:58 - 00000000 ____D () C:\Users\landumhollabrunn\AppData\Local\{3BDD6960-547E-4615-B78A-E41164F128DD}
2014-03-05 09:26 - 2014-04-03 15:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 15:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-03 15:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 13:23

==================== End Of Log ============================
         

Alt 04.04.2014, 09:56   #11
Bootsektor
Ruhe in Frieden
† 2019
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hallo Ohtarwen,

das sieht nicht nett aus.

Wir müssen da tiefer schauen.
Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alt 04.04.2014, 10:25   #12
Ohtarwen
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hei, Sandra! Ich bin so froh, dass du mir dabei hilfst! Leider habe ich mit Trojanern überhaupt keine Erfahrung. Werden wir ihn weg kriegen?

killer-log:

Code:
ATTFilter
11:17:11.0677 3260  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:17:15.0936 3260  ============================================================
11:17:15.0936 3260  Current date / time: 2014/04/04 11:17:15.0936
11:17:15.0936 3260  SystemInfo:
11:17:15.0936 3260  
11:17:15.0936 3260  OS Version: 6.1.7601 ServicePack: 1.0
11:17:15.0936 3260  Product type: Workstation
11:17:15.0936 3260  ComputerName: LANDUMHOLLABRUN
11:17:15.0936 3260  UserName: landumhollabrunn
11:17:15.0936 3260  Windows directory: C:\Windows
11:17:15.0936 3260  System windows directory: C:\Windows
11:17:15.0936 3260  Running under WOW64
11:17:15.0936 3260  Processor architecture: Intel x64
11:17:15.0936 3260  Number of processors: 4
11:17:15.0936 3260  Page size: 0x1000
11:17:15.0936 3260  Boot type: Normal boot
11:17:15.0936 3260  ============================================================
11:17:16.0654 3260  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:17:16.0654 3260  ============================================================
11:17:16.0654 3260  \Device\Harddisk0\DR0:
11:17:16.0654 3260  MBR partitions:
11:17:16.0669 3260  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x401800, BlocksNum 0x38182800
11:17:16.0716 3260  ============================================================
11:17:16.0763 3260  C: <-> \Device\Harddisk0\DR0\Partition1
11:17:16.0763 3260  ============================================================
11:17:16.0763 3260  Initialize success
11:17:16.0763 3260  ============================================================
11:17:29.0009 0420  ============================================================
11:17:29.0009 0420  Scan started
11:17:29.0009 0420  Mode: Manual; SigCheck; TDLFS; 
11:17:29.0009 0420  ============================================================
11:17:29.0212 0420  ================ Scan system memory ========================
11:17:29.0212 0420  System memory - ok
11:17:29.0212 0420  ================ Scan services =============================
11:17:29.0462 0420  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:17:29.0571 0420  1394ohci - ok
11:17:29.0649 0420  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:17:29.0696 0420  ACPI - ok
11:17:29.0711 0420  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:17:29.0758 0420  AcpiPmi - ok
11:17:29.0852 0420  [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:17:29.0883 0420  AdobeARMservice - ok
11:17:30.0008 0420  [ 9D96B0D5855FD1B98023B3EEC9F06786 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:17:30.0023 0420  AdobeFlashPlayerUpdateSvc - ok
11:17:30.0086 0420  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:17:30.0132 0420  adp94xx - ok
11:17:30.0164 0420  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:17:30.0195 0420  adpahci - ok
11:17:30.0226 0420  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:17:30.0257 0420  adpu320 - ok
11:17:30.0288 0420  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:17:30.0382 0420  AeLookupSvc - ok
11:17:30.0444 0420  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
11:17:30.0491 0420  AFD - ok
11:17:30.0554 0420  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
11:17:30.0616 0420  AgereSoftModem - ok
11:17:30.0632 0420  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:17:30.0663 0420  agp440 - ok
11:17:30.0694 0420  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:17:30.0725 0420  ALG - ok
11:17:30.0772 0420  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:17:30.0788 0420  aliide - ok
11:17:30.0819 0420  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:17:30.0850 0420  amdide - ok
11:17:30.0897 0420  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:17:30.0928 0420  AmdK8 - ok
11:17:30.0944 0420  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:17:30.0975 0420  AmdPPM - ok
11:17:31.0006 0420  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:17:31.0037 0420  amdsata - ok
11:17:31.0068 0420  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:17:31.0100 0420  amdsbs - ok
11:17:31.0115 0420  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:17:31.0146 0420  amdxata - ok
11:17:31.0178 0420  [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
11:17:31.0209 0420  AMPPAL - ok
11:17:31.0224 0420  [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
11:17:31.0256 0420  AMPPALP - ok
11:17:31.0349 0420  [ AB6E5B9333101E414D8F04BC570064F1 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:17:31.0412 0420  AMPPALR3 - ok
11:17:31.0474 0420  [ 30D30599C487D691BD705868F709E375 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
11:17:31.0505 0420  ApfiltrService - ok
11:17:31.0552 0420  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:17:31.0646 0420  AppID - ok
11:17:31.0661 0420  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:17:31.0755 0420  AppIDSvc - ok
11:17:31.0802 0420  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
11:17:31.0833 0420  Appinfo - ok
11:17:31.0880 0420  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:17:31.0911 0420  arc - ok
11:17:31.0926 0420  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:17:31.0958 0420  arcsas - ok
11:17:32.0067 0420  [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:17:32.0098 0420  aspnet_state - ok
11:17:32.0114 0420  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:17:32.0207 0420  AsyncMac - ok
11:17:32.0254 0420  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:17:32.0270 0420  atapi - ok
11:17:32.0316 0420  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:17:32.0426 0420  AudioEndpointBuilder - ok
11:17:32.0441 0420  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:17:32.0550 0420  AudioSrv - ok
11:17:32.0582 0420  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:17:32.0628 0420  AxInstSV - ok
11:17:32.0675 0420  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:17:32.0722 0420  b06bdrv - ok
11:17:32.0753 0420  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:17:32.0800 0420  b57nd60a - ok
11:17:32.0847 0420  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:17:32.0862 0420  BDESVC - ok
11:17:32.0894 0420  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:17:32.0972 0420  Beep - ok
11:17:33.0034 0420  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:17:33.0081 0420  BFE - ok
11:17:33.0143 0420  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
11:17:33.0252 0420  BITS - ok
11:17:33.0284 0420  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:17:33.0315 0420  blbdrive - ok
11:17:33.0408 0420  [ 05981C3E51D827ED6B8101A54B05E392 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:17:33.0471 0420  Bluetooth Device Monitor - ok
11:17:33.0518 0420  [ BBFAF63BF768047FE2441B4139E803E3 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
11:17:33.0580 0420  Bluetooth Media Service - ok
11:17:33.0642 0420  [ 41D8F56E6BBE0111244D87BE2FA90374 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:17:33.0705 0420  Bluetooth OBEX Service - ok
11:17:33.0736 0420  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:17:33.0767 0420  bowser - ok
11:17:33.0814 0420  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:17:33.0845 0420  BrFiltLo - ok
11:17:33.0861 0420  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:17:33.0908 0420  BrFiltUp - ok
11:17:33.0923 0420  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:17:34.0017 0420  BridgeMP - ok
11:17:34.0048 0420  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:17:34.0079 0420  Browser - ok
11:17:34.0126 0420  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:17:34.0157 0420  Brserid - ok
11:17:34.0188 0420  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:17:34.0220 0420  BrSerWdm - ok
11:17:34.0235 0420  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:17:34.0266 0420  BrUsbMdm - ok
11:17:34.0282 0420  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:17:34.0313 0420  BrUsbSer - ok
11:17:34.0360 0420  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:17:34.0391 0420  BthEnum - ok
11:17:34.0407 0420  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:17:34.0454 0420  BTHMODEM - ok
11:17:34.0469 0420  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:17:34.0516 0420  BthPan - ok
11:17:34.0547 0420  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:17:34.0594 0420  BTHPORT - ok
11:17:34.0641 0420  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:17:34.0719 0420  bthserv - ok
11:17:34.0750 0420  [ 588762F716C2B7A2054AFBC3D58E5C21 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:17:34.0766 0420  BTHSSecurityMgr - ok
11:17:34.0797 0420  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:17:34.0828 0420  BTHUSB - ok
11:17:34.0875 0420  [ 988CC6CC49303665D3B2435C51505C3F ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
11:17:34.0890 0420  btmaux - ok
11:17:34.0953 0420  [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
11:17:35.0000 0420  btmhsf - ok
11:17:35.0015 0420  catchme - ok
11:17:35.0046 0420  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:17:35.0140 0420  cdfs - ok
11:17:35.0187 0420  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:17:35.0218 0420  cdrom - ok
11:17:35.0265 0420  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:17:35.0343 0420  CertPropSvc - ok
11:17:35.0374 0420  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:17:35.0405 0420  circlass - ok
11:17:35.0436 0420  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:17:35.0468 0420  CLFS - ok
11:17:35.0546 0420  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:17:35.0577 0420  clr_optimization_v2.0.50727_32 - ok
11:17:35.0608 0420  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:17:35.0639 0420  clr_optimization_v2.0.50727_64 - ok
