Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.03.2013, 10:25   #1
HAL6996
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Liebe PC-Freunde!

Ich habe einen Quick-Scan mit Malwarebytes Anti-Malware durchgeführt und folgende Logdatei vorliegen:


Malwarebytes Anti-Malware (Test) 1.70.0.1100

Datenbank Version: v2013.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HAL9000 :: HAL9000 [Administrator]

Schutz: Aktiviert

19.03.2013 11:19:09
MBAM-log-2013-03-19 (11-22-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204520
Laufzeit: 2 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 9
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\csrss.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\System32\csrss.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\svchost.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\csrss.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\System32\csrss.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\svchost.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Temp\TrustedInstaller.exe (Trojan.Agent.CV) -> Keine Aktion durchgeführt.
C:\Users\Daniel\AppData\Roaming\rundll32.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.
C:\Users\Daniel\AppData\Roaming\System32\svchost.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Daniel\AppData\Roaming\System32\rundll32.exe (Trojan.Downloader) -> Keine Aktion durchgeführt.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)


Leider kann ich mit den Meldungen nicht viel anfangen. Ich würde mich freuen, wenn mir hier ein Experte weiterhilft. Vielen Dank.


HAL6996 ( ° )

Alt 19.03.2013, 14:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 19.03.2013, 20:23   #3
HAL6996
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Erstmal vielen Dank cosinus! Sonst sind keine weiteren Logs vorhanden. Was denkst Du? Aussichtsloser Fall? Hier nochmal der aktuelle Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HAL9000 :: HAL9000 [Administrator]

Schutz: Aktiviert

19.03.2013 21:20:18
MBAM-log-2013-03-19 (21-22-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201231
Laufzeit: 1 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 9
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\csrss.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\System32\csrss.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\svchost.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\csrss.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\System32\csrss.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\svchost.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Temp\TrustedInstaller.exe (Trojan.Agent.CV) -> Keine Aktion durchgeführt.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
Vielen Dank!


HAL6996 ( ° )

Moin Supporters!

Ich möchte jetzt nochmal ein Scan von dds+ nachreichen:

Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.17.2
Run by HAL9000 at 10:01:50 on 2013-03-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4061.2222 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Secure Banking\SecureBanking.exe
C:\Program Files (x86)\Secure Banking\sbservice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindows: Load = C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mExplorerRun: [64428] c:\progra~3\dxoidaj.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://comport-emea.daimler.com/,DSID=dadca7ce55cbc7782b10ab029b390293,DanaInfo=.astvuhr99HnJn043x3-9tT80E,SSL,ST=1+/dwa7W.cab
TCP: NameServer = 83.169.184.33 192.168.0.1
TCP: Interfaces\{780A8806-5207-42AA-ABAC-6B224290FCFA} : DHCPNameServer = 83.169.184.33 192.168.0.1
TCP: Interfaces\{DACB780E-E525-4441-A3DD-EA7C8FE376B6} : DHCPNameServer = 83.169.184.33 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpaxita.info
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2013-02-14 16:41; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 40872330;40872330;C:\Windows\System32\drivers\40872330.sys [2013-3-19 460888]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-3-10 17720]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-2-26 11576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-19 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe [2013-3-19 398184]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Anti-Malware\mbamservice.exe [2013-3-19 682344]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .js: JSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-03-20 08:35:13	9162192	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13769F17-98A1-4E31-A7DD-2F68DFED6773}\mpengine.dll
2013-03-19 23:48:55	--------	d-----w-	C:\Program Files (x86)\Secure Banking
2013-03-19 21:23:54	460888	----a-w-	C:\Windows\System32\drivers\40872330.sys
2013-03-19 09:42:57	--------	d-----w-	C:\ProgramData\Kaspersky Lab
2013-03-19 08:54:03	--------	d-----w-	C:\Users\Daniel\AppData\Roaming\Malwarebytes
2013-03-19 08:53:50	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-03-19 08:53:49	24176	----a-w-	C:\Windows\System32\drivers\mbam.sys
2013-03-19 08:53:49	--------	d-----w-	C:\Program Files (x86)\Anti-Malware
2013-03-19 08:49:42	--------	d-----w-	C:\Users\Daniel\AppData\Local\Programs
2013-03-18 19:26:11	--------	d-sh--r-	C:\Users\Daniel\AppData\Roaming\System32
2013-03-18 10:39:02	283330	----a-w-	C:\ProgramData\1363603086.bdinstall.bin
2013-03-18 10:39:02	--------	d-----w-	C:\Program Files\Bitdefender
2013-03-18 10:37:58	--------	d-----w-	C:\Program Files\Common Files\Bitdefender
2013-03-18 10:31:40	861088	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-03-18 10:31:31	95648	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-18 09:36:20	--------	d-----w-	C:\Users\Daniel\AppData\Roaming\QuickScan
2013-03-18 09:34:02	--------	d-----w-	C:\Program Files\NVIDIA Corporation
2013-03-17 14:15:38	--------	d-----w-	C:\Users\Daniel\AppData\Local\http___www.julien-manici
2013-03-17 10:05:05	--------	d-----w-	C:\Users\Daniel\AppData\Local\Spotify
2013-03-17 10:04:45	--------	d-----w-	C:\Users\Daniel\AppData\Roaming\Spotify
2013-03-12 22:21:21	--------	d-----w-	C:\Windows\ehome
2013-03-12 21:57:30	22784	----a-w-	C:\Windows\SysWow64\drivers\afc.sys
2013-03-12 21:49:07	28672	----a-w-	C:\Windows\System32\AF15BDAEX.dll
2013-03-12 21:49:07	126	----a-w-	C:\Windows\System32\AF15IRTBL.bin
2013-03-12 21:49:03	507392	----a-w-	C:\Windows\System32\drivers\AF15BDA.sys
2013-03-10 15:33:46	32600	----a-w-	C:\Windows\System32\SmartDefragBootTime.exe
2013-03-10 15:33:36	--------	d-----w-	C:\ProgramData\IObit
2013-03-10 15:33:20	17720	----a-w-	C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-03-10 15:33:20	--------	d-----w-	C:\Users\Daniel\AppData\Roaming\IObit
2013-03-10 15:33:19	--------	d-----w-	C:\Program Files (x86)\IObit
2013-03-09 14:07:28	--------	d-----w-	C:\Users\Daniel\AppData\Roaming\OpenOffice.org
2013-03-09 14:05:56	--------	d-----w-	C:\Program Files (x86)\OpenOffice.org 3
2013-03-09 11:39:01	--------	d-----w-	C:\Program Files (x86)\VideoLAN
2013-03-09 11:24:23	--------	d-----w-	C:\Users\Daniel\AppData\Roaming\DL
2013-03-09 11:23:58	--------	d-----w-	C:\Users\Daniel\.Zettelkasten
2013-03-09 10:32:10	163056	----a-w-	C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-03-08 17:00:00	--------	d-----w-	C:\Users\Daniel\AppData\Local\Thunderbird
2013-03-08 16:49:25	--------	d-----r-	C:\Program Files (x86)\Skype
2013-03-08 10:38:52	--------	d-----w-	C:\Users\Daniel\AppData\Roaming\WindSolutions
2013-03-08 10:38:52	--------	d-----w-	C:\ProgramData\WindSolutions
2013-03-08 02:07:24	--------	d-----w-	C:\Program Files\CCleaner
2013-03-08 01:47:22	2776576	----a-w-	C:\Windows\System32\msmpeg2vdec.dll
2013-03-08 01:46:38	458712	----a-w-	C:\Windows\System32\drivers\cng.sys
2013-03-08 01:46:38	340992	----a-w-	C:\Windows\System32\schannel.dll
2013-03-08 01:46:38	247808	----a-w-	C:\Windows\SysWow64\schannel.dll
2013-03-08 01:46:37	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2013-03-08 01:46:37	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2013-03-08 01:46:37	366592	----a-w-	C:\Windows\System32\qdvd.dll
2013-03-08 01:46:37	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2013-03-08 01:46:37	154480	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2013-03-08 01:46:37	1448448	----a-w-	C:\Windows\System32\lsasrv.dll
2013-03-08 00:30:09	9728	----a-w-	C:\Windows\System32\Wdfres.dll
2013-03-08 00:30:09	785512	----a-w-	C:\Windows\System32\drivers\Wdf01000.sys
2013-03-08 00:30:09	54376	----a-w-	C:\Windows\System32\drivers\WdfLdr.sys
2013-03-08 00:30:09	2560	----a-w-	C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2013-03-08 00:27:50	2851840	----a-w-	C:\Windows\System32\themeui.dll.backup
2013-03-08 00:27:49	44544	----a-w-	C:\Windows\System32\themeservice.dll.backup
2013-03-08 00:27:48	332288	----a-w-	C:\Windows\System32\uxtheme.dll.backup
2013-03-08 00:24:52	996352	----a-w-	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24:52	768000	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24:25	--------	d-----w-	C:\Windows\System32\appmgmt
2013-03-08 00:15:56	46080	----a-w-	C:\Windows\System32\atmlib.dll
2013-03-08 00:15:56	367616	----a-w-	C:\Windows\System32\atmfd.dll
2013-03-08 00:15:56	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2013-03-08 00:15:56	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2013-03-08 00:15:12	87040	----a-w-	C:\Windows\System32\drivers\WUDFPf.sys
2013-03-08 00:15:12	84992	----a-w-	C:\Windows\System32\WUDFSvc.dll
2013-03-08 00:15:12	198656	----a-w-	C:\Windows\System32\drivers\WUDFRd.sys
2013-03-08 00:15:12	194048	----a-w-	C:\Windows\System32\WUDFPlatform.dll
2013-03-08 00:15:11	744448	----a-w-	C:\Windows\System32\WUDFx.dll
2013-03-08 00:15:11	45056	----a-w-	C:\Windows\System32\WUDFCoinstaller.dll
2013-03-08 00:15:11	229888	----a-w-	C:\Windows\System32\WUDFHost.exe
2013-03-08 00:09:39	3153408	----a-w-	C:\Windows\System32\win32k.sys
2013-03-08 00:08:29	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2013-03-08 00:08:29	220160	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2013-03-08 00:03:11	691568	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-07 23:29:11	5553512	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-03-07 23:29:09	3967848	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-07 23:29:09	3913064	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-03-07 23:29:07	1659760	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2013-03-07 23:29:06	750592	----a-w-	C:\Windows\System32\win32spl.dll
2013-03-07 23:29:05	492032	----a-w-	C:\Windows\SysWow64\win32spl.dll
2013-03-07 23:27:59	1464320	----a-w-	C:\Windows\System32\crypt32.dll
2013-03-07 23:27:58	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2013-03-07 23:27:58	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2013-03-07 23:27:58	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2013-03-07 23:27:58	1159680	----a-w-	C:\Windows\SysWow64\crypt32.dll
2013-03-07 23:27:58	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M  ====================
.
2013-03-18 10:31:24	782240	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-03-08 00:28:02	2755072	----a-w-	C:\Windows\SysWow64\themeui.dll.tmp
2013-03-08 00:28:01	245760	----a-w-	C:\Windows\SysWow64\uxtheme.dll.tmp
2013-03-08 00:27:50	2851840	----a-w-	C:\Windows\System32\themeui.dll
2013-03-08 00:27:49	44544	----a-w-	C:\Windows\System32\themeservice.dll
2013-03-08 00:27:48	332288	----a-w-	C:\Windows\System32\uxtheme.dll
2013-03-08 00:03:11	71024	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-18 08:22:18	31080	----a-w-	C:\Windows\System32\nvhdap64.dll
2013-02-18 08:22:18	1472360	----a-w-	C:\Windows\System32\nvhdagenco6420103.dll
2013-02-18 08:22:16	72552	----a-w-	C:\Windows\System32\nvapo64v.dll
2013-02-18 08:22:16	189288	----a-w-	C:\Windows\System32\drivers\nvhda64v.sys
2013-01-17 00:28:58	273840	------w-	C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03	9728	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02	2560	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42	10752	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21	4096	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31	9728	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31	2560	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18	10752	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07	3584	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48	4096	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41	5632	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40	5632	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40	3072	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40	3072	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00	1247744	----a-w-	C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22	1988096	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31	293376	----a-w-	C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00	249856	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43	220160	----a-w-	C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35	1504768	----a-w-	C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04	1643520	----a-w-	C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28	1175552	----a-w-	C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01	604160	----a-w-	C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58	207872	----a-w-	C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14	187392	----a-w-	C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30	2565120	----a-w-	C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17	363008	----a-w-	C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47	161792	----a-w-	C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25	1080832	----a-w-	C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39	333312	----a-w-	C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32	1887232	----a-w-	C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21	296960	----a-w-	C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57	3419136	----a-w-	C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04	245248	----a-w-	C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33	648192	----a-w-	C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30	221184	----a-w-	C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42	194560	----a-w-	C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04	1238528	----a-w-	C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36	3928064	----a-w-	C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06	417792	----a-w-	C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58	364544	----a-w-	C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43	465920	----a-w-	C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52	522752	----a-w-	C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42	1158144	----a-w-	C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09	1682432	----a-w-	C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03	1392128	----a-w-	C:\Windows\System32\wininet.dll
2013-01-09 01:11:06	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47	599040	----a-w-	C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21	2284544	----a-w-	C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 05:46:09	215040	----a-w-	C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54	1913192	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42	288088	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 10:02:13,49 ===============
         