11:17:35.0702 0420  [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:17:35.0733 0420  clr_optimization_v4.0.30319_32 - ok
11:17:35.0764 0420  [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:17:35.0780 0420  clr_optimization_v4.0.30319_64 - ok
11:17:35.0826 0420  [ E13A438F9E51DD034730678E33B73290 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
11:17:35.0858 0420  clwvd - ok
11:17:35.0889 0420  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:17:35.0920 0420  CmBatt - ok
11:17:35.0936 0420  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:17:35.0967 0420  cmdide - ok
11:17:36.0014 0420  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
11:17:36.0076 0420  CNG - ok
11:17:36.0123 0420  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:17:36.0138 0420  Compbatt - ok
11:17:36.0185 0420  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:17:36.0216 0420  CompositeBus - ok
11:17:36.0232 0420  COMSysApp - ok
11:17:36.0294 0420  [ DD5EBBE0210A9F751F6692B200EBC2B0 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
11:17:36.0341 0420  cphs - ok
11:17:36.0372 0420  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:17:36.0404 0420  crcdisk - ok
11:17:36.0450 0420  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:17:36.0482 0420  CryptSvc - ok
11:17:36.0528 0420  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:17:36.0638 0420  DcomLaunch - ok
11:17:36.0669 0420  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:17:36.0778 0420  defragsvc - ok
11:17:36.0778 0420  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:17:36.0872 0420  DfsC - ok
11:17:36.0903 0420  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:17:36.0950 0420  Dhcp - ok
11:17:36.0996 0420  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:17:37.0074 0420  discache - ok
11:17:37.0121 0420  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:17:37.0152 0420  Disk - ok
11:17:37.0184 0420  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:17:37.0215 0420  Dnscache - ok
11:17:37.0246 0420  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:17:37.0340 0420  dot3svc - ok
11:17:37.0355 0420  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:17:37.0449 0420  DPS - ok
11:17:37.0496 0420  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:17:37.0527 0420  drmkaud - ok
11:17:37.0589 0420  [ 2BF965A3B9A525587589EBB270B68263 ] DTSAudioSvc     C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
11:17:37.0652 0420  DTSAudioSvc - ok
11:17:37.0714 0420  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:17:37.0776 0420  DXGKrnl - ok
11:17:37.0808 0420  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:17:37.0901 0420  EapHost - ok
11:17:38.0010 0420  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:17:38.0135 0420  ebdrv - ok
11:17:38.0166 0420  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
11:17:38.0198 0420  EFS - ok
11:17:38.0260 0420  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:17:38.0307 0420  ehRecvr - ok
11:17:38.0322 0420  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:17:38.0354 0420  ehSched - ok
11:17:38.0400 0420  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:17:38.0447 0420  elxstor - ok
11:17:38.0463 0420  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:17:38.0494 0420  ErrDev - ok
11:17:38.0556 0420  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:17:38.0650 0420  EventSystem - ok
11:17:38.0728 0420  [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:17:38.0775 0420  EvtEng - ok
11:17:38.0822 0420  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:17:38.0915 0420  exfat - ok
11:17:38.0946 0420  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:17:39.0040 0420  fastfat - ok
11:17:39.0087 0420  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:17:39.0134 0420  Fax - ok
11:17:39.0165 0420  [ 9955BF48FD2FA8D481848CD3024EDD0B ] FBIOSDRV        C:\Windows\system32\Drivers\FBIOSDRV.sys
11:17:39.0196 0420  FBIOSDRV - ok
11:17:39.0212 0420  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:17:39.0243 0420  fdc - ok
11:17:39.0258 0420  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:17:39.0352 0420  fdPHost - ok
11:17:39.0368 0420  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:17:39.0461 0420  FDResPub - ok
11:17:39.0477 0420  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:17:39.0508 0420  FileInfo - ok
11:17:39.0524 0420  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:17:39.0617 0420  Filetrace - ok
11:17:39.0648 0420  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:17:39.0680 0420  flpydisk - ok
11:17:39.0711 0420  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:17:39.0742 0420  FltMgr - ok
11:17:39.0820 0420  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:17:39.0867 0420  FontCache - ok
11:17:39.0929 0420  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:17:39.0945 0420  FontCache3.0.0.0 - ok
11:17:39.0976 0420  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:17:40.0007 0420  FsDepends - ok
11:17:40.0054 0420  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:17:40.0085 0420  Fs_Rec - ok
11:17:40.0101 0420  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1         C:\Windows\system32\drivers\FUJ02B1.sys
11:17:40.0132 0420  FUJ02B1 - ok
11:17:40.0148 0420  [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3         C:\Windows\system32\drivers\FUJ02E3.sys
11:17:40.0163 0420  FUJ02E3 - ok
11:17:40.0241 0420  [ C22CBEFB9CEDAD798F8EFB60D8E7D330 ] FUJ02E3Service  C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
11:17:40.0257 0420  FUJ02E3Service - ok
11:17:40.0319 0420  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:17:40.0350 0420  fvevol - ok
11:17:40.0382 0420  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:17:40.0413 0420  gagp30kx - ok
11:17:40.0460 0420  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:17:40.0569 0420  gpsvc - ok
11:17:40.0600 0420  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:17:40.0631 0420  hcw85cir - ok
11:17:40.0678 0420  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:17:40.0725 0420  HdAudAddService - ok
11:17:40.0756 0420  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:17:40.0787 0420  HDAudBus - ok
11:17:40.0803 0420  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:17:40.0834 0420  HidBatt - ok
11:17:40.0850 0420  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:17:40.0896 0420  HidBth - ok
11:17:40.0928 0420  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:17:40.0959 0420  HidIr - ok
11:17:40.0990 0420  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
11:17:41.0084 0420  hidserv - ok
11:17:41.0130 0420  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:17:41.0162 0420  HidUsb - ok
11:17:41.0193 0420  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:17:41.0271 0420  hkmsvc - ok
11:17:41.0302 0420  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:17:41.0333 0420  HomeGroupListener - ok
11:17:41.0364 0420  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:17:41.0396 0420  HomeGroupProvider - ok
11:17:41.0442 0420  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:17:41.0474 0420  HpSAMD - ok
11:17:41.0520 0420  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:17:41.0630 0420  HTTP - ok
11:17:41.0645 0420  huawei_enumerator - ok
11:17:41.0692 0420  [ CE93B8AF848FE2AA44455A4769C1BC8A ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:17:41.0723 0420  hwdatacard - ok
11:17:41.0739 0420  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:17:41.0770 0420  hwpolicy - ok
11:17:41.0817 0420  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:17:41.0848 0420  i8042prt - ok
11:17:41.0879 0420  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\drivers\iaStor.sys
11:17:41.0926 0420  iaStor - ok
11:17:41.0973 0420  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:17:42.0004 0420  iaStorV - ok
11:17:42.0051 0420  [ 9E3D44CE737388F6BBBB6DD4A1C1847C ] ibtfltcoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
11:17:42.0082 0420  ibtfltcoex - ok
11:17:42.0144 0420  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:17:42.0207 0420  idsvc - ok
11:17:42.0238 0420  IEEtwCollectorService - ok
11:17:42.0706 0420  [ 11BA677667432A99CA261A472A2C29B8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:17:43.0112 0420  igfx - ok
11:17:43.0174 0420  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:17:43.0205 0420  iirsp - ok
11:17:43.0236 0420  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:17:43.0299 0420  IKEEXT - ok
11:17:43.0470 0420  [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:17:43.0673 0420  IntcAzAudAddService - ok
11:17:43.0767 0420  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
11:17:43.0798 0420  IntcDAud - ok
11:17:43.0860 0420  [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:17:43.0907 0420  Intel(R) Capability Licensing Service Interface - ok
11:17:43.0923 0420  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:17:43.0954 0420  intelide - ok
11:17:43.0985 0420  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:17:44.0016 0420  intelppm - ok
11:17:44.0063 0420  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:17:44.0157 0420  IPBusEnum - ok
11:17:44.0188 0420  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:17:44.0282 0420  IpFilterDriver - ok
11:17:44.0328 0420  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:17:44.0375 0420  iphlpsvc - ok
11:17:44.0406 0420  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:17:44.0438 0420  IPMIDRV - ok
11:17:44.0438 0420  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:17:44.0531 0420  IPNAT - ok
11:17:44.0562 0420  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:17:44.0609 0420  IRENUM - ok
11:17:44.0625 0420  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:17:44.0640 0420  isapnp - ok
11:17:44.0672 0420  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:17:44.0703 0420  iScsiPrt - ok
11:17:44.0734 0420  [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
11:17:44.0765 0420  iusb3hcs - ok
11:17:44.0812 0420  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\drivers\iusb3hub.sys
11:17:44.0843 0420  iusb3hub - ok
11:17:44.0890 0420  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\drivers\iusb3xhc.sys
11:17:44.0937 0420  iusb3xhc - ok
11:17:45.0046 0420  [ 3628933AF5305EAB8173949BFF912F04 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:17:45.0062 0420  jhi_service - ok
11:17:45.0108 0420  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:17:45.0124 0420  kbdclass - ok