Vielen Dank!


HAL6996 ( ° )

Scan adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 20/03/2013 um 10:14:50 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HAL9000 - HAL9000
# Bootmodus : Normal
# Ausgeführt unter : D:\Download\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\END

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\Software\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v9.0.1 (de)

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3019 octets] - [20/03/2013 10:14:50]

########## EOF - C:\AdwCleaner[R1].txt - [3079 octets] ##########
         
eset:

Code:
ATTFilter
C:\ProgramData\dxoidaj.exe	a variant of Win32/Kryptik.AXAC trojan
C:\Users\All Users\dxoidaj.exe	a variant of Win32/Kryptik.AXAC trojan
         
__________________

Alt 20.03.2013, 12:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Zitat:
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4061.2222 [GMT 1:00]
Warum bitte eine Ultimate-Edition für Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2013, 21:33   #5
HAL6996
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Hallo cosinus! Zuvorderst vielen Dank für deine Unterstützung, ich weiß es wirklich zu schätzen und werde mich hüten irgendwas zu verlangen. Also, jetzt immer der Reihe nach. Ich habe diesen Rechner von meinem Cousin übernommen, der brauchte tatsächlich eine Ultimate Version. Sollte ich zurückstufen? Was hätte ich zu verlieren? Bevor ich jetzt gleich den ersten Log von OTL poste, noch dies hier. Bei der Untersuchung ist mir aufgefallen, dass in der Auswahl zur Standard-Registrierung die Kennzeichnung von Safe-List zu Alles gewechselt wurde. Ich hatte meine Hände aber nicht am Rechner. Du siehst, ich habe keine Ahnung.

Es geht los:

OTL log

Code:
ATTFilter
OTL logfile created on: 20.03.2013 21:59:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Download
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,77% Memory free
7,93 Gb Paging File | 6,43 Gb Available in Paging File | 81,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 98,74 Gb Free Space | 68,55% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 112,64 Gb Free Space | 80,17% Space Free | Partition Type: NTFS
 
Computer Name: HAL9000 | User Name: HAL9000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - D:\Computer\Tuning\procexp.exe (Sysinternals - www.sysinternals.com)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll ()
MOD - C:\Program Files (x86)\Secure Banking\funcs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:64bit: - (40872330) -- C:\Windows\SysNative\drivers\40872330.sys (Kaspersky Lab ZAO)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 31 9F C2 0E 0B CD 01  [binary data]
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gaxpaxita.info"
FF - prefs.js..browser.search.suggest.enabled: false
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 00:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 11:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.08 20:46:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.01.03 12:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2012.04.08 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jjoa6wuc.default\extensions
[2013.03.08 12:46:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jjoa6wuc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.31 09:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.31 09:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.12.21 08:50:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: Turn Off the Lights = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: WOT = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.10_0\
CHR - Extension: Adblock Plus = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Black Pearl = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglhhfbbgbkoehdmbkcpgccbialcecac\2.1_0\
CHR - Extension: dict-cc = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh\1.6.87_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-687046182-1720888418-2620476028-1001..\Run: [paquqnuvycem] C:\Users\Daniel\paquqnuvycem.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
F3:64bit: - HKU\S-1-5-21-687046182-1720888418-2620476028-1001 WinNT: Load - (C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com) -  File not found
F3 - HKU\S-1-5-21-687046182-1720888418-2620476028-1001 WinNT: Load - (C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 64428 = c:\progra~3\dxoidaj.exe (Unjibafe. Lymen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://comport-emea.daimler.com/,DSID=dadca7ce55cbc7782b10ab029b390293,DanaInfo=.astvuhr99HnJn043x3-9tT80E,SSL,ST=1+/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{780A8806-5207-42AA-ABAC-6B224290FCFA}: DhcpNameServer = 83.169.184.33 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACB780E-E525-4441-A3DD-EA7C8FE376B6}: DhcpNameServer = 83.169.184.33 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.20 10:01:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.20 09:27:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.20 09:27:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.20 09:27:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.20 09:27:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.20 09:27:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.20 09:27:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.20 09:27:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.20 09:27:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.20 09:27:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.20 09:27:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.20 09:27:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.20 09:27:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.20 09:27:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.20 09:27:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.20 09:27:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.20 00:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2013.03.20 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2013.03.19 22:23:54 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\40872330.sys
[2013.03.19 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.19 09:54:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2013.03.19 09:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.19 09:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Malware
[2013.03.19 09:53:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.19 09:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware
[2013.03.19 09:49:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs
[2013.03.18 20:26:11 | 000,000,000 | RHSD | C] -- C:\Users\Daniel\AppData\Roaming\System32
[2013.03.18 11:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.03.18 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013.03.18 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.18 11:31:40 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.18 11:31:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.18 11:31:31 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.18 10:36:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\QuickScan
[2013.03.18 10:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.03.17 15:15:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\http___www.julien-manici
[2013.03.17 11:05:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Spotify
[2013.03.17 11:04:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Spotify
[2013.03.12 23:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2013.03.12 23:21:21 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2013.03.12 22:57:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\ArcSoft
[2013.03.12 22:57:30 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2013.03.12 22:49:07 | 000,028,672 | ---- | C] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll
[2013.03.12 22:49:03 | 000,507,392 | ---- | C] (ITETech                  ) -- C:\Windows\SysNative\drivers\AF15BDA.sys
[2013.03.11 11:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2013.03.10 23:53:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Local Settings
[2013.03.10 16:33:46 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013.03.10 16:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.03.10 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013.03.10 16:33:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\IObit
[2013.03.10 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.03.10 16:14:45 | 000,000,000 | R--D | C] -- C:\Users\Daniel\Documents\Scanned Documents
[2013.03.10 16:14:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Fax
[2013.03.09 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2013.03.09 15:06:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.03.09 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.03.09 13:31:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\dvdcss
[2013.03.09 12:43:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\vlc
[2013.03.09 12:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.03.09 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DL
[2013.03.09 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.Zettelkasten
[2013.03.08 20:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.08 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2013.03.08 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Thunderbird
[2013.03.08 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Skype
[2013.03.08 17:49:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.03.08 17:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.08 17:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.03.08 17:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.03.08 11:38:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2013.03.08 11:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2013.03.08 03:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.08 02:49:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.03.08 02:49:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.03.08 02:49:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.03.08 02:49:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.03.08 02:49:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.03.08 02:49:30 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.03.08 02:49:30 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.03.08 02:49:30 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.03.08 02:49:30 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.03.08 02:49:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.03.08 02:49:30 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.03.08 02:49:30 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.03.08 02:49:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.03.08 02:49:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.03.08 02:49:30 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.03.08 02:49:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.03.08 02:49:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.03.08 02:49:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.03.08 02:49:30 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.03.08 02:49:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.03.08 02:49:29 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.03.08 02:49:29 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.03.08 02:49:29 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.03.08 02:49:28 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.03.08 02:47:22 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.08 02:47:22 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.08 02:47:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.08 02:47:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.08 02:47:11 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.08 02:47:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.08 02:47:09 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.08 02:47:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.08 02:47:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.08 02:47:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.08 02:47:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.08 02:47:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.08 02:47:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.08 02:47:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.08 02:47:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.08 02:47:08 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.08 02:47:08 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.08 02:47:08 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.08 02:47:08 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.08 02:47:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.08 02:47:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.08 02:47:07 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.08 02:47:07 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.08 02:47:07 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.08 02:47:07 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.08 02:47:07 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.08 02:47:07 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.08 02:47:07 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.08 02:47:07 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.03.08 02:47:06 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.08 02:47:06 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.08 02:46:37 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.03.08 02:46:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.03.08 02:46:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.03.08 01:31:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.08 01:30:09 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.03.08 01:30:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.03.08 01:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skin Pack
[2013.03.08 01:28:33 | 006,676,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspaint.exe
[2013.03.08 01:28:33 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.03.08 01:28:32 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe
[2013.03.08 01:28:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013.03.08 01:28:27 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.03.08 01:28:27 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagesp1.dll
[2013.03.08 01:28:12 | 020,268,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imageres.dll
[2013.03.08 01:28:11 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2013.03.08 01:28:11 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2013.03.08 01:28:09 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2013.03.08 01:28:09 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2013.03.08 01:28:06 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll
[2013.03.08 01:28:01 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll.backup
[2013.03.08 01:27:50 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup
[2013.03.08 01:27:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup
[2013.03.08 01:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.08 01:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.03.08 01:24:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.08 01:15:56 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.03.08 01:15:56 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.03.08 01:15:56 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.03.08 01:15:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.03.08 01:15:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.03.08 01:15:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.03.08 01:15:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.03.08 01:15:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.03.08 01:09:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.03.08 01:09:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.03.08 01:09:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.03.08 01:09:17 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.03.08 01:09:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.03.08 01:09:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.03.08 01:09:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.03.08 01:08:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.03.08 01:07:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.03.08 01:07:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.03.08 01:07:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.03.08 01:07:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.03.08 01:07:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.03.08 01:07:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.03.08 01:07:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.03.08 01:07:37 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.03.08 01:07:13 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.03.08 01:07:13 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.03.08 01:03:11 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.08 00:29:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.08 00:29:09 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.08 00:29:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.08 00:29:06 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.08 00:29:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.03.08 00:28:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.03.08 00:28:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.03.08 00:28:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.03.08 00:28:44 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.03.08 00:28:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.03.08 00:28:44 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.03.08 00:28:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.03.08 00:28:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.03.08 00:28:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.03.08 00:28:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.03.08 00:28:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.03.08 00:28:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.03.08 00:28:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.03.08 00:28:40 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.03.08 00:28:40 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.03.08 00:28:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.03.08 00:28:40 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.03.08 00:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.03.08 00:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.03.08 00:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.03.08 00:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.03.08 00:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.03.08 00:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.03.08 00:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.03.08 00:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.03.08 00:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.03.08 00:28:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.03.08 00:28:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.03.08 00:28:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.03.08 00:28:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.03.08 00:28:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.03.08 00:28:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.03.08 00:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.03.08 00:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.03.08 00:28:22 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.03.08 00:28:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.03.08 00:28:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.03.08 00:28:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.03.08 00:28:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.03.08 00:28:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.03.08 00:28:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.03.08 00:28:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.03.08 00:28:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.03.08 00:28:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.03.08 00:28:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.03.08 00:28:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.03.08 00:28:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.03.08 00:28:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013.03.08 00:28:06 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013.03.08 00:28:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013.03.08 00:28:05 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013.03.08 00:28:05 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.03.08 00:28:04 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.03.08 00:28:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013.03.08 00:27:59 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.03.08 00:27:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.01.24 17:36:25 | 000,055,296 | -HS- | C] (Unjibafe. Lymen) -- C:\ProgramData\dxoidaj.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.20 21:52:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.20 21:52:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.20 21:47:41 | 000,042,496 | -HS- | M] () -- C:\Users\Daniel\paquqnuvycem.exe
[2013.03.20 21:47:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.20 21:47:06 | 3193,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.20 12:14:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.20 12:10:54 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.18 11:39:02 | 000,283,330 | ---- | M] () -- C:\ProgramData\1363603086.bdinstall.bin
[2013.03.18 11:31:24 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.18 11:31:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.18 11:31:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.18 11:31:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.18 11:31:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.18 11:31:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.17 15:02:21 | 000,000,017 | ---- | M] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg
[2013.03.12 22:49:03 | 000,507,392 | ---- | M] (ITETech                  ) -- C:\Windows\SysNative\drivers\AF15BDA.sys
[2013.03.12 22:49:03 | 000,028,672 | ---- | M] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll
[2013.03.12 22:49:03 | 000,000,126 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2013.03.11 00:14:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.08 04:32:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.08 02:17:28 | 000,609,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.08 02:17:28 | 000,113,108 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.08 01:32:15 | 001,456,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.08 01:32:15 | 000,595,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.08 01:32:15 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.08 01:27:50 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2013.03.08 01:27:48 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.03.08 01:03:11 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.08 01:03:11 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.08 00:54:05 | 000,000,000 | ---- | M] () -- C:\END
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.20 21:47:41 | 000,042,496 | -HS- | C] () -- C:\Users\Daniel\paquqnuvycem.exe
[2013.03.20 12:10:43 | 000,294,168 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.18 11:39:02 | 000,283,330 | ---- | C] () -- C:\ProgramData\1363603086.bdinstall.bin
[2013.03.17 15:02:21 | 000,000,017 | ---- | C] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg
[2013.03.17 11:05:04 | 000,001,803 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.03.12 23:22:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.03.12 23:22:06 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.03.12 22:49:07 | 000,000,126 | ---- | C] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2013.03.12 12:46:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.03.10 16:33:20 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013.03.08 04:32:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.08 01:30:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.08 01:15:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.08 00:54:04 | 000,000,000 | ---- | C] () -- C:\END
[2012.04.08 18:27:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.03 10:28:18 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.01.03 10:28:18 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.01.03 10:28:18 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.01.03 10:28:18 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.09 12:24:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DL
[2013.03.08 00:11:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
[2012.02.19 16:43:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\elsterformular
[2013.03.08 12:46:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICAClient
[2013.03.10 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IObit
[2012.01.31 07:25:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Juniper Networks
[2013.03.09 15:07:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2013.03.18 11:43:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\QuickScan
[2013.03.20 02:57:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Spotify
[2013.03.19 11:52:12 | 000,000,000 | RHSD | M] -- C:\Users\Daniel\AppData\Roaming\System32
[2013.03.08 12:46:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\temp
[2013.03.08 18:00:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2013.03.08 11:54:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >
         

Und jetzt:


OTL Extras log

Code:
ATTFilter
OTL Extras logfile created on: 20.03.2013 21:59:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Download
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,77% Memory free
7,93 Gb Paging File | 6,43 Gb Available in Paging File | 81,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 98,74 Gb Free Space | 68,55% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 112,64 Gb Free Space | 80,17% Space Free | Partition Type: NTFS
 
Computer Name: HAL9000 | User Name: HAL9000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"Client Server Runtime Process" = C:\Users\Daniel\AppData\Roaming\csrss.exe
"Host-process Windows (Rundll32.exe)" = C:\Users\Daniel\AppData\Roaming\System32\csrss.exe
"Service Host Process for Windows" = C:\Users\Daniel\AppData\Roaming\svchost.exe
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"Client Server Runtime Process" = C:\Users\Daniel\AppData\Roaming\csrss.exe
"Host-process Windows (Rundll32.exe)" = C:\Users\Daniel\AppData\Roaming\System32\csrss.exe
"Service Host Process for Windows" = C:\Users\Daniel\AppData\Roaming\svchost.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13F1F336-2164-4BF9-8C57-DAB2F11DAC47}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1EB91935-125C-46EC-884A-529B2FECE6A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{229CBD36-CE23-42D8-B6D9-14BA33142994}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2B3D3788-BA22-4991-9672-4669335681DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CE32EE3-E513-42A4-A790-AA2478531AD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3151EE3C-596E-4AA2-9326-BC73C5D55AA6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4154ED35-7192-4C39-B200-123198CFB6C3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4E3A3B61-6BD5-4280-AB92-309338E401D0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5CEB46D1-019D-4383-8A95-613D288A140D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{975E078C-DDE4-467A-B810-9C22866E896C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{989BE328-ADD3-4BAF-A49D-EFA9F5C0DA82}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A4FBF019-94D4-46D3-AFC1-AC45488080CF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CE9D86BF-10F2-4BF8-8077-DC2193D8B4D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2C1F1C6-A2A8-48C8-98B8-AA22775856C1}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1096DA61-F62E-489A-8557-2BF968E27C0E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{13ED6BDC-D1F1-49CA-B1AA-3A75D2E1BF6E}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe | 
"{1E48F5F6-2CB3-4905-BB4E-DDAA12F4A892}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{20BB4051-E609-4726-9069-0C0A8904197C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2A26F4D2-AD2E-44E6-B346-BEB2D67ABF95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{42322D87-2323-4844-84F6-B9D6B158B3B7}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe | 
"{6DABCCA8-503F-463E-97F7-E4F6236E55A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{89AB9E77-09DB-4288-8D28-BA13DE06361A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{95F5A242-1CC9-48C0-9827-E39BC29705AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B87400B3-A78C-4390-8D2E-21715E1A37A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BA7A2C6B-85C0-4018-809F-8DC317C4BEAC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C2346906-6DB2-4A7D-9A9B-EC4C2C9703DA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D41DDF41-7404-42F3-A816-36852696CDFF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{52410123-368B-4A96-85DF-F0751C05E0B4}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"UDP Query User{AB813D77-B3DF-4557-A510-4FDBD8257F59}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"Smart Defrag 2_is1" = Smart Defrag 2
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2013 03:40:54 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
 letzten gültigen Indexwerte enthalten.
 
Error - 14.03.2013 16:19:21 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
 letzten gültigen Indexwerte enthalten.
 
Error - 14.03.2013 16:35:46 | Computer Name = HAL9000 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.03.2013 20:23:54 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
 letzten gültigen Indexwerte enthalten.
 
Error - 15.03.2013 04:24:59 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
 letzten gültigen Indexwerte enthalten.
 
Error - 15.03.2013 17:13:33 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
 letzten gültigen Indexwerte enthalten.
 
Error - 15.03.2013 17:56:28 | Computer Name = HAL9000 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.03.2013 04:31:51 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
 letzten gültigen Indexwerte enthalten.
 
Error - 16.03.2013 05:12:26 | Computer Name = HAL9000 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.03.2013 11:43:58 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
 letzten gültigen Indexwerte enthalten.
 
[ Media Center Events ]
Error - 12.03.2013 18:45:28 | Computer Name = HAL9000 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) AF9015 BDA
 Filter
 
Error - 12.03.2013 20:14:02 | Computer Name = HAL9000 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) AF9015 BDA
 Filter
 
[ System Events ]
Error - 17.03.2013 00:30:49 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 17.03.2013 00:30:50 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 17.03.2013 05:48:28 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 17.03.2013 05:48:29 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 18.03.2013 05:20:26 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 18.03.2013 05:20:29 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 19.03.2013 04:40:57 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 19.03.2013 04:40:58 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 19.03.2013 06:05:37 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 19.03.2013 06:05:40 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
 
< End of report >
         




HAL6996 ( ° )


Alt 20.03.2013, 22:17   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Nein ich wollte nur wissen warum du eine Ultimate Edition hast, die sind nämlich teurer und idr werden die nur sehr selten benötigt

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei

Alt 20.03.2013, 23:38   #7
HAL6996
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Vielen Dank cosinus! Hier die nächsten Logs:

GMER

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-20 23:35:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: xovmr9vs.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\fwtdipoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\svchost.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection    0000000077befc30 5 bytes JMP 000000007efa1f1f
.text   C:\Windows\SysWOW64\svchost.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection  0000000077befc60 5 bytes JMP 000000007efa1fc4
.text   C:\Windows\SysWOW64\svchost.exe[2760] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoW         0000000076584889 5 bytes JMP 000000007efa1870

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\msiexec.exe [2428:2448]                                               000000007efa3104
Thread  C:\Windows\SysWOW64\msiexec.exe [2428:2452]                                               000000007efa32ca
Thread  C:\Windows\SysWOW64\svchost.exe [2760:2768]                                               000000007efa33df
Thread  C:\Windows\SysWOW64\svchost.exe [2760:2772]                                               000000007efa36d8

---- EOF - GMER 2.1 ----
         

MBAR ist nach 1. Scan bei Wiederherstellungspunkt - ich hatte das Häkchen drin gelassen - eingefroren

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.20.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HAL9000 :: HAL9000 [administrator]

20.03.2013 23:51:40
mbar-log-2013-03-20 (23-51-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28790
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|paquqnuvycem (Trojan.Ransom.Gen) -> Data: C:\Users\Daniel\paquqnuvycem.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\Daniel\paquqnuvycem.exe (Trojan.Ransom.Gen) -> Delete on reboot.
c:\Users\Daniel\AppData\Local\Temp\1347354608.exe (Trojan.Ransom.Gen) -> Delete on reboot.

(end)
         

2. Scan beim runterfahren aufgehangen

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.20.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HAL9000 :: HAL9000 [administrator]

21.03.2013 00:05:25
mbar-log-2013-03-21 (00-05-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28791
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|paquqnuvycem (Trojan.Ransom.Gen) -> Data: C:\Users\Daniel\paquqnuvycem.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\Daniel\paquqnuvycem.exe (Trojan.Ransom.Gen) -> Delete on reboot.
c:\Users\Daniel\AppData\Local\Temp\1347354608.exe (Trojan.Ransom.Gen) -> Delete on reboot.