11:17:45.0171 0420  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:17:45.0202 0420  kbdhid - ok
11:17:45.0218 0420  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
11:17:45.0249 0420  KeyIso - ok
11:17:45.0280 0420  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:17:45.0311 0420  KSecDD - ok
11:17:45.0327 0420  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:17:45.0358 0420  KSecPkg - ok
11:17:45.0389 0420  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:17:45.0467 0420  ksthunk - ok
11:17:45.0514 0420  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:17:45.0608 0420  KtmRm - ok
11:17:45.0670 0420  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:17:45.0764 0420  LanmanServer - ok
11:17:45.0795 0420  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:17:45.0888 0420  LanmanWorkstation - ok
11:17:45.0935 0420  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:17:46.0013 0420  lltdio - ok
11:17:46.0060 0420  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:17:46.0154 0420  lltdsvc - ok
11:17:46.0185 0420  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:17:46.0278 0420  lmhosts - ok
11:17:46.0325 0420  [ BF22ACF4CF3734D61357E67F0521BC03 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:17:46.0356 0420  LMS - ok
11:17:46.0388 0420  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:17:46.0419 0420  LSI_FC - ok
11:17:46.0434 0420  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:17:46.0466 0420  LSI_SAS - ok
11:17:46.0481 0420  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:17:46.0512 0420  LSI_SAS2 - ok
11:17:46.0528 0420  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:17:46.0559 0420  LSI_SCSI - ok
11:17:46.0590 0420  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:17:46.0684 0420  luafv - ok
11:17:46.0762 0420  [ 6140163BFE9D8F2DFDBA088ED5521C13 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
11:17:46.0778 0420  MBAMSwissArmy - ok
11:17:46.0809 0420  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:17:46.0840 0420  Mcx2Svc - ok
11:17:46.0856 0420  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:17:46.0887 0420  megasas - ok
11:17:46.0934 0420  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:17:46.0965 0420  MegaSR - ok
11:17:47.0012 0420  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
11:17:47.0027 0420  MEIx64 - ok
11:17:47.0074 0420  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:17:47.0168 0420  MMCSS - ok
11:17:47.0168 0420  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:17:47.0261 0420  Modem - ok
11:17:47.0277 0420  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:17:47.0324 0420  monitor - ok
11:17:47.0355 0420  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:17:47.0370 0420  mouclass - ok
11:17:47.0402 0420  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:17:47.0433 0420  mouhid - ok
11:17:47.0464 0420  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:17:47.0480 0420  mountmgr - ok
11:17:47.0526 0420  [ 9EB89625A82AC961F25E7C865947BF9A ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
11:17:47.0573 0420  MpFilter - ok
11:17:47.0604 0420  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:17:47.0636 0420  mpio - ok
11:17:47.0651 0420  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:17:47.0745 0420  mpsdrv - ok
11:17:47.0792 0420  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:17:47.0901 0420  MpsSvc - ok
11:17:47.0948 0420  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:17:47.0979 0420  MRxDAV - ok
11:17:48.0010 0420  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:17:48.0041 0420  mrxsmb - ok
11:17:48.0057 0420  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:17:48.0088 0420  mrxsmb10 - ok
11:17:48.0104 0420  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:17:48.0135 0420  mrxsmb20 - ok
11:17:48.0182 0420  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:17:48.0197 0420  msahci - ok
11:17:48.0228 0420  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:17:48.0260 0420  msdsm - ok
11:17:48.0275 0420  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:17:48.0306 0420  MSDTC - ok
11:17:48.0338 0420  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:17:48.0431 0420  Msfs - ok
11:17:48.0462 0420  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:17:48.0556 0420  mshidkmdf - ok
11:17:48.0572 0420  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:17:48.0587 0420  msisadrv - ok
11:17:48.0618 0420  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:17:48.0712 0420  MSiSCSI - ok
11:17:48.0728 0420  msiserver - ok
11:17:48.0759 0420  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:17:48.0837 0420  MSKSSRV - ok
11:17:48.0899 0420  [ 89F2AEDC2788696702141AB82C3E7866 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:17:48.0930 0420  MsMpSvc - ok
11:17:48.0962 0420  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:17:49.0040 0420  MSPCLOCK - ok
11:17:49.0071 0420  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:17:49.0164 0420  MSPQM - ok
11:17:49.0180 0420  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:17:49.0227 0420  MsRPC - ok
11:17:49.0242 0420  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:17:49.0258 0420  mssmbios - ok
11:17:49.0289 0420  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:17:49.0383 0420  MSTEE - ok
11:17:49.0414 0420  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:17:49.0445 0420  MTConfig - ok
11:17:49.0476 0420  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:17:49.0508 0420  Mup - ok
11:17:49.0554 0420  [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:17:49.0586 0420  MyWiFiDHCPDNS - ok
11:17:49.0617 0420  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:17:49.0726 0420  napagent - ok
11:17:49.0773 0420  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:17:49.0820 0420  NativeWifiP - ok
11:17:49.0882 0420  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:17:49.0944 0420  NDIS - ok
11:17:49.0960 0420  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:17:50.0054 0420  NdisCap - ok
11:17:50.0100 0420  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:17:50.0194 0420  NdisTapi - ok
11:17:50.0210 0420  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:17:50.0288 0420  Ndisuio - ok
11:17:50.0303 0420  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:17:50.0397 0420  NdisWan - ok
11:17:50.0412 0420  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:17:50.0506 0420  NDProxy - ok
11:17:50.0553 0420  [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:17:50.0568 0420  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:17:50.0568 0420  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:17:50.0600 0420  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:17:50.0693 0420  NetBIOS - ok
11:17:50.0724 0420  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:17:50.0818 0420  NetBT - ok
11:17:50.0834 0420  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
11:17:50.0865 0420  Netlogon - ok
11:17:50.0912 0420  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:17:51.0021 0420  Netman - ok
11:17:51.0083 0420  [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:51.0114 0420  NetMsmqActivator - ok
11:17:51.0130 0420  [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:51.0161 0420  NetPipeActivator - ok
11:17:51.0192 0420  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:17:51.0302 0420  netprofm - ok
11:17:51.0302 0420  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:51.0333 0420  NetTcpActivator - ok
11:17:51.0348 0420  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:51.0380 0420  NetTcpPortSharing - ok
11:17:51.0738 0420  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
11:17:52.0082 0420  NETwNs64 - ok
11:17:52.0160 0420  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:17:52.0191 0420  nfrd960 - ok
11:17:52.0238 0420  [ C3E0696C3B42F694C5822776AA6FFFDF ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:17:52.0269 0420  NisDrv - ok
11:17:52.0284 0420  [ DCEE3592299B2229A0DB98CB415059A2 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
11:17:52.0331 0420  NisSrv - ok
11:17:52.0362 0420  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:17:52.0409 0420  NlaSvc - ok
11:17:52.0440 0420  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:17:52.0518 0420  Npfs - ok
11:17:52.0550 0420  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:17:52.0643 0420  nsi - ok
11:17:52.0659 0420  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:17:52.0752 0420  nsiproxy - ok
11:17:52.0846 0420  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:17:52.0924 0420  Ntfs - ok
11:17:52.0955 0420  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:17:53.0049 0420  Null - ok
11:17:53.0064 0420  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:17:53.0096 0420  nvraid - ok
11:17:53.0111 0420  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:17:53.0142 0420  nvstor - ok
11:17:53.0174 0420  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:17:53.0205 0420  nv_agp - ok
11:17:53.0236 0420  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:17:53.0267 0420  ohci1394 - ok
11:17:53.0345 0420  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:17:53.0376 0420  ose - ok
11:17:53.0579 0420  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:17:53.0798 0420  osppsvc - ok
11:17:53.0860 0420  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:17:53.0907 0420  p2pimsvc - ok
11:17:53.0938 0420  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:17:53.0969 0420  p2psvc - ok
11:17:54.0000 0420  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
11:17:54.0032 0420  Parport - ok
11:17:54.0063 0420  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:17:54.0094 0420  partmgr - ok
11:17:54.0125 0420  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:17:54.0172 0420  PcaSvc - ok
11:17:54.0188 0420  [ B26E102E0F54773119B162F56C9DD994 ] pci             C:\Windows\system32\drivers\pci.sys
11:17:54.0219 0420  pci - ok
11:17:54.0234 0420  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:17:54.0266 0420  pciide - ok
11:17:54.0312 0420  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:17:54.0344 0420  pcmcia - ok
11:17:54.0375 0420  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:17:54.0390 0420  pcw - ok
11:17:54.0422 0420  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:17:54.0531 0420  PEAUTH - ok
11:17:54.0609 0420  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:17:54.0640 0420  PerfHost - ok
11:17:54.0780 0420  [ BC7ED522BDAA0C635925B3E674B18F70 ] PFNService      C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