(end)
         
Scan Nr. 3 war sauber

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.20.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HAL9000 :: HAL9000 [administrator]

21.03.2013 00:26:22
mbar-log-2013-03-21 (00-26-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28698
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


HAL6996 ( ° )

Alt 21.03.2013, 09:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2013, 10:02   #9
HAL6996
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Hallo cosinus!

Logfile aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-21 10:35:35
-----------------------------
10:35:35.978    OS Version: Windows x64 6.1.7601 Service Pack 1
10:35:35.979    Number of processors: 2 586 0x170A
10:35:35.979    ComputerName: HAL9000  UserName: HAL9000
10:35:36.473    Initialize success
10:38:05.075    AVAST engine defs: 13032001
10:38:22.317    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:38:22.321    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
10:38:22.481    Disk 0 MBR read successfully
10:38:22.485    Disk 0 MBR scan
10:38:22.491    Disk 0 Windows 7 default MBR code
10:38:22.506    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
10:38:22.528    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147501 MB offset 20973568
10:38:22.555    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       143872 MB offset 323055616
10:38:22.587    Disk 0 Partition 4 00     12  Compaq diag NTFS         3630 MB offset 617705472
10:38:22.641    Disk 0 scanning C:\Windows\system32\drivers
10:38:33.266    Service scanning
10:38:55.444    Modules scanning
10:38:55.458    Disk 0 trace - called modules:
10:38:55.523    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
10:38:55.531    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057d8790]
10:38:55.561    3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> [0xfffffa8003cf3e40]
10:38:55.578    5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004704050]
10:38:56.592    AVAST engine scan C:\Windows
10:38:58.467    AVAST engine scan C:\Windows\system32
10:41:34.451    AVAST engine scan C:\Windows\system32\drivers
10:41:46.413    AVAST engine scan C:\Users\Daniel
10:44:12.221    AVAST engine scan C:\ProgramData
10:44:29.665    Scan finished successfully
10:52:06.715    Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
10:52:06.721    The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"
         

TDSKILLER > 1 Threat found > medium risk

Unsigned File
Service: Theme
File: C:\Windows\system32\themeservice.dll



HAL6996 ( ° )

Alt 21.03.2013, 10:23   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Die Logs bitte immer vollständig posten, solche eigenen Zusammenfassungen sind unnütz
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2013, 20:15   #11
HAL6996
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Hallo cosinus! Habe den Log an der falschen Stelle gesucht. Totaler Anfängerfehler, ich entschuldige mich. Jetzt aber!

TDSSKiller Log

Code:
ATTFilter
21:09:22.0813 2828  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:09:22.0908 2828  ============================================================
21:09:22.0908 2828  Current date / time: 2013/03/21 21:09:22.0908
21:09:22.0908 2828  SystemInfo:
21:09:22.0908 2828  
21:09:22.0908 2828  OS Version: 6.1.7601 ServicePack: 1.0
21:09:22.0908 2828  Product type: Workstation
21:09:22.0908 2828  ComputerName: HAL9000
21:09:22.0909 2828  UserName: HAL9000
21:09:22.0909 2828  Windows directory: C:\Windows
21:09:22.0909 2828  System windows directory: C:\Windows
21:09:22.0909 2828  Running under WOW64
21:09:22.0909 2828  Processor architecture: Intel x64
21:09:22.0909 2828  Number of processors: 2
21:09:22.0909 2828  Page size: 0x1000
21:09:22.0909 2828  Boot type: Normal boot
21:09:22.0909 2828  ============================================================
21:09:23.0479 2828  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:09:23.0489 2828  ============================================================
21:09:23.0489 2828  \Device\Harddisk0\DR0:
21:09:23.0489 2828  MBR partitions:
21:09:23.0489 2828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
21:09:23.0489 2828  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000
21:09:23.0489 2828  ============================================================
21:09:23.0520 2828  C: <-> \Device\Harddisk0\DR0\Partition1
21:09:23.0556 2828  D: <-> \Device\Harddisk0\DR0\Partition2
21:09:23.0556 2828  ============================================================
21:09:23.0557 2828  Initialize success
21:09:23.0557 2828  ============================================================
21:09:32.0376 2720  ============================================================
21:09:32.0376 2720  Scan started
21:09:32.0376 2720  Mode: Manual; SigCheck; TDLFS; 
21:09:32.0376 2720  ============================================================
21:09:32.0654 2720  ================ Scan system memory ========================
21:09:32.0654 2720  System memory - ok
21:09:32.0654 2720  ================ Scan services =============================
21:09:32.0853 2720  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:09:33.0015 2720  1394ohci - ok
21:09:33.0092 2720  [ E656FE10D6D27794AFA08136685A69E8 ] 40872330        C:\Windows\system32\DRIVERS\40872330.sys
21:09:33.0155 2720  40872330 - ok
21:09:33.0211 2720  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:09:33.0241 2720  ACPI - ok
21:09:33.0284 2720  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:09:33.0357 2720  AcpiPmi - ok
21:09:33.0491 2720  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:09:33.0513 2720  AdobeARMservice - ok
21:09:33.0571 2720  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:09:33.0617 2720  adp94xx - ok
21:09:33.0665 2720  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:09:33.0686 2720  adpahci - ok
21:09:33.0694 2720  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:09:33.0711 2720  adpu320 - ok
21:09:33.0746 2720  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:09:33.0912 2720  AeLookupSvc - ok
21:09:33.0958 2720  [ 0517E1670A58213E3F206066CD209273 ] AF15BDA         C:\Windows\system32\DRIVERS\AF15BDA.sys
21:09:34.0041 2720  AF15BDA - ok
21:09:34.0162 2720  [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
21:09:34.0179 2720  Afc - ok
21:09:34.0259 2720  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:09:34.0348 2720  AFD - ok
21:09:34.0406 2720  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:09:34.0429 2720  agp440 - ok
21:09:34.0461 2720  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:09:34.0494 2720  ALG - ok
21:09:34.0557 2720  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:09:34.0578 2720  aliide - ok
21:09:34.0615 2720  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:09:34.0636 2720  amdide - ok
21:09:34.0690 2720  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:09:34.0729 2720  AmdK8 - ok
21:09:34.0771 2720  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:09:34.0806 2720  AmdPPM - ok
21:09:34.0868 2720  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:09:34.0886 2720  amdsata - ok
21:09:34.0923 2720  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:09:34.0941 2720  amdsbs - ok
21:09:34.0957 2720  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:09:34.0970 2720  amdxata - ok
21:09:35.0027 2720  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:09:35.0256 2720  AppID - ok
21:09:35.0281 2720  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:09:35.0351 2720  AppIDSvc - ok
21:09:35.0386 2720  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:09:35.0444 2720  Appinfo - ok
21:09:35.0539 2720  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:09:35.0559 2720  Apple Mobile Device - ok
21:09:35.0596 2720  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:09:35.0634 2720  AppMgmt - ok
21:09:35.0682 2720  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:09:35.0698 2720  arc - ok
21:09:35.0708 2720  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:09:35.0723 2720  arcsas - ok
21:09:35.0756 2720  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:35.0837 2720  AsyncMac - ok
21:09:35.0871 2720  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:09:35.0884 2720  atapi - ok
21:09:35.0945 2720  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:09:36.0046 2720  AudioEndpointBuilder - ok
21:09:36.0061 2720  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:09:36.0106 2720  AudioSrv - ok
21:09:36.0164 2720  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:09:36.0216 2720  AxInstSV - ok
21:09:36.0270 2720  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:09:36.0301 2720  b06bdrv - ok
21:09:36.0350 2720  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:09:36.0395 2720  b57nd60a - ok
21:09:36.0429 2720  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:09:36.0463 2720  BDESVC - ok
21:09:36.0477 2720  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:09:36.0527 2720  Beep - ok
21:09:36.0593 2720  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:09:36.0652 2720  BFE - ok
21:09:36.0701 2720  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:09:36.0815 2720  BITS - ok
21:09:36.0843 2720  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:09:36.0876 2720  blbdrive - ok
21:09:36.0954 2720  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:09:36.0991 2720  Bonjour Service - ok
21:09:37.0037 2720  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:09:37.0061 2720  bowser - ok
21:09:37.0095 2720  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:09:37.0172 2720  BrFiltLo - ok
21:09:37.0177 2720  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:09:37.0216 2720  BrFiltUp - ok
21:09:37.0248 2720  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:09:37.0283 2720  Browser - ok
21:09:37.0303 2720  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:09:37.0330 2720  Brserid - ok
21:09:37.0343 2720  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:09:37.0369 2720  BrSerWdm - ok
21:09:37.0387 2720  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:09:37.0418 2720  BrUsbMdm - ok
21:09:37.0423 2720  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:09:37.0440 2720  BrUsbSer - ok
21:09:37.0479 2720  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:09:37.0506 2720  BTHMODEM - ok
21:09:37.0543 2720  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:09:37.0594 2720  bthserv - ok
21:09:37.0611 2720  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:09:37.0653 2720  cdfs - ok
21:09:37.0706 2720  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:09:37.0742 2720  cdrom - ok
21:09:37.0782 2720  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:09:37.0835 2720  CertPropSvc - ok
21:09:37.0869 2720  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:09:37.0906 2720  circlass - ok
21:09:37.0944 2720  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:09:37.0965 2720  CLFS - ok
21:09:38.0029 2720  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:38.0046 2720  clr_optimization_v2.0.50727_32 - ok
21:09:38.0096 2720  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:38.0108 2720  clr_optimization_v2.0.50727_64 - ok
21:09:38.0206 2720  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:38.0268 2720  clr_optimization_v4.0.30319_32 - ok
21:09:38.0290 2720  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:09:38.0305 2720  clr_optimization_v4.0.30319_64 - ok
21:09:38.0331 2720  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:09:38.0360 2720  CmBatt - ok
21:09:38.0386 2720  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:09:38.0402 2720  cmdide - ok
21:09:38.0442 2720  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:09:38.0487 2720  CNG - ok
21:09:38.0522 2720  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:09:38.0535 2720  Compbatt - ok
21:09:38.0566 2720  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:09:38.0595 2720  CompositeBus - ok
21:09:38.0613 2720  COMSysApp - ok
21:09:38.0632 2720  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:09:38.0647 2720  crcdisk - ok
21:09:38.0691 2720  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:09:38.0733 2720  CryptSvc - ok
21:09:38.0770 2720  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
21:09:38.0830 2720  CSC - ok
21:09:38.0867 2720  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
21:09:38.0912 2720  CscService - ok
21:09:38.0946 2720  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:09:39.0020 2720  DcomLaunch - ok
21:09:39.0102 2720  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:09:39.0164 2720  defragsvc - ok
21:09:39.0215 2720  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:09:39.0280 2720  DfsC - ok
21:09:39.0311 2720  [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
21:09:39.0321 2720  DgiVecp - ok
21:09:39.0364 2720  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:09:39.0438 2720  Dhcp - ok
21:09:39.0472 2720  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:09:39.0528 2720  discache - ok
21:09:39.0560 2720  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:09:39.0574 2720  Disk - ok
21:09:39.0626 2720  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:09:39.0672 2720  Dnscache - ok
21:09:39.0708 2720  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:09:39.0750 2720  dot3svc - ok
21:09:39.0793 2720  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:09:39.0884 2720  DPS - ok
21:09:39.0935 2720  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:09:39.0961 2720  drmkaud - ok
21:09:40.0016 2720  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:09:40.0044 2720  DXGKrnl - ok
21:09:40.0119 2720  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
21:09:40.0164 2720  E1G60 - ok
21:09:40.0198 2720  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:09:40.0306 2720  EapHost - ok
21:09:40.0709 2720  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:09:40.0864 2720  ebdrv - ok
21:09:40.0905 2720  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:09:40.0986 2720  EFS - ok
21:09:41.0036 2720  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:09:41.0107 2720  ehRecvr - ok
21:09:41.0163 2720  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:09:41.0195 2720  ehSched - ok
21:09:41.0237 2720  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:09:41.0264 2720  elxstor - ok
21:09:41.0299 2720  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:09:41.0330 2720  ErrDev - ok
21:09:41.0374 2720  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:09:41.0436 2720  EventSystem - ok
21:09:41.0474 2720  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:09:41.0516 2720  exfat - ok
21:09:41.0537 2720  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:09:41.0599 2720  fastfat - ok
21:09:41.0675 2720  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:09:41.0760 2720  Fax - ok
21:09:41.0804 2720  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:09:41.0839 2720  fdc - ok
21:09:41.0876 2720  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:09:41.0937 2720  fdPHost - ok
21:09:41.0954 2720  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:09:42.0005 2720  FDResPub - ok
21:09:42.0043 2720  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:09:42.0056 2720  FileInfo - ok
21:09:42.0071 2720  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:09:42.0135 2720  Filetrace - ok
21:09:42.0154 2720  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:42.0187 2720  flpydisk - ok
21:09:42.0231 2720  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:09:42.0250 2720  FltMgr - ok
21:09:42.0290 2720  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:09:42.0361 2720  FontCache - ok
21:09:42.0404 2720  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:42.0414 2720  FontCache3.0.0.0 - ok
21:09:42.0438 2720  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:09:42.0452 2720  FsDepends - ok
21:09:42.0492 2720  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:09:42.0505 2720  Fs_Rec - ok
21:09:42.0552 2720  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:09:42.0573 2720  fvevol - ok
21:09:42.0589 2720  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:09:42.0619 2720  gagp30kx - ok
21:09:42.0656 2720  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:42.0665 2720  GEARAspiWDM - ok
21:09:42.0758 2720  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:09:42.0849 2720  gpsvc - ok
21:09:42.0923 2720  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:42.0943 2720  gupdate - ok
21:09:42.0952 2720  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:42.0964 2720  gupdatem - ok
21:09:42.0995 2720  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:09:43.0023 2720  hcw85cir - ok
21:09:43.0093 2720  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:09:43.0135 2720  HdAudAddService - ok
21:09:43.0187 2720  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:09:43.0223 2720  HDAudBus - ok
21:09:43.0244 2720  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:09:43.0275 2720  HidBatt - ok
21:09:43.0299 2720  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:09:43.0327 2720  HidBth - ok
21:09:43.0365 2720  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:09:43.0392 2720  HidIr - ok
21:09:43.0452 2720  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:09:43.0518 2720  hidserv - ok
21:09:43.0576 2720  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:09:43.0636 2720  HidUsb - ok
21:09:43.0675 2720  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:09:43.0734 2720  hkmsvc - ok
21:09:43.0779 2720  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:09:43.0822 2720  HomeGroupListener - ok
21:09:43.0862 2720  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:09:43.0889 2720  HomeGroupProvider - ok
21:09:43.0930 2720  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:09:43.0945 2720  HpSAMD - ok
21:09:44.0006 2720  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:09:44.0111 2720  HTTP - ok
21:09:44.0146 2720  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:09:44.0158 2720  hwpolicy - ok
21:09:44.0190 2720  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:09:44.0222 2720  i8042prt - ok
21:09:44.0343 2720  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:09:44.0381 2720  IAANTMON - ok
21:09:44.0426 2720  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:09:44.0450 2720  iaStor - ok
21:09:44.0504 2720  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:09:44.0526 2720  iaStorV - ok