11:17:54.0858 0420  PFNService ( UnsignedFile.Multi.Generic ) - warning
11:17:54.0858 0420  PFNService - detected UnsignedFile.Multi.Generic (1)
11:17:54.0905 0420  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:17:55.0046 0420  pla - ok
11:17:55.0092 0420  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:17:55.0139 0420  PlugPlay - ok
11:17:55.0186 0420  [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:17:55.0186 0420  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:17:55.0202 0420  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:17:55.0233 0420  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:17:55.0248 0420  PNRPAutoReg - ok
11:17:55.0280 0420  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:17:55.0311 0420  PNRPsvc - ok
11:17:55.0342 0420  [ 520D48ECB54A33821C95EE496A4235AF ] Point64         C:\Windows\system32\DRIVERS\point64.sys
11:17:55.0373 0420  Point64 - ok
11:17:55.0404 0420  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:17:55.0514 0420  PolicyAgent - ok
11:17:55.0545 0420  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
11:17:55.0576 0420  Power - ok
11:17:55.0638 0420  [ C90FED91A08D7D1D71E52DBDCF4D1318 ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
11:17:55.0654 0420  PowerSavingUtilityService - ok
11:17:55.0701 0420  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:17:55.0794 0420  PptpMiniport - ok
11:17:55.0810 0420  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:17:55.0841 0420  Processor - ok
11:17:55.0872 0420  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:17:55.0919 0420  ProfSvc - ok
11:17:55.0919 0420  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
11:17:55.0950 0420  ProtectedStorage - ok
11:17:55.0997 0420  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:17:56.0075 0420  Psched - ok
11:17:56.0138 0420  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:17:56.0216 0420  ql2300 - ok
11:17:56.0262 0420  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:17:56.0294 0420  ql40xx - ok
11:17:56.0325 0420  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:17:56.0372 0420  QWAVE - ok
11:17:56.0403 0420  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:17:56.0434 0420  QWAVEdrv - ok
11:17:56.0450 0420  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:17:56.0543 0420  RasAcd - ok
11:17:56.0590 0420  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:17:56.0668 0420  RasAgileVpn - ok
11:17:56.0699 0420  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:17:56.0793 0420  RasAuto - ok
11:17:56.0808 0420  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:17:56.0902 0420  Rasl2tp - ok
11:17:56.0964 0420  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:17:57.0058 0420  RasMan - ok
11:17:57.0089 0420  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:17:57.0183 0420  RasPppoe - ok
11:17:57.0183 0420  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:17:57.0276 0420  RasSstp - ok
11:17:57.0308 0420  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:17:57.0417 0420  rdbss - ok
11:17:57.0432 0420  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
11:17:57.0464 0420  rdpbus - ok
11:17:57.0510 0420  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:17:57.0588 0420  RDPCDD - ok
11:17:57.0620 0420  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:17:57.0713 0420  RDPENCDD - ok
11:17:57.0729 0420  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:17:57.0822 0420  RDPREFMP - ok
11:17:57.0854 0420  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:17:57.0885 0420  RDPWD - ok
11:17:57.0916 0420  [ A115F49BEA840A5F049BC6310F35F776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:17:57.0947 0420  rdyboost - ok
11:17:57.0994 0420  [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:17:58.0025 0420  RegSrvc - ok
11:17:58.0056 0420  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:17:58.0150 0420  RemoteAccess - ok
11:17:58.0181 0420  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:17:58.0275 0420  RemoteRegistry - ok
11:17:58.0322 0420  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:17:58.0353 0420  RFCOMM - ok
11:17:58.0384 0420  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:17:58.0478 0420  RpcEptMapper - ok
11:17:58.0509 0420  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:17:58.0540 0420  RpcLocator - ok
11:17:58.0571 0420  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:17:58.0680 0420  RpcSs - ok
11:17:58.0712 0420  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:17:58.0805 0420  rspndr - ok
11:17:58.0852 0420  [ BC5A633C5FAF056193746C1D5D95B4F2 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
11:17:58.0883 0420  RSUSBSTOR - ok
11:17:58.0930 0420  [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:17:58.0961 0420  RTL8167 - ok
11:17:58.0977 0420  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
11:17:59.0008 0420  SamSs - ok
11:17:59.0039 0420  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:17:59.0070 0420  sbp2port - ok
11:17:59.0102 0420  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:17:59.0195 0420  SCardSvr - ok
11:17:59.0226 0420  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:17:59.0320 0420  scfilter - ok
11:17:59.0367 0420  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:17:59.0492 0420  Schedule - ok
11:17:59.0523 0420  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:17:59.0616 0420  SCPolicySvc - ok
11:17:59.0663 0420  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
11:17:59.0710 0420  sdbus - ok
11:17:59.0741 0420  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:17:59.0772 0420  SDRSVC - ok
11:17:59.0804 0420  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:17:59.0897 0420  secdrv - ok
11:17:59.0913 0420  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:18:00.0006 0420  seclogon - ok
11:18:00.0038 0420  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
11:18:00.0131 0420  SENS - ok
11:18:00.0162 0420  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:18:00.0194 0420  SensrSvc - ok
11:18:00.0209 0420  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:18:00.0240 0420  Serenum - ok
11:18:00.0272 0420  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
11:18:00.0303 0420  Serial - ok
11:18:00.0334 0420  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:18:00.0365 0420  sermouse - ok
11:18:00.0396 0420  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:18:00.0490 0420  SessionEnv - ok
11:18:00.0506 0420  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:18:00.0537 0420  sffdisk - ok
11:18:00.0568 0420  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:18:00.0599 0420  sffp_mmc - ok
11:18:00.0599 0420  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:18:00.0646 0420  sffp_sd - ok
11:18:00.0662 0420  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:18:00.0693 0420  sfloppy - ok
11:18:00.0724 0420  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:18:00.0818 0420  SharedAccess - ok
11:18:00.0864 0420  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:18:00.0958 0420  ShellHWDetection - ok
11:18:01.0005 0420  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:18:01.0036 0420  SiSRaid2 - ok
11:18:01.0052 0420  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:18:01.0083 0420  SiSRaid4 - ok
11:18:01.0114 0420  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:18:01.0208 0420  Smb - ok
11:18:01.0239 0420  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:18:01.0270 0420  SNMPTRAP - ok
11:18:01.0364 0420  [ 3B39BC0A15CB630A3CE2F6B732EA8B8E ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
11:18:01.0442 0420  SNP2UVC - ok
11:18:01.0473 0420  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:18:01.0488 0420  spldr - ok
11:18:01.0520 0420  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:18:01.0566 0420  Spooler - ok
11:18:01.0691 0420  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:18:01.0878 0420  sppsvc - ok
11:18:01.0894 0420  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:18:01.0988 0420  sppuinotify - ok
11:18:02.0034 0420  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:18:02.0066 0420  srv - ok
11:18:02.0097 0420  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:18:02.0128 0420  srv2 - ok
11:18:02.0144 0420  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:18:02.0175 0420  srvnet - ok
11:18:02.0222 0420  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:18:02.0315 0420  SSDPSRV - ok
11:18:02.0331 0420  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:18:02.0424 0420  SstpSvc - ok
11:18:02.0440 0420  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:18:02.0471 0420  stexstor - ok
11:18:02.0518 0420  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:18:02.0580 0420  stisvc - ok
11:18:02.0612 0420  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:18:02.0627 0420  swenum - ok
11:18:02.0690 0420  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:18:02.0799 0420  swprv - ok
11:18:02.0861 0420  [ 7BE4CDEA6BC7832BFE3112A350D8B9EA ] SysMain         C:\Windows\system32\sysmain.dll
11:18:02.0939 0420  SysMain - ok
11:18:02.0955 0420  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:18:03.0002 0420  TabletInputService - ok
11:18:03.0095 0420  [ 830C14AACF33B93EF3EB3F7C11EDA010 ] TAG_Service     C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Service.exe
11:18:03.0126 0420  TAG_Service - ok
11:18:03.0173 0420  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:18:03.0267 0420  TapiSrv - ok
11:18:03.0298 0420  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:18:03.0392 0420  TBS - ok
11:18:03.0470 0420  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:18:03.0563 0420  Tcpip - ok
11:18:03.0626 0420  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:18:03.0719 0420  TCPIP6 - ok
11:18:03.0766 0420  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:18:03.0782 0420  tcpipreg - ok
11:18:03.0828 0420  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:18:03.0860 0420  TDPIPE - ok
11:18:03.0891 0420  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:18:03.0922 0420  TDTCP - ok
11:18:03.0953 0420  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:18:04.0047 0420  tdx - ok
11:18:04.0062 0420  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:18:04.0094 0420  TermDD - ok
11:18:04.0140 0420  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:18:04.0250 0420  TermService - ok
11:18:04.0281 0420  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:18:04.0328 0420  Themes - ok
11:18:04.0343 0420  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:18:04.0437 0420  THREADORDER - ok
11:18:04.0484 0420  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:18:04.0577 0420  TrkWks - ok
11:18:04.0624 0420  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:18:04.0718 0420  TrustedInstaller - ok
11:18:04.0749 0420  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:18:04.0780 0420  tssecsrv - ok
11:18:04.0811 0420  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:18:04.0842 0420  TsUsbFlt - ok
11:18:04.0858 0420  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:18:04.0889 0420  TsUsbGD - ok
11:18:04.0920 0420  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:18:05.0014 0420  tunnel - ok
11:18:05.0030 0420  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:18:05.0061 0420  uagp35 - ok
11:18:05.0092 0420  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:18:05.0186 0420  udfs - ok
11:18:05.0217 0420  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:18:05.0264 0420  UI0Detect - ok
11:18:05.0295 0420  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:18:05.0310 0420  uliagpkx - ok
11:18:05.0357 0420  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:18:05.0388 0420  umbus - ok
11:18:05.0420 0420  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:18:05.0451 0420  UmPass - ok
11:18:05.0544 0420  [ B097EBA0E3FEB020BB65FE43AF5ECCFF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:18:05.0591 0420  UNS - ok
11:18:05.0622 0420  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:18:05.0732 0420  upnphost - ok
11:18:05.0747 0420  [ 91D3C92A44FC682DD791147604E79152 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:18:05.0778 0420  usbccgp - ok
11:18:05.0810 0420  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:18:05.0841 0420  usbcir - ok
11:18:05.0872 0420  [ F7FFDF2A1D19A76A87759126B244C816 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:18:05.0903 0420  usbehci - ok
11:18:05.0934 0420  [ 245FE7FC634D6A993E682E0A9EBA4ABB ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:18:05.0966 0420  usbhub - ok
11:18:05.0997 0420  [ C1A8966E0D09BFB501045105B30D86F2 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:18:06.0012 0420  usbohci - ok
11:18:06.0059 0420  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
11:18:06.0090 0420  usbprint - ok
11:18:06.0106 0420  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:18:06.0137 0420  USBSTOR - ok
11:18:06.0153 0420  [ 2E682DCE4319A90E02A327F8A427544A ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:18:06.0184 0420  usbuhci - ok
11:18:06.0215 0420  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:18:06.0246 0420  usbvideo - ok
11:18:06.0278 0420  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:18:06.0371 0420  UxSms - ok
11:18:06.0402 0420  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
11:18:06.0434 0420  VaultSvc - ok
11:18:06.0465 0420  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:18:06.0496 0420  vdrvroot - ok
11:18:06.0527 0420  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:18:06.0636 0420  vds - ok
11:18:06.0652 0420  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:18:06.0683 0420  vga - ok
11:18:06.0699 0420  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:18:06.0792 0420  VgaSave - ok
11:18:06.0824 0420  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:18:06.0855 0420  vhdmp - ok
11:18:06.0886 0420  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:18:06.0902 0420  viaide - ok
11:18:06.0948 0420  [ 1E4D31FEC921300C5F262C52F5FCC666 ] vodafone_K3805-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
11:18:06.0964 0420  vodafone_K3805-z_dc_enum - ok
11:18:06.0995 0420  [ 071E1B172D49154EE1D23A2ACC472EFB ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:18:07.0026 0420  volmgr - ok
11:18:07.0058 0420  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:18:07.0089 0420  volmgrx - ok
11:18:07.0120 0420  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:18:07.0151 0420  volsnap - ok
11:18:07.0182 0420  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:18:07.0214 0420  vsmraid - ok
11:18:07.0292 0420  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:18:07.0416 0420  VSS - ok
11:18:07.0432 0420  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:18:07.0479 0420  vwifibus - ok
11:18:07.0494 0420  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:18:07.0541 0420  vwififlt - ok
11:18:07.0572 0420  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
11:18:07.0619 0420  vwifimp - ok
11:18:07.0650 0420  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:18:07.0760 0420  W32Time - ok
11:18:07.0791 0420  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:18:07.0822 0420  WacomPen - ok
11:18:07.0853 0420  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:18:07.0947 0420  WANARP - ok
11:18:07.0962 0420  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:18:08.0056 0420  Wanarpv6 - ok
11:18:08.0134 0420  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:18:08.0196 0420  WatAdminSvc - ok
11:18:08.0274 0420  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:18:08.0352 0420  wbengine - ok
11:18:08.0384 0420  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:18:08.0430 0420  WbioSrvc - ok
11:18:08.0462 0420  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:18:08.0508 0420  wcncsvc - ok
11:18:08.0555 0420  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:18:08.0586 0420  WcsPlugInService - ok
11:18:08.0602 0420  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:18:08.0633 0420  Wd - ok
11:18:08.0680 0420  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:18:08.0742 0420  Wdf01000 - ok
11:18:08.0774 0420  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:18:08.0820 0420  WdiServiceHost - ok
11:18:08.0836 0420  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:18:08.0883 0420  WdiSystemHost - ok
11:18:08.0914 0420  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
11:18:08.0961 0420  WebClient - ok
11:18:08.0976 0420  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:18:09.0070 0420  Wecsvc - ok
11:18:09.0086 0420  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:18:09.0179 0420  wercplsupport - ok
11:18:09.0226 0420  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:18:09.0320 0420  WerSvc - ok
11:18:09.0351 0420  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:18:09.0429 0420  WfpLwf - ok
11:18:09.0460 0420  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:18:09.0491 0420  WIMMount - ok
11:18:09.0507 0420  WinDefend - ok
11:18:09.0522 0420  WinHttpAutoProxySvc - ok
11:18:09.0585 0420  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:18:09.0678 0420  Winmgmt - ok
11:18:09.0772 0420  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:18:09.0928 0420  WinRM - ok
11:18:10.0006 0420  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:18:10.0037 0420  WinUsb - ok
11:18:10.0084 0420  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:18:10.0162 0420  Wlansvc - ok
11:18:10.0224 0420  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:18:10.0240 0420  wlcrasvc - ok
11:18:10.0349 0420  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:18:10.0458 0420  wlidsvc - ok
11:18:10.0490 0420  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:18:10.0521 0420  WmiAcpi - ok
11:18:10.0552 0420  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:18:10.0583 0420  wmiApSrv - ok
11:18:10.0614 0420  WMPNetworkSvc - ok
11:18:10.0661 0420  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:18:10.0692 0420  WPCSvc - ok
11:18:10.0724 0420  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:18:10.0755 0420  WPDBusEnum - ok
11:18:10.0786 0420  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:18:10.0880 0420  ws2ifsl - ok
11:18:10.0895 0420  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
11:18:10.0942 0420  wscsvc - ok
11:18:10.0973 0420  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:18:11.0004 0420  WSDPrintDevice - ok
11:18:11.0020 0420  WSearch - ok
11:18:11.0114 0420  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:18:11.0238 0420  wuauserv - ok
11:18:11.0270 0420  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:18:11.0301 0420  WudfPf - ok
11:18:11.0332 0420  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:18:11.0363 0420  WUDFRd - ok
11:18:11.0379 0420  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:18:11.0410 0420  wudfsvc - ok
11:18:11.0441 0420  [ 04F82965C09CBDF646B487E145060301 ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:18:11.0472 0420  WwanSvc - ok
11:18:11.0519 0420  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
11:18:11.0566 0420  yukonw7 - ok
11:18:11.0644 0420  [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
11:18:11.0691 0420  ZeroConfigService - ok
11:18:11.0722 0420  ================ Scan global ===============================
11:18:11.0753 0420  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:18:11.0784 0420  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
11:18:11.0800 0420  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
11:18:11.0831 0420  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:18:11.0862 0420  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:18:11.0878 0420  [Global] - ok
11:18:11.0878 0420  ================ Scan MBR ==================================
11:18:11.0894 0420  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:18:13.0001 0420  \Device\Harddisk0\DR0 - ok
11:18:13.0001 0420  ================ Scan VBR ==================================
11:18:13.0017 0420  [ 4AEFA2A1F6DBE1D79B2F00A64981A6B6 ] \Device\Harddisk0\DR0\Partition1
11:18:13.0017 0420  \Device\Harddisk0\DR0\Partition1 - ok
11:18:13.0017 0420  ============================================================
11:18:13.0017 0420  Scan finished
11:18:13.0017 0420  ============================================================
11:18:13.0048 2496  Detected object count: 3
11:18:13.0048 2496  Actual detected object count: 3
11:19:33.0217 2496  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:33.0217 2496  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:19:33.0217 2496  PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:33.0217 2496  PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:19:33.0217 2496  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:33.0217 2496  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 04.04.2014, 10:33   #13
Bootsektor
Ruhe in Frieden
† 2019
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hallo Ohtarwen