21:09:44.0600 2720  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:44.0670 2720  idsvc - ok
21:09:44.0694 2720  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:09:44.0708 2720  iirsp - ok
21:09:44.0768 2720  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:09:44.0883 2720  IKEEXT - ok
21:09:44.0992 2720  [ 1A6241B70453A6629A83DB942AA6B08C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:09:45.0035 2720  IntcAzAudAddService - ok
21:09:45.0070 2720  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:09:45.0084 2720  intelide - ok
21:09:45.0143 2720  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:09:45.0182 2720  intelppm - ok
21:09:45.0296 2720  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:09:45.0399 2720  IPBusEnum - ok
21:09:45.0432 2720  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:45.0481 2720  IpFilterDriver - ok
21:09:45.0535 2720  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:09:45.0739 2720  iphlpsvc - ok
21:09:45.0771 2720  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:09:45.0794 2720  IPMIDRV - ok
21:09:45.0833 2720  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:09:45.0887 2720  IPNAT - ok
21:09:45.0956 2720  [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:09:46.0004 2720  iPod Service - ok
21:09:46.0031 2720  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:09:46.0056 2720  IRENUM - ok
21:09:46.0094 2720  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:09:46.0107 2720  isapnp - ok
21:09:46.0148 2720  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:09:46.0167 2720  iScsiPrt - ok
21:09:46.0223 2720  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:46.0236 2720  kbdclass - ok
21:09:46.0288 2720  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:46.0346 2720  kbdhid - ok
21:09:46.0363 2720  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:09:46.0377 2720  KeyIso - ok
21:09:46.0417 2720  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:09:46.0432 2720  KSecDD - ok
21:09:46.0478 2720  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:09:46.0501 2720  KSecPkg - ok
21:09:46.0537 2720  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:09:46.0593 2720  ksthunk - ok
21:09:46.0644 2720  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:09:46.0718 2720  KtmRm - ok
21:09:46.0757 2720  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
21:09:46.0787 2720  L1E - ok
21:09:46.0830 2720  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:09:46.0884 2720  LanmanServer - ok
21:09:46.0921 2720  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:09:46.0964 2720  LanmanWorkstation - ok
21:09:46.0998 2720  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:09:47.0052 2720  lltdio - ok
21:09:47.0093 2720  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:09:47.0155 2720  lltdsvc - ok
21:09:47.0592 2720  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:09:47.0875 2720  lmhosts - ok
21:09:47.0903 2720  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:09:47.0919 2720  LSI_FC - ok
21:09:47.0947 2720  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:09:47.0962 2720  LSI_SAS - ok
21:09:47.0976 2720  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:09:47.0991 2720  LSI_SAS2 - ok
21:09:47.0999 2720  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:09:48.0014 2720  LSI_SCSI - ok
21:09:48.0036 2720  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:09:48.0109 2720  luafv - ok
21:09:48.0186 2720  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:09:48.0197 2720  MBAMProtector - ok
21:09:48.0303 2720  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe
21:09:48.0327 2720  MBAMScheduler - ok
21:09:48.0378 2720  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Anti-Malware\mbamservice.exe
21:09:48.0407 2720  MBAMService - ok
21:09:48.0463 2720  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:09:48.0494 2720  Mcx2Svc - ok
21:09:48.0526 2720  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:09:48.0539 2720  megasas - ok
21:09:48.0556 2720  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:09:48.0575 2720  MegaSR - ok
21:09:48.0611 2720  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:09:48.0652 2720  MMCSS - ok
21:09:49.0263 2720  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:09:49.0344 2720  Modem - ok
21:09:49.0370 2720  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:09:49.0402 2720  monitor - ok
21:09:49.0446 2720  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:09:49.0459 2720  mouclass - ok
21:09:49.0465 2720  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:09:49.0493 2720  mouhid - ok
21:09:49.0542 2720  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:09:49.0565 2720  mountmgr - ok
21:09:49.0603 2720  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:09:49.0629 2720  mpio - ok
21:09:49.0662 2720  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:09:49.0755 2720  mpsdrv - ok
21:09:49.0922 2720  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:09:50.0021 2720  MpsSvc - ok
21:09:50.0043 2720  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:09:50.0065 2720  MRxDAV - ok
21:09:50.0102 2720  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:50.0135 2720  mrxsmb - ok
21:09:50.0155 2720  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:50.0205 2720  mrxsmb10 - ok
21:09:50.0234 2720  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:50.0281 2720  mrxsmb20 - ok
21:09:50.0313 2720  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:09:50.0325 2720  msahci - ok
21:09:50.0365 2720  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:09:50.0382 2720  msdsm - ok
21:09:50.0404 2720  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:09:50.0450 2720  MSDTC - ok
21:09:50.0489 2720  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:09:50.0528 2720  Msfs - ok
21:09:50.0567 2720  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:09:50.0628 2720  mshidkmdf - ok
21:09:50.0661 2720  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:09:50.0673 2720  msisadrv - ok
21:09:50.0700 2720  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:09:50.0757 2720  MSiSCSI - ok
21:09:50.0762 2720  msiserver - ok
21:09:50.0804 2720  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:09:50.0861 2720  MSKSSRV - ok
21:09:50.0867 2720  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:50.0913 2720  MSPCLOCK - ok
21:09:50.0919 2720  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:09:50.0964 2720  MSPQM - ok
21:09:51.0023 2720  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:09:51.0056 2720  MsRPC - ok
21:09:51.0097 2720  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:09:51.0112 2720  mssmbios - ok
21:09:51.0140 2720  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:09:51.0193 2720  MSTEE - ok
21:09:51.0199 2720  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:09:51.0223 2720  MTConfig - ok
21:09:51.0246 2720  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:09:51.0259 2720  Mup - ok
21:09:51.0448 2720  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:09:51.0530 2720  napagent - ok
21:09:51.0557 2720  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:09:51.0600 2720  NativeWifiP - ok
21:09:51.0674 2720  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:09:51.0733 2720  NDIS - ok
21:09:51.0772 2720  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:51.0823 2720  NdisCap - ok
21:09:51.0851 2720  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:51.0899 2720  NdisTapi - ok
21:09:51.0952 2720  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:52.0003 2720  Ndisuio - ok
21:09:52.0034 2720  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:52.0076 2720  NdisWan - ok
21:09:52.0111 2720  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:09:52.0150 2720  NDProxy - ok
21:09:52.0166 2720  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:09:52.0219 2720  NetBIOS - ok
21:09:52.0255 2720  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:09:52.0342 2720  NetBT - ok
21:09:52.0367 2720  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:09:52.0381 2720  Netlogon - ok
21:09:52.0425 2720  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:09:52.0485 2720  Netman - ok
21:09:52.0497 2720  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:09:52.0566 2720  netprofm - ok
21:09:52.0596 2720  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:09:52.0608 2720  NetTcpPortSharing - ok
21:09:52.0777 2720  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
21:09:52.0956 2720  netw5v64 - ok
21:09:53.0053 2720  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:09:53.0074 2720  nfrd960 - ok
21:09:53.0140 2720  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:09:53.0191 2720  NlaSvc - ok
21:09:53.0213 2720  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:09:53.0254 2720  Npfs - ok
21:09:53.0282 2720  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:09:53.0335 2720  nsi - ok
21:09:53.0380 2720  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:09:53.0495 2720  nsiproxy - ok
21:09:53.0574 2720  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:09:53.0674 2720  Ntfs - ok
21:09:53.0700 2720  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:09:53.0757 2720  Null - ok
21:09:53.0820 2720  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:09:53.0833 2720  NVHDA - ok
21:09:54.0148 2720  [ 24F526274353FF7BB93D99D238E582DA ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:54.0353 2720  nvlddmkm - ok
21:09:54.0401 2720  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:09:54.0419 2720  nvraid - ok
21:09:54.0448 2720  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:09:54.0464 2720  nvstor - ok
21:09:54.0519 2720  [ AAD3B6F3E5B9FE1D29BF627904F6120F ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:09:54.0559 2720  nvsvc - ok
21:09:54.0602 2720  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:09:54.0617 2720  nv_agp - ok
21:09:54.0669 2720  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:09:54.0698 2720  ohci1394 - ok
21:09:54.0731 2720  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:09:54.0769 2720  p2pimsvc - ok
21:09:54.0818 2720  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:09:54.0860 2720  p2psvc - ok
21:09:54.0904 2720  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:09:54.0943 2720  Parport - ok
21:09:54.0984 2720  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:09:54.0997 2720  partmgr - ok
21:09:55.0011 2720  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:09:55.0044 2720  PcaSvc - ok
21:09:55.0071 2720  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:09:55.0087 2720  pci - ok
21:09:55.0165 2720  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:09:55.0187 2720  pciide - ok
21:09:55.0230 2720  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:09:55.0248 2720  pcmcia - ok
21:09:55.0267 2720  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:09:55.0280 2720  pcw - ok
21:09:55.0310 2720  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:09:55.0398 2720  PEAUTH - ok
21:09:55.0650 2720  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:09:55.0758 2720  PeerDistSvc - ok
21:09:55.0899 2720  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:09:55.0955 2720  PerfHost - ok
21:09:56.0030 2720  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:09:56.0167 2720  pla - ok
21:09:56.0244 2720  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:09:56.0278 2720  PlugPlay - ok
21:09:56.0302 2720  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:09:56.0328 2720  PNRPAutoReg - ok
21:09:56.0354 2720  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:09:56.0372 2720  PNRPsvc - ok
21:09:56.0583 2720  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:09:56.0679 2720  PolicyAgent - ok
21:09:56.0743 2720  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:09:56.0811 2720  Power - ok
21:09:56.0862 2720  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:09:56.0934 2720  PptpMiniport - ok
21:09:56.0981 2720  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:09:56.0996 2720  Processor - ok
21:09:57.0043 2720  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:09:57.0062 2720  ProfSvc - ok
21:09:57.0082 2720  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:09:57.0096 2720  ProtectedStorage - ok
21:09:57.0138 2720  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:09:57.0191 2720  Psched - ok
21:09:57.0272 2720  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:09:57.0359 2720  ql2300 - ok
21:09:57.0467 2720  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:09:57.0492 2720  ql40xx - ok
21:09:57.0552 2720  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:09:57.0586 2720  QWAVE - ok
21:09:57.0615 2720  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:09:57.0649 2720  QWAVEdrv - ok
21:09:57.0713 2720  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:09:57.0774 2720  RasAcd - ok
21:09:57.0810 2720  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:57.0865 2720  RasAgileVpn - ok
21:09:57.0904 2720  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:09:57.0953 2720  RasAuto - ok
21:09:57.0986 2720  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:58.0038 2720  Rasl2tp - ok
21:09:58.0074 2720  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:09:58.0132 2720  RasMan - ok
21:09:58.0309 2720  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:58.0366 2720  RasPppoe - ok
21:09:58.0382 2720  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:09:58.0438 2720  RasSstp - ok
21:09:58.0478 2720  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:09:58.0543 2720  rdbss - ok
21:09:58.0596 2720  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:09:58.0641 2720  rdpbus - ok
21:09:58.0662 2720  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:58.0735 2720  RDPCDD - ok
21:09:58.0779 2720  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:09:58.0796 2720  RDPDR - ok
21:09:58.0814 2720  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:09:58.0870 2720  RDPENCDD - ok
21:09:58.0892 2720  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:09:58.0970 2720  RDPREFMP - ok
21:09:59.0035 2720  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:09:59.0069 2720  RdpVideoMiniport - ok
21:09:59.0108 2720  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:09:59.0136 2720  RDPWD - ok
21:09:59.0182 2720  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:09:59.0199 2720  rdyboost - ok
21:09:59.0223 2720  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:09:59.0280 2720  RemoteAccess - ok
21:09:59.0332 2720  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:09:59.0390 2720  RemoteRegistry - ok
21:09:59.0427 2720  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:09:59.0482 2720  RpcEptMapper - ok
21:09:59.0525 2720  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:09:59.0566 2720  RpcLocator - ok
21:09:59.0604 2720  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:09:59.0648 2720  RpcSs - ok
21:09:59.0734 2720  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:09:59.0832 2720  rspndr - ok
21:09:59.0855 2720  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:09:59.0875 2720  s3cap - ok
21:09:59.0895 2720  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:09:59.0908 2720  SamSs - ok
21:09:59.0935 2720  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:09:59.0951 2720  sbp2port - ok