Zitat:
Werden wir ihn weg kriegen?
Das hoffe ich doch sehr. Was du auf jeden Fall machen musst, ist nach dieser Bereinigung sämtliche Passwörter ändern.

Ich melde mich heute abend mit einer Fixlist wieder. Die wird etwas länger.

Alt 04.04.2014, 11:01   #14
Ohtarwen
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Zitat:
Das hoffe ich doch sehr.
Ich harre der Dinge, die da kommen werden. ;-)
An die Passwörter habe ich schon gedacht, alles klar, das mach ich dann.
Bis später!

Alt 04.04.2014, 20:25   #15
Bootsektor
Ruhe in Frieden
† 2019
 
Hesperbot nach Telebanking - Standard

Hesperbot nach Telebanking



Hallo Ohtarwen,

TDSS-Killer ist sauber, sehr schön.

Hast du denn jetzt noch Probleme mit dem Rechner?
Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
2014-04-03 15:27 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\icuf
2014-04-03 15:25 - 2014-04-03 15:25 - 00000000 ____D () C:\ProgramData\usjk
2014-04-03 15:25 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\kghd
2014-04-03 15:25 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\okew
2014-04-03 15:25 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ozet
2014-04-03 15:25 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\yjil
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\ynyp
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\oqup
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\objm
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\jjun
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\imif
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\exqr
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\equg
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\axaq
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\ProgramData\alan
2014-04-03 15:24 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\uznm
2014-04-03 15:24 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\ujen
2014-04-03 15:24 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ufow
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ysab
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhyw
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhys
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\yhis
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\xlug
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\uwum
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ipaj
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\inyv
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\engx
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ejed
2014-04-03 15:23 - 2014-04-03 15:23 - 00000000 ____D () C:\ProgramData\ahiw
2014-04-03 15:23 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\epuq
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\xluv
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\ufjh
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\olep
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\knaq
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\gmos
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\exuj
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\btaw
2014-04-03 15:22 - 2014-04-03 15:22 - 00000000 ____D () C:\ProgramData\agyx
2014-04-03 15:22 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ebum
2014-04-03 15:22 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\oqep
2014-04-03 15:22 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ozoc
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\yjyl
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\uron
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\owut
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\odpn
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ixaq
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\iril
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ipix
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ific
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\ProgramData\ekez
2014-04-03 15:21 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\owef
2014-04-03 15:21 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ozum
2014-04-03 15:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\ejen
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\yvid
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\yfim
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\uhut
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\rdox
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\oveg
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\jxur
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\jjoj
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\ifyt
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\ProgramData\etow
2014-04-03 15:20 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ohuf
2014-04-03 15:20 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ehem
2014-04-03 15:20 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\udon
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\yktk
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\ygix
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\ycik
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\upug
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\onex
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\oceb
2014-04-03 15:19 - 2014-04-03 15:19 - 00000000 ____D () C:\ProgramData\aziw
2014-04-03 15:19 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\asyw
2014-04-03 15:19 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\etus
2014-04-03 15:19 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ycym
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\ywas
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\uvov
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\usuk
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\uqep
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\obot
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\lmob
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\ikam
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\awtw
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\araq
2014-04-03 15:18 - 2014-04-03 15:18 - 00000000 ____D () C:\ProgramData\anap
2014-04-03 15:18 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\efos
2014-04-03 15:18 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\omow
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\vlep
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\uned
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\ipyj
2014-04-03 15:17 - 2014-04-03 15:17 - 00000000 ____D () C:\ProgramData\akyt
2014-04-03 15:17 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\axag
2014-04-03 15:17 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ykam
2014-04-03 15:17 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\izyw
2014-04-03 15:17 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\emeb
2014-04-03 15:17 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ipid
2014-04-03 15:17 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\axil
2014-04-03 15:17 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ylan
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\uwut
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\utgh
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ufub
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ixav
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\idav
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\idal
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ekeh
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\ebek
2014-04-03 15:16 - 2014-04-03 15:16 - 00000000 ____D () C:\ProgramData\avir
2014-04-03 15:16 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ylyn
2014-04-03 15:16 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\ecuw
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ylij
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ugqg
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\okoz
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ofuh
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\ifzc
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\ProgramData\egep
2014-04-03 15:15 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\ymaf
2014-04-03 15:15 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\ywaw
2014-04-03 15:15 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\adig
2014-04-03 15:15 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\ifym
2014-04-03 15:15 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ymam
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\unun
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\otnh
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\ofoz
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\azys
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\azah
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\awib
2014-04-03 15:14 - 2014-04-03 15:14 - 00000000 ____D () C:\ProgramData\asih
2014-04-03 15:14 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\lsom
2014-04-03 15:14 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\ipij
2014-04-03 15:14 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\yxip
2014-04-03 15:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\upel
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\upol
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\ugov
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\oxun
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\oxor
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\jnjn
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\hxil
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\enor
2014-04-03 15:13 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\bsbs
2014-04-03 15:13 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\orej
2014-04-03 15:13 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\ohef
2014-04-03 15:13 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\avaj
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ypin
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\otlb
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\oboc
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\jfgs
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\idyq
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\ezjf
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\dwqc
2014-04-03 15:12 - 2014-04-03 15:12 - 00000000 ____D () C:\ProgramData\awih
2014-04-03 15:12 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\fral
2014-04-03 15:12 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ityk
2014-04-03 15:12 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ivix
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\ydav
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\uvoq
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\qnex
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\pron
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\inig
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\erxr
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\ekew
2014-04-03 15:11 - 2014-04-03 15:11 - 00000000 ____D () C:\ProgramData\edur
2014-04-03 15:11 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\akzk
2014-04-03 15:11 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\odod
2014-04-03 15:11 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ykyf
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\yfyt
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ulqp
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ulov
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\knal
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\isiw
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\ewec
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\apir
2014-04-03 15:10 - 2014-04-03 15:10 - 00000000 ____D () C:\ProgramData\agax
2014-04-03 15:10 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\yvan
2014-04-03 15:10 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\upop
2014-04-03 15:10 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\yfic
2014-04-03 15:10 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\ehot
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ywyz
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ugug
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\opeg
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\ipyd
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\erjx
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\dbot
2014-04-03 15:09 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\akak
2014-04-03 15:09 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ujoj
2014-04-03 15:09 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\olev
2014-04-03 15:09 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\eduj
2014-04-03 15:09 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\inal
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\yfat
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ufeh
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ofeb
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\lsek
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\iqyr
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\ilbn
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\icyk
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\adtv
2014-04-03 15:08 - 2014-04-03 15:08 - 00000000 ____D () C:\ProgramData\adfg
2014-04-03 15:08 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ylin
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\yzsz
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ywiw
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\yril
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ypkx
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\ygan
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\udnd
2014-04-03 15:07 - 2014-04-03 15:07 - 00000000 ____D () C:\ProgramData\amim
2014-04-03 15:07 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ulug
2014-04-03 15:07 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\yjiv
2014-04-03 15:07 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\ylad
2014-04-03 15:07 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\udun
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\ywiz
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\odor
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\iryv
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\edgd
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\akkf
2014-04-03 15:06 - 2014-04-03 15:06 - 00000000 ____D () C:\ProgramData\abaw
2014-04-03 15:06 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ygyj
2014-04-03 15:06 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\awaz
2014-04-03 15:06 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ydig
2014-04-03 15:06 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ikic
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\uzuc
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\uror
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\umps
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\qwet
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\jjon
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ilad
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\ijiv
2014-04-03 15:05 - 2014-04-03 15:05 - 00000000 ____D () C:\ProgramData\anmv
2014-04-03 15:05 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\aryp
2014-04-03 15:05 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\afik
2014-04-03 15:05 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ecuh
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\uxoj
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\omuw
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\obum
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\jlol
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\jkez
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\exux
2014-04-03 15:04 - 2014-04-03 15:04 - 00000000 ____D () C:\ProgramData\djud
2014-04-03 15:04 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ajig
2014-04-03 15:04 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ywah
2014-04-03 15:04 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\asib
2014-04-03 15:04 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ijyl
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ylaj
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\ykaf
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\uhum
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\osoc
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\egug
2014-04-03 15:03 - 2014-04-03 15:03 - 00000000 ____D () C:\ProgramData\aryg
2014-04-03 15:03 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\lzec
2014-04-03 15:03 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ufob
2014-04-03 15:03 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\egop
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\opjl
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\ndur
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\kzas
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\iraq
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\erur
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\azyh
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\asaw
2014-04-03 15:02 - 2014-04-03 15:02 - 00000000 ____D () C:\ProgramData\asas
2014-04-03 15:02 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\acac
2014-04-03 15:02 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ydip
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ywss
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\oqpp
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\okgw
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ogug
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ofow
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\jteb
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\izah
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\igar
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\ejqd
2014-04-03 15:01 - 2014-04-03 15:01 - 00000000 ____D () C:\ProgramData\egll
2014-04-03 15:01 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\zhis
2014-04-03 15:01 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\erox
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\uvuv
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ifyc
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\evop
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\esef
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ejon
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\ahys
2014-04-03 15:00 - 2014-04-03 15:00 - 00000000 ____D () C:\ProgramData\acyt
2014-04-03 15:00 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\icic
2014-04-03 15:00 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\egup
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\ytat
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\ygij
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uvel
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uveg
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\uhok
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\udxr
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\oded
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\bcik
2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\awyw
2014-04-03 14:59 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\uxed
2014-04-03 14:59 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ydal
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ytyf
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ycac
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\qzef
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ohjf
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\ivbx
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\dlog
2014-04-03 14:58 - 2014-04-03 14:58 - 00000000 ____D () C:\ProgramData\avmn
2014-04-03 14:58 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\ojdn
2014-04-03 14:58 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\yrav
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\yfkk
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\pzoc
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\otos
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\hmim
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\epog
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\ebec
2014-04-03 14:57 - 2014-04-03 14:57 - 00000000 ____D () C:\ProgramData\avyj
2014-04-03 14:57 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\igij
2014-04-03 14:57 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ejoj
2014-04-03 14:57 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ohot
2014-04-03 14:57 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ijag
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ugog
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ivij
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\evel
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\emez
2014-04-03 14:56 - 2014-04-03 14:56 - 00000000 ____D () C:\ProgramData\ebrt
2014-04-03 14:56 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\esec
2014-04-03 14:56 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\amic
2014-04-03 14:56 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ylir
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\uruj
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\unpd
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\odox
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\obuf
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\izmw
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\enqn
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\azih
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\atif
2014-04-03 14:55 - 2014-04-03 14:55 - 00000000 ____D () C:\ProgramData\agar
2014-04-03 14:55 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\epoq
2014-04-03 14:55 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\upeg
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\ygax
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\itif
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\isib
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\imat
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\exen
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\emoh
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\aril
2014-04-03 14:54 - 2014-04-03 14:54 - 00000000 ____D () C:\ProgramData\afak
2014-04-03 14:54 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\uxod
2014-04-03 14:54 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ujor
2014-04-03 14:54 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\yqir
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\vsut
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ogov
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\icak
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\ezdc
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\agyj
2014-04-03 14:53 - 2014-04-03 14:53 - 00000000 ____D () C:\ProgramData\afyt
2014-04-03 14:53 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ofob
2014-04-03 14:53 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ydyq
2014-04-03 14:53 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\owok
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ymak
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\usek
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\uluv
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\smac
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ozjt
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\ilax
2014-04-03 14:52 - 2014-04-03 14:52 - 00000000 ____D () C:\ProgramData\igax
2014-04-03 14:52 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\hhyh
2014-04-03 14:52 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\ahih
2014-04-03 14:52 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\utoz
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\wmit
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\utew
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\orun
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\oquv
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\jfus
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\ixiq
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\efqh
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\axal
2014-04-03 14:51 - 2014-04-03 14:51 - 00000000 ____D () C:\ProgramData\asys
2014-04-03 14:51 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\bxal
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\yzih
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\xklh
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\usef
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ozuk
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ijig
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\idip
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\esuk