21:09:59.0980 2720  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:10:00.0057 2720  SCardSvr - ok
21:10:00.0090 2720  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:10:00.0143 2720  scfilter - ok
21:10:00.0220 2720  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:10:00.0316 2720  Schedule - ok
21:10:00.0586 2720  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:10:00.0640 2720  SCPolicySvc - ok
21:10:00.0723 2720  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:10:00.0828 2720  SDRSVC - ok
21:10:00.0880 2720  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:10:00.0942 2720  secdrv - ok
21:10:00.0973 2720  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:10:01.0014 2720  seclogon - ok
21:10:01.0047 2720  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:10:01.0156 2720  SENS - ok
21:10:01.0246 2720  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:10:01.0317 2720  SensrSvc - ok
21:10:01.0368 2720  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:10:01.0385 2720  Serenum - ok
21:10:01.0405 2720  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:10:01.0442 2720  Serial - ok
21:10:01.0473 2720  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:10:01.0505 2720  sermouse - ok
21:10:01.0697 2720  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:10:01.0792 2720  SessionEnv - ok
21:10:01.0820 2720  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:10:01.0848 2720  sffdisk - ok
21:10:01.0858 2720  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:10:01.0875 2720  sffp_mmc - ok
21:10:01.0880 2720  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:10:01.0898 2720  sffp_sd - ok
21:10:01.0928 2720  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:10:01.0958 2720  sfloppy - ok
21:10:01.0992 2720  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:10:02.0037 2720  SharedAccess - ok
21:10:02.0097 2720  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:10:02.0172 2720  ShellHWDetection - ok
21:10:02.0195 2720  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:10:02.0209 2720  SiSRaid2 - ok
21:10:02.0228 2720  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:10:02.0243 2720  SiSRaid4 - ok
21:10:02.0297 2720  [ C205EE85FB05593FDF29F1B6C1553A04 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:10:02.0311 2720  SkypeUpdate - ok
21:10:02.0360 2720  [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
21:10:02.0369 2720  SmartDefragDriver - ok
21:10:02.0405 2720  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:10:02.0458 2720  Smb - ok
21:10:02.0508 2720  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:10:02.0542 2720  SNMPTRAP - ok
21:10:02.0574 2720  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:10:02.0587 2720  spldr - ok
21:10:02.0697 2720  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:10:02.0765 2720  Spooler - ok
21:10:02.0881 2720  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:10:03.0039 2720  sppsvc - ok
21:10:03.0179 2720  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:10:03.0279 2720  sppuinotify - ok
21:10:03.0392 2720  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:10:03.0504 2720  srv - ok
21:10:03.0532 2720  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:10:03.0575 2720  srv2 - ok
21:10:03.0610 2720  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:10:03.0642 2720  SrvHsfHDA - ok
21:10:03.0693 2720  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:10:03.0788 2720  SrvHsfV92 - ok
21:10:03.0823 2720  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:10:03.0877 2720  SrvHsfWinac - ok
21:10:03.0903 2720  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:10:03.0929 2720  srvnet - ok
21:10:03.0971 2720  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:10:04.0032 2720  SSDPSRV - ok
21:10:04.0087 2720  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
21:10:04.0098 2720  SSPORT - ok
21:10:04.0174 2720  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:10:04.0229 2720  SstpSvc - ok
21:10:04.0259 2720  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:10:04.0273 2720  stexstor - ok
21:10:04.0327 2720  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:10:04.0380 2720  stisvc - ok
21:10:04.0754 2720  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:10:04.0778 2720  storflt - ok
21:10:04.0854 2720  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:10:04.0876 2720  storvsc - ok
21:10:04.0908 2720  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:10:04.0920 2720  swenum - ok
21:10:04.0962 2720  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:10:05.0061 2720  swprv - ok
21:10:05.0097 2720  Synth3dVsc - ok
21:10:05.0176 2720  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:10:05.0274 2720  SysMain - ok
21:10:05.0306 2720  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:10:05.0348 2720  TabletInputService - ok
21:10:05.0391 2720  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:10:05.0465 2720  TapiSrv - ok
21:10:05.0491 2720  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:10:05.0542 2720  TBS - ok
21:10:05.0631 2720  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:10:05.0723 2720  Tcpip - ok
21:10:05.0784 2720  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:10:05.0827 2720  TCPIP6 - ok
21:10:05.0886 2720  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:10:05.0908 2720  tcpipreg - ok
21:10:06.0004 2720  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:10:06.0026 2720  TDPIPE - ok
21:10:06.0094 2720  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:10:06.0123 2720  TDTCP - ok
21:10:06.0167 2720  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:10:06.0228 2720  tdx - ok
21:10:06.0274 2720  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:10:06.0287 2720  TermDD - ok
21:10:06.0512 2720  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:10:06.0634 2720  TermService - ok
21:10:06.0876 2720  [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes          C:\Windows\system32\themeservice.dll
21:10:06.0884 2720  Themes ( UnsignedFile.Multi.Generic ) - warning
21:10:06.0885 2720  Themes - detected UnsignedFile.Multi.Generic (1)
21:10:06.0912 2720  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:10:06.0954 2720  THREADORDER - ok
21:10:06.0977 2720  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:10:07.0034 2720  TrkWks - ok
21:10:07.0148 2720  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:10:07.0248 2720  TrustedInstaller - ok
21:10:07.0290 2720  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:07.0340 2720  tssecsrv - ok
21:10:07.0374 2720  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:10:07.0399 2720  TsUsbFlt - ok
21:10:07.0404 2720  tsusbhub - ok
21:10:07.0472 2720  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:10:07.0516 2720  tunnel - ok
21:10:07.0546 2720  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:10:07.0561 2720  uagp35 - ok
21:10:07.0606 2720  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:10:07.0658 2720  udfs - ok
21:10:07.0696 2720  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:10:07.0730 2720  UI0Detect - ok
21:10:07.0786 2720  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:10:07.0801 2720  uliagpkx - ok
21:10:07.0830 2720  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:10:07.0854 2720  umbus - ok
21:10:07.0886 2720  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:10:07.0941 2720  UmPass - ok
21:10:07.0966 2720  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
21:10:08.0001 2720  UmRdpService - ok
21:10:08.0043 2720  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:10:08.0119 2720  upnphost - ok
21:10:08.0175 2720  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:10:08.0199 2720  USBAAPL64 - ok
21:10:08.0235 2720  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:08.0251 2720  usbccgp - ok
21:10:08.0299 2720  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:10:08.0333 2720  usbcir - ok
21:10:08.0390 2720  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:10:08.0431 2720  usbehci - ok
21:10:08.0460 2720  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:10:08.0479 2720  usbhub - ok
21:10:08.0512 2720  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:10:08.0544 2720  usbohci - ok
21:10:08.0610 2720  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:10:08.0639 2720  usbprint - ok
21:10:08.0679 2720  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:08.0709 2720  USBSTOR - ok
21:10:08.0781 2720  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:10:08.0808 2720  usbuhci - ok
21:10:08.0864 2720  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:10:08.0913 2720  usbvideo - ok
21:10:08.0965 2720  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:10:09.0024 2720  UxSms - ok
21:10:09.0045 2720  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:10:09.0059 2720  VaultSvc - ok
21:10:09.0112 2720  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:10:09.0126 2720  vdrvroot - ok
21:10:09.0630 2720  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:10:09.0734 2720  vds - ok
21:10:09.0793 2720  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:09.0826 2720  vga - ok
21:10:09.0847 2720  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:10:09.0906 2720  VgaSave - ok
21:10:09.0927 2720  VGPU - ok
21:10:09.0981 2720  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:10:09.0998 2720  vhdmp - ok
21:10:10.0021 2720  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:10:10.0034 2720  viaide - ok
21:10:10.0091 2720  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:10:10.0108 2720  vmbus - ok
21:10:10.0125 2720  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:10:10.0150 2720  VMBusHID - ok
21:10:10.0175 2720  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:10:10.0189 2720  volmgr - ok
21:10:10.0305 2720  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:10:10.0331 2720  volmgrx - ok
21:10:10.0368 2720  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:10:10.0387 2720  volsnap - ok
21:10:10.0425 2720  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:10:10.0443 2720  vsmraid - ok
21:10:10.0518 2720  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:10:10.0657 2720  VSS - ok
21:10:10.0685 2720  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:10:10.0716 2720  vwifibus - ok
21:10:10.0755 2720  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:10:10.0803 2720  W32Time - ok
21:10:10.0869 2720  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:10:10.0891 2720  WacomPen - ok
21:10:10.0940 2720  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:10:10.0980 2720  WANARP - ok
21:10:10.0986 2720  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:10:11.0027 2720  Wanarpv6 - ok
21:10:11.0125 2720  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:10:11.0206 2720  wbengine - ok
21:10:11.0237 2720  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:10:11.0261 2720  WbioSrvc - ok
21:10:11.0296 2720  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:10:11.0324 2720  wcncsvc - ok
21:10:11.0354 2720  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:10:11.0380 2720  WcsPlugInService - ok
21:10:11.0410 2720  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:10:11.0423 2720  Wd - ok
21:10:11.0488 2720  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:10:11.0558 2720  Wdf01000 - ok
21:10:11.0575 2720  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:10:11.0670 2720  WdiServiceHost - ok
21:10:11.0674 2720  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:10:11.0696 2720  WdiSystemHost - ok
21:10:11.0741 2720  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:10:11.0782 2720  WebClient - ok
21:10:11.0826 2720  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:10:11.0918 2720  Wecsvc - ok
21:10:11.0935 2720  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:10:11.0979 2720  wercplsupport - ok
21:10:11.0990 2720  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:10:12.0034 2720  WerSvc - ok
21:10:12.0055 2720  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:10:12.0096 2720  WfpLwf - ok
21:10:12.0114 2720  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:10:12.0129 2720  WIMMount - ok
21:10:12.0164 2720  [ 54D68B92DC59FBBA95919C804A7C3E07 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
21:10:12.0190 2720  winbondcir - ok
21:10:12.0207 2720  WinDefend - ok
21:10:12.0214 2720  WinHttpAutoProxySvc - ok
21:10:12.0284 2720  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:10:12.0398 2720  Winmgmt - ok
21:10:12.0862 2720  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:10:12.0992 2720  WinRM - ok
21:10:13.0076 2720  [ FE88B288356E7B47B74B13372ADD906D ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
21:10:13.0112 2720  winusb - ok
21:10:13.0162 2720  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:10:13.0228 2720  Wlansvc - ok
21:10:13.0273 2720  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:10:13.0287 2720  WmiAcpi - ok
21:10:13.0322 2720  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:10:13.0353 2720  wmiApSrv - ok
21:10:13.0414 2720  WMPNetworkSvc - ok
21:10:13.0576 2720  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:10:13.0597 2720  WPCSvc - ok
21:10:13.0647 2720  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:10:13.0675 2720  WPDBusEnum - ok
21:10:13.0707 2720  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:10:13.0759 2720  ws2ifsl - ok
21:10:13.0787 2720  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:10:13.0826 2720  wscsvc - ok
21:10:13.0915 2720  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:10:14.0026 2720  wuauserv - ok
21:10:14.0169 2720  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:10:14.0200 2720  WudfPf - ok
21:10:14.0256 2720  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:14.0307 2720  WUDFRd - ok
21:10:14.0338 2720  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:10:14.0357 2720  wudfsvc - ok
21:10:14.0419 2720  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:10:14.0480 2720  WwanSvc - ok
21:10:14.0499 2720  ================ Scan global ===============================
21:10:14.0519 2720  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:10:14.0548 2720  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:10:14.0569 2720  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:10:14.0592 2720  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:10:14.0632 2720  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:10:14.0638 2720  [Global] - ok
21:10:14.0638 2720  ================ Scan MBR ==================================
21:10:14.0669 2720  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:10:16.0339 2720  \Device\Harddisk0\DR0 - ok
21:10:16.0339 2720  ================ Scan VBR ==================================
21:10:16.0429 2720  [ 02427ECBE8A356FC262CF4FF523E21C2 ] \Device\Harddisk0\DR0\Partition1
21:10:16.0432 2720  \Device\Harddisk0\DR0\Partition1 - ok
21:10:16.0934 2720  [ 9AC544CD5D43A5721988D52A067D7CC9 ] \Device\Harddisk0\DR0\Partition2
21:10:16.0936 2720  \Device\Harddisk0\DR0\Partition2 - ok
21:10:16.0937 2720  ============================================================
21:10:16.0937 2720  Scan finished
21:10:16.0937 2720  ============================================================
21:10:16.0954 2568  Detected object count: 1
21:10:16.0954 2568  Actual detected object count: 1
21:11:08.0171 2568  Themes ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:08.0171 2568  Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