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\ehuf
2014-04-03 14:50 - 2014-04-03 14:50 - 00000000 ____D () C:\ProgramData\agij
2014-04-03 14:50 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ujod
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ykwf
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\otuw
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\otew
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\opul
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\ollg
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\isah
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\icam
2014-04-03 14:49 - 2014-04-03 14:49 - 00000000 ____D () C:\ProgramData\epep
2014-04-03 14:49 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\otow
2014-04-03 14:49 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\ybyb
2014-04-03 14:49 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\evov
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\yzah
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\yvyj
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\tfit
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\shis
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\ipin
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\ihyw
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\exoj
2014-04-03 14:48 - 2014-04-03 14:48 - 00000000 ____D () C:\ProgramData\chys
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\yxiq
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\ysyw
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\oxex
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\lzoc
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\iqyd
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\gcuz
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\fwyz
2014-04-03 14:47 - 2014-04-03 14:47 - 00000000 ____D () C:\ProgramData\acif
2014-04-03 14:47 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\ehuc
2014-04-03 14:47 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ewof
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\utub
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\upep
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\unox
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\ubjm
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\oxej
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\omoz
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\ohuc
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\mqsd
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\isyh
2014-04-03 14:46 - 2014-04-03 14:46 - 00000000 ____D () C:\ProgramData\agyr
2014-04-03 14:46 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\fvir
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\yzas
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ynil
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\utak
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\urej
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\tcat
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ifim
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\ibaz
2014-04-03 14:45 - 2014-04-03 14:45 - 00000000 ____D () C:\ProgramData\asab
2014-04-03 14:45 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ajyq
2014-04-03 14:45 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ozof
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\uqlq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\uguq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\olgq
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ihyb
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\hsiz
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ewoc
2014-04-03 14:44 - 2014-04-03 14:44 - 00000000 ____D () C:\ProgramData\ajip
2014-04-03 14:44 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\iftc
2014-04-03 14:44 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\atit
2014-04-03 14:44 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ifyf
2014-04-03 14:44 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\erux
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\ydyv
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\upuq
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\olul
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\okeb
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\esdt
2014-04-03 14:43 - 2014-04-03 14:43 - 00000000 ____D () C:\ProgramData\aqyj
2014-04-03 14:43 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\yntp
2014-04-03 14:43 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ihys
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ypij
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ygyx
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\owof
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\inyl
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\ewjm
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\etuh
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\arkv
2014-04-03 14:42 - 2014-04-03 14:42 - 00000000 ____D () C:\ProgramData\arcg
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ykyc
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\yjag
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\uqpp
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\orex
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\kfat
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\igmd
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ibah
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\epdp
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\enun
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 ____D () C:\ProgramData\ejod
2014-04-03 14:41 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\jder
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\yxaq
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\yfif
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\ovlg
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\nmuw
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\nboc
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\iqar
2014-04-03 14:40 - 2014-04-03 14:40 - 00000000 ____D () C:\ProgramData\afyf
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ydap
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ycyc
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ufuh
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ubum
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\scit
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\otoh
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\ogup
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\odur
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\icit
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\eqoq
2014-04-03 14:39 - 2014-04-03 14:39 - 00000000 ____D () C:\ProgramData\afaf
2014-04-03 14:39 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ohoc
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ynaq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ylyr
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\vdox
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\umos
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\uloq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\uhec
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\sxiq
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\omob
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\iryg
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\ipyx
2014-04-03 14:38 - 2014-04-03 14:38 - 00000000 ____D () C:\ProgramData\anbl
2014-04-03 14:38 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\ilsx
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\yxig
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\ykyk
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\upjl
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\twys
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\pgvq
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\iwyz
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\iwih
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\etub
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\emuw
2014-04-03 14:37 - 2014-04-03 14:37 - 00000000 ____D () C:\ProgramData\bdyl
2014-04-03 14:37 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ilyn
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\uwok
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\upul
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\owgk
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\otus
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ofeh
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\ekus
2014-04-03 14:36 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ikac
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ykim
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uxur
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\urjx
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uqol
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\unqn
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\uhoc
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\kbts
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ifit
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ezoc
2014-04-03 14:35 - 2014-04-03 14:35 - 00000000 ____D () C:\ProgramData\ewut
2014-04-03 14:35 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\yzyh
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ugup
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\udex
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\opeq
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\inyg
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ikak
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ezrf
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ezom
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\edud
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\asyb
2014-04-03 14:34 - 2014-04-03 14:34 - 00000000 ____D () C:\ProgramData\ahib
2014-04-03 14:34 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\otqz
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\zvyj
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ytac
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\opuq
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\opel
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ixag
2014-04-03 14:33 - 2014-04-03 14:33 - 00000000 ____D () C:\ProgramData\ahiz
2014-04-03 14:33 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\ackt
2014-04-03 14:33 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\afym
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\yrap
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\uwoc
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\iziz
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\imik
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\igyj
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\hxag
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\awab
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\arip
2014-04-03 14:32 - 2014-04-03 14:32 - 00000000 ____D () C:\ProgramData\adap
2014-04-03 14:32 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\awas
2014-04-03 14:32 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\uduj
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ubok
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\orux
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ohof
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ifaf
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\idzq
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ecrs
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\ajiq
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\acik
2014-04-03 14:31 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\abih
2014-04-03 14:31 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ajag
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\wbyh
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ssss
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ojux
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\obok
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\lxvn
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\inyp
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\ihih
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\afyc
2014-04-03 14:30 - 2014-04-03 14:30 - 00000000 ____D () C:\ProgramData\afac
2014-04-03 14:30 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\ewuk
2014-04-03 14:30 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\izis
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\yfyc
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\xxon
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\xkes
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\vnpd
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\tbys
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\oxux
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\ewem
2014-04-03 14:29 - 2014-04-03 14:29 - 00000000 ____D () C:\ProgramData\aksc
2014-04-03 14:29 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\udjj
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ydiq
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ydcq
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\udur
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\ivmn
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\idiv
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\etoh
2014-04-03 14:28 - 2014-04-03 14:28 - 00000000 ____D () C:\ProgramData\amyc
2014-04-03 14:28 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\uhof
2014-04-03 14:28 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\icif
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\yhiw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\ybmw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\usot
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\mwaw
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\epop
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\aryq
2014-04-03 14:27 - 2014-04-03 14:27 - 00000000 ____D () C:\ProgramData\adyv
2014-04-03 14:27 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ebuk
2014-04-03 14:27 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\otez
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\yvax
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\uxdx
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\umes
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ohgt
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\jhok
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ivsj
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ikmt
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\idyp
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\dwem
2014-04-03 14:26 - 2014-04-03 14:26 - 00000000 ____D () C:\ProgramData\ajsv
2014-04-03 14:26 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\ebuc
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\uqeg
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\unex
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\udud
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\oqqv
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\izyz
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\iriq
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\imit
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\hcyc
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\edon
2014-04-03 14:25 - 2014-04-03 14:25 - 00000000 ____D () C:\ProgramData\afif
2014-04-03 14:25 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\eset
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\yziw
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\uxox
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\tlan
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\ored
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\opug
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\ityf
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\epul
2014-04-03 14:24 - 2014-04-03 14:24 - 00000000 ____D () C:\ProgramData\eguq
2014-04-03 14:24 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\oleg
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\wjav
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\uhdm
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ovog
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ohrk
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ibts
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\anyp
2014-04-03 14:23 - 2014-04-03 14:23 - 00000000 ____D () C:\ProgramData\ajiv
2014-04-03 14:23 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\jfew
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\wnyl
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\unur
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\pdex
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\kzab
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\inip
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\eqeq
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\epug
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\atff
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\asis
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\ashh
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\ProgramData\adal
2014-04-03 14:22 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\erdd
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\uvop
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\unor
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\pren
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\orgj
2014-04-03 14:21 - 2014-04-03 14:21 - 00000000 ____D () C:\ProgramData\ahas
2014-04-03 14:21 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ebef
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ytaf
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\unoj
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\tpaj
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\slir
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\jqug
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ikif
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\fhaw
2014-04-03 14:20 - 2014-04-03 14:20 - 00000000 ____D () C:\ProgramData\ahis
2014-04-03 14:20 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\otob
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\sryp
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\sdyg
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\qzum
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\iwib
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ivwr
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ilyx
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\ilix
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\dxrd
2014-04-03 14:19 - 2014-04-03 14:19 - 00000000 ____D () C:\ProgramData\dmes
2014-04-03 14:19 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ppug
2014-04-03 14:19 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ygar
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\usok
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\upev
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ogol
2014-04-03 14:18 - 2014-04-03 14:18 - 00000000 ____D () C:\ProgramData\ofrz
2014-04-03 14:18 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\bjiv
2014-04-03 14:18 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\yqaj
2014-04-03 14:18 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ykat
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\upeq
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\tmac
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\pzdc
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ozef
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ojed
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\ksab
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\epov
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\eceh
2014-04-03 14:17 - 2014-04-03 14:17 - 00000000 ____D () C:\ProgramData\amyk
2014-04-03 14:17 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\okes
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ujux
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ojox
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\ilyr
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\efus
2014-04-03 14:16 - 2014-04-03 14:16 - 00000000 ____D () C:\ProgramData\alix
2014-04-03 14:16 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\iriv
2014-04-03 14:16 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ezuf
2014-04-03 14:16 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\epeg
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ynag
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ybis
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\vgoq
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ukez
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\udrr
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ucph
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ezrc
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ewed
2014-04-03 14:15 - 2014-04-03 14:15 - 00000000 ____D () C:\ProgramData\ebok
2014-04-03 14:15 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\eguv
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\yzis
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\ysyb
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\ujrj
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\qfus
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\pkrh
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\orud
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\exud
2014-04-03 14:14 - 2014-04-03 14:14 - 00000000 ____D () C:\ProgramData\awiz
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ypmj
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\wsaz
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ofew
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\ewek
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\evog
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\eprv
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\ProgramData\anyv
2014-04-03 14:13 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\iwab
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ywib
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ugel
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\shaw
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\rjej
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\ityt
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\epev
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\axyg
2014-04-03 14:12 - 2014-04-03 14:12 - 00000000 ____D () C:\ProgramData\aqix
2014-04-03 14:12 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\iwis
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\uzok
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ugeg
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\inhv
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\ewef
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\dded
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\awzs
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\aryv
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\ProgramData\aqad
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\skwf
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\oqop
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ojpx
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\idhg
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\fmkt
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\ezec
2014-04-03 14:10 - 2014-04-03 14:10 - 00000000 ____D () C:\ProgramData\elog
2014-04-03 14:10 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\uvol
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\otoz
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\oklh
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ofes
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ocos
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\icyt
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\ewum
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\eveg
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\eloq
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\aqax
2014-04-03 14:09 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ylix
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ubom
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\ipir
2014-04-03 14:08 - 2014-04-03 14:08 - 00000000 ____D () C:\ProgramData\efjh
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Malwarebytes befindet sich ja schon auf deinem Rechner. Führe einen Suchlauf, wie unten beschrieben durch und poste mir das Ergebnis
Schritt 2
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language German aus.
  • Klicke auf Armaturenbrett und auf Jetzt aktualisieren, um die Datenbank zu updaten.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 3
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Antwort

Themen zu Hesperbot nach Telebanking
dropper, ellung, essen, essentials, hesperbot, home, home premium, nichts, phishing, premium, rechner, security, security essentials, systemwiederherstellung, telebanking, troja, trojandropper, versuch, windows, windows 7, windows 7 home, windows 7 home premium



Ähnliche Themen: Hesperbot nach Telebanking


  1. Audio im Stream nach kurzer Zeit weg. Nach Reset wieder da.
    Alles rund um Windows - 16.03.2016 (11)
  2. Problem bei Telebanking Raiffeisen ELBA - Login wird auf andere Seite umgeleitet.
    Log-Analyse und Auswertung - 15.09.2015 (19)
  3. Telebanking-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.09.2015 (28)
  4. Physikalischer Speicher nach Start bei 40% und nach längerer Benutzung bei über 85%
    Log-Analyse und Auswertung - 13.07.2015 (29)
  5. Virusalarm nach Besuch von Facebook (nach Klicken auf einen geteilten Beitrag)
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (23)
  6. Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome)
    Log-Analyse und Auswertung - 31.10.2013 (29)
  7. Virus startet nach 10-15sec nach Kontoanmeldung, ( Taskkill.exe) Wird als Tarnname benutzt was nun?
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (29)
  8. Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten.
    Log-Analyse und Auswertung - 25.04.2013 (40)
  9. Nach starten des Browsers öffnet sich GVU-Trojaner (nach kinox.to Besuch)
    Log-Analyse und Auswertung - 03.03.2013 (2)
  10. Grauer Bildschirm nach dem Anmelden...Meldung: Nach Problemlösung im Internet suchen
    Log-Analyse und Auswertung - 22.06.2012 (1)
  11. Suche nach angepasstem Script nach Gema-Virus und weißen Bildschirm mit ...
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  12. Nach Anmeldung Schwarzer Bildschirm, bzw. Systemabsturz mit BSOD nach kurzer Zeit
    Log-Analyse und Auswertung - 25.04.2011 (11)
  13. Maus hängt nach nach Bereinigung mit Anti-Malware von Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (9)
  14. antivir findet trojaner nach download, ist mein pc sicher nach Dateilöschung
    Log-Analyse und Auswertung - 19.02.2010 (11)
  15. Xp startet 1min. nach Hochfahren neu, nach Neuinstall. Trojaner in System Ordner...
    Log-Analyse und Auswertung - 26.01.2010 (1)
  16. bitte nochmal draufschauen nach neuaufsetzen des systems nach kompromittierung
    Log-Analyse und Auswertung - 20.10.2005 (1)
  17. Problem nach Deaktivierung von Diensten unter XP(Internet-einwahl erst nach 2 Minuten
    Alles rund um Windows - 13.11.2003 (4)

Zum Thema Hesperbot nach Telebanking - Hallo und grüß' euch! Ich habe hier einen Rechner mit Windows 7 Home Premium, 64 Bit-Version. Security Essentials findet "TrojanDropper:Win32/Hesperbot.B" Eine Systemwiederherstellung machen lässt er mich nicht. Sonst habe ich - Hesperbot nach Telebanking...
Archiv
Du betrachtest: Hesperbot nach Telebanking auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.