HAL6996 ( ° )

Alt 22.03.2013, 10:15   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 11:01   #13
HAL6996
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



Hallo cosinus!

Hier der ComboFix Log

Code:
ATTFilter
ComboFix 13-03-21.02 - HAL9000 22.03.2013  11:43:53.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4061.2798 [GMT 1:00]
ausgeführt von:: d:\download\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1363603086.bdinstall.bin
c:\users\Daniel\AppData\Roaming\system32
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-22 bis 2013-03-22  ))))))))))))))))))))))))))))))
.
.
2013-03-22 10:48 . 2013-03-22 10:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-22 10:47 . 2013-03-22 10:47	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4B2C6D-75DE-48AD-9683-C6F18B19F4D5}\offreg.dll
2013-03-22 10:12 . 2013-03-22 10:12	--------	d-----w-	c:\program files (x86)\Realtek
2013-03-22 10:00 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4B2C6D-75DE-48AD-9683-C6F18B19F4D5}\mpengine.dll
2013-03-19 23:48 . 2013-03-19 23:49	--------	d-----w-	c:\program files (x86)\Secure Banking
2013-03-19 21:23 . 2013-02-18 11:18	460888	----a-w-	c:\windows\system32\drivers\40872330.sys
2013-03-19 09:42 . 2013-03-19 09:42	--------	d-----w-	c:\programdata\Kaspersky Lab
2013-03-19 08:54 . 2013-03-19 08:54	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-03-19 08:53 . 2013-03-19 08:53	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-19 08:53 . 2013-03-20 10:55	--------	d-----w-	c:\program files (x86)\Anti-Malware
2013-03-19 08:53 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-19 08:49 . 2013-03-19 08:49	--------	d-----w-	c:\users\Daniel\AppData\Local\Programs
2013-03-18 10:39 . 2013-03-18 10:39	--------	d-----w-	c:\program files\Bitdefender
2013-03-18 10:37 . 2013-03-18 10:38	--------	d-----w-	c:\program files\Common Files\Bitdefender
2013-03-18 10:31 . 2013-03-18 10:31	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-03-18 10:31 . 2013-03-18 10:31	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-18 10:31 . 2013-03-18 10:31	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-18 09:36 . 2013-03-18 10:43	--------	d-----w-	c:\users\Daniel\AppData\Roaming\QuickScan
2013-03-18 09:34 . 2013-03-18 09:34	--------	d-----w-	c:\program files\NVIDIA Corporation
2013-03-17 14:15 . 2013-03-17 17:19	--------	d-----w-	c:\users\Daniel\AppData\Local\http___www.julien-manici
2013-03-17 10:05 . 2013-03-22 00:21	--------	d-----w-	c:\users\Daniel\AppData\Local\Spotify
2013-03-17 10:04 . 2013-03-22 00:26	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Spotify
2013-03-12 22:21 . 2013-03-12 22:21	--------	d-----w-	c:\windows\ehome
2013-03-12 22:21 . 2013-03-12 22:21	--------	d-----w-	c:\users\Default\AppData\Roaming\Media Center Programs
2013-03-12 21:57 . 2013-03-12 21:57	--------	d-----w-	c:\users\Daniel\AppData\Roaming\ArcSoft
2013-03-12 21:57 . 2006-09-18 07:50	22784	----a-w-	c:\windows\SysWow64\drivers\afc.sys
2013-03-12 21:49 . 2013-03-12 21:49	28672	----a-w-	c:\windows\system32\AF15BDAEX.dll
2013-03-12 21:49 . 2013-03-12 21:49	126	----a-w-	c:\windows\system32\AF15IRTBL.bin
2013-03-12 21:49 . 2013-03-12 21:49	507392	----a-w-	c:\windows\system32\drivers\AF15BDA.sys
2013-03-11 10:43 . 2013-03-11 10:43	--------	d-----w-	c:\programdata\Local Settings
2013-03-10 15:33 . 2012-05-08 17:34	32600	----a-w-	c:\windows\system32\SmartDefragBootTime.exe
2013-03-10 15:33 . 2013-03-10 15:33	--------	d-----w-	c:\programdata\IObit
2013-03-10 15:33 . 2013-03-10 15:33	--------	d-----w-	c:\users\Daniel\AppData\Roaming\IObit
2013-03-10 15:33 . 2010-11-26 17:02	17720	----a-w-	c:\windows\system32\drivers\SmartDefragDriver.sys
2013-03-10 15:33 . 2013-03-10 15:33	--------	d-----w-	c:\program files (x86)\IObit
2013-03-09 14:07 . 2013-03-09 14:07	--------	d-----w-	c:\users\Daniel\AppData\Roaming\OpenOffice.org
2013-03-09 14:05 . 2013-03-09 14:05	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2013-03-09 12:31 . 2013-03-09 12:31	--------	d-----w-	c:\users\Daniel\AppData\Roaming\dvdcss
2013-03-09 11:43 . 2013-03-12 23:04	--------	d-----w-	c:\users\Daniel\AppData\Roaming\vlc
2013-03-09 11:39 . 2013-03-09 11:39	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-03-09 11:24 . 2013-03-09 11:24	--------	d-----w-	c:\users\Daniel\AppData\Roaming\DL
2013-03-09 11:23 . 2013-03-09 11:30	--------	d-----w-	c:\users\Daniel\.Zettelkasten
2013-03-09 10:32 . 2013-03-09 10:32	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-03-08 19:46 . 2013-03-08 19:46	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-03-08 17:00 . 2013-03-08 17:00	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Thunderbird
2013-03-08 17:00 . 2013-03-08 17:00	--------	d-----w-	c:\users\Daniel\AppData\Local\Thunderbird
2013-03-08 16:49 . 2013-03-21 21:56	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Skype
2013-03-08 16:49 . 2013-03-08 16:49	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-03-08 16:49 . 2013-03-08 16:49	--------	d-----r-	c:\program files (x86)\Skype
2013-03-08 16:49 . 2013-03-08 16:49	--------	d-----w-	c:\programdata\Skype
2013-03-08 10:38 . 2013-03-08 10:54	--------	d-----w-	c:\users\Daniel\AppData\Roaming\WindSolutions
2013-03-08 10:38 . 2013-03-08 10:41	--------	d-----w-	c:\programdata\WindSolutions
2013-03-08 02:07 . 2013-03-08 02:07	--------	d-----w-	c:\program files\CCleaner
2013-03-08 01:47 . 2013-01-13 19:53	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-03-08 01:46 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-03-08 01:46 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-03-08 01:46 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-03-08 01:46 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-03-08 01:46 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-03-08 01:46 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-03-08 01:46 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-03-08 01:46 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-03-08 01:46 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-03-08 00:30 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-03-08 00:30 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-03-08 00:30 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-03-08 00:30 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-03-08 00:27 . 2010-11-20 13:27	2851840	----a-w-	c:\windows\system32\themeui.dll.backup
2013-03-08 00:27 . 2009-07-14 01:41	44544	----a-w-	c:\windows\system32\themeservice.dll.backup
2013-03-08 00:27 . 2009-07-14 01:41	332288	----a-w-	c:\windows\system32\uxtheme.dll.backup
2013-03-08 00:25 . 2013-03-08 00:25	--------	d-----w-	c:\program files (x86)\7-Zip
2013-03-08 00:24 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24 . 2013-03-08 00:42	--------	d-----w-	c:\windows\system32\appmgmt
2013-03-08 00:15 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-03-08 00:15 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-03-08 00:15 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-03-08 00:15 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-03-08 00:15 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-03-08 00:15 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-03-08 00:15 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-03-08 00:15 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-03-08 00:15 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-03-08 00:15 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-03-08 00:15 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-03-08 00:08 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-03-08 00:08 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-03-08 00:03 . 2013-03-08 00:03	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-07 23:29 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-07 23:29 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-07 23:29 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-07 23:29 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-07 23:29 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-03-07 23:29 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-03-07 23:27 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-03-07 23:27 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-03-07 23:27 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2013-03-07 23:27 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-03-07 23:27 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-03-07 23:27 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 10:31 . 2012-01-31 06:11	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-08 00:27 . 2012-01-24 16:37	2851840	----a-w-	c:\windows\system32\themeui.dll
2013-03-08 00:27 . 2009-07-13 23:54	44544	----a-w-	c:\windows\system32\themeservice.dll
2013-03-08 00:27 . 2009-07-13 23:55	332288	----a-w-	c:\windows\system32\uxtheme.dll
2013-03-08 00:03 . 2012-01-03 12:49	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 13:53 . 2009-10-14 05:12	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-02-18 08:22 . 2013-02-18 08:22	31080	----a-w-	c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2013-02-18 08:22	1472360	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22	72552	----a-w-	c:\windows\system32\nvapo64v.dll
2013-02-18 08:22 . 2013-02-18 08:22	189288	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-20 08:31	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-20 08:31	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-20 08:31	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-20 08:31	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-20 08:31	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-20 08:31	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2009-10-14 05:13	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-08 00:07	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"64428"="c:\progra~3\dxoidaj.exe" [2010-11-20 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"1781466620"= 504b0304c1c4d969fc052f6a1204000000300000bdb4b115d2af6be88d0dc594ffffd90db7914a288095f40bbdda47aadabf662c9fb3ba34f4f2df6c8cf1f53cf3a1be08728e78783fb49269354839f8861f6a053dd0a09bfa896646414abb20a4f91ec9a2502fbe27793e723d518f9d356536e640d14262950c781337718d356909c886b71513367f09eccd113321d9265616540806e871d36d0e92dc4356d3348ad64910bac1fcd25b5358502d6809e0b979b4a1d0ebdb1e165f99740c16a5c83a9d17f5668ad2cb3dabfa36916af7cd5b8c045b63acf1516c9140be766d0e7796d132de104d86266f38c85b7fc8ed7cf62461722cec1f77bfe90de1939ed304231e541181008cc16625a639fec26346c3bea270573e77f08adc907c5881e2e8e0db9a2db0ce72b0de6ba1605a2c427ceebf13673b12e14eed8b42da2a2ac59b6150c53655cd2f0c0bbb7d72edf110bfe36995941f27cdee3381c6cbfea5f4175d68e135bfac0866055239313362db5db3914fcd0f2d417c1c00224bfeb90f71c742fb29221a96338ddb41aaee98b887dc4af7b6c32ce2257a29ee876550f605778c201d92c9b129c55cae25a61c5422285712ca007c7380325536631e5eab3f68c6c48029eec65003315a36517d38d5da65d76e38ac61860f0e19be51b7ef684be92512759c1f6a183aae945ea4e2c4a8b8562a27388edbd169c8770bd6e0c4033635a311554aa846c14454895413a104296e2fb46e2dbe00d97b6b830f754471efe6772c6e87f0e9316bc620147a7cf098206bd614b9ce01b6d149b7c27f1c82520ae0248a8e687f2d11ff37ed97486b89a4f895154a6c3b37404bc285b0d658203b2751b10768a7b33641cd8a6a787149f87f59a889a65e0dd943816479452597d21c739a2be6575a91bc0b343a208572272b892842d78a5585d7805dd6f8f450c843f80b1884d29a9a3a7cbd377edcf3d3f25af4134d6c56f6e810dd15d451fd3a8d3b6b92c263bcea9f74d4e8dbb97fccb7ef2f4e02330cbae645c9584ce10d3bd6bd6e46c8cd2ccf5ecd692a6f44dab739b06411b8ad0e93e9374f61ec0305239a81a5fbc46b7fd0b9630ea0e39e54561dfe098263a86d85c2283862c62749b3d69ce2ac15628ccbc5b2b81de5bd7360216190729cbabbe717db6ce41cb7f69f48491a6963810b6c3b8917c1f8bc021ed32ec1b86c04369ec50eb4476e1c247021af0659390a809e1a1b0b50e980f0447a217b0c166461e504fb2425d9bbcfb4a667ce00d5cc2356754dd97cc21e2258a9379211026cca4c354476868e3437643d1160363e3990151322d4d0640683ddda0bcce80bcb65b19a9d1f054f5a5ee70a979a4a897c3af504913ba3ed1d5b9a94a2910850b35ff65724ccd0168cc422d72224f48d94a3c31079a9bb6f60313bd41eb79da58359274d6334dd0dc8d23e1f87159bc2902c6a3858e550c68bb89df234dcff2710541036cb3c0c67c60007449b
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Anti-Malware\mbamservice.exe [2012-12-14 682344]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
S0 40872330;40872330;c:\windows\system32\DRIVERS\40872330.sys [2013-02-18 460888]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 09:14	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:11]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:11]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 83.169.184.33 192.168.0.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpaxita.info
FF - ExtSQL: 2013-02-14 16:41; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-687046182-1720888418-2620476028-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,7c,a4,b3,a5,bf,57,d6,cc,00,39,64,ec,f4,cc,9d,1c,a4,47,91,a9,
   63,86,07,8d,36,9d,ec,18,ee,2c,73,4e,3f,d8,42,24,0c,11,6e,4e,61,da,f5,82,83,\
"rkeysecu"=hex:21,1b,fa,2b,9c,f0,f2,1d,72,a5,69,33,06,a7,6d,4a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-22  11:50:44
ComboFix-quarantined-files.txt  2013-03-22 10:50
.
Vor Suchlauf: 11 Verzeichnis(se), 105.045.975.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 104.972.849.152 Bytes frei
.
- - End Of File - - 0981165310ED33DD0894F766BF7AEDB9
         

Nachtrag ComboFix vom Desktop aus:

Log

Code:
ATTFilter
ComboFix 13-03-21.02 - HAL9000 22.03.2013  12:06:50.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4061.2597 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-22 bis 2013-03-22  ))))))))))))))))))))))))))))))
.
.
2013-03-22 11:10 . 2013-03-22 11:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-22 10:47 . 2013-03-22 10:47	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4B2C6D-75DE-48AD-9683-C6F18B19F4D5}\offreg.dll
2013-03-22 10:12 . 2013-03-22 10:12	--------	d-----w-	c:\program files (x86)\Realtek
2013-03-22 10:00 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4B2C6D-75DE-48AD-9683-C6F18B19F4D5}\mpengine.dll
2013-03-19 23:48 . 2013-03-19 23:49	--------	d-----w-	c:\program files (x86)\Secure Banking
2013-03-19 21:23 . 2013-02-18 11:18	460888	----a-w-	c:\windows\system32\drivers\40872330.sys
2013-03-19 09:42 . 2013-03-19 09:42	--------	d-----w-	c:\programdata\Kaspersky Lab
2013-03-19 08:54 . 2013-03-19 08:54	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-03-19 08:53 . 2013-03-19 08:53	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-19 08:53 . 2013-03-20 10:55	--------	d-----w-	c:\program files (x86)\Anti-Malware
2013-03-19 08:53 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-19 08:49 . 2013-03-19 08:49	--------	d-----w-	c:\users\Daniel\AppData\Local\Programs
2013-03-18 10:39 . 2013-03-18 10:39	--------	d-----w-	c:\program files\Bitdefender
2013-03-18 10:37 . 2013-03-18 10:38	--------	d-----w-	c:\program files\Common Files\Bitdefender
2013-03-18 10:31 . 2013-03-18 10:31	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-03-18 10:31 . 2013-03-18 10:31	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-18 10:31 . 2013-03-18 10:31	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-18 09:36 . 2013-03-18 10:43	--------	d-----w-	c:\users\Daniel\AppData\Roaming\QuickScan
2013-03-18 09:34 . 2013-03-18 09:34	--------	d-----w-	c:\program files\NVIDIA Corporation
2013-03-17 14:15 . 2013-03-17 17:19	--------	d-----w-	c:\users\Daniel\AppData\Local\http___www.julien-manici
2013-03-17 10:05 . 2013-03-22 00:21	--------	d-----w-	c:\users\Daniel\AppData\Local\Spotify
2013-03-17 10:04 . 2013-03-22 00:26	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Spotify
2013-03-12 22:21 . 2013-03-12 22:21	--------	d-----w-	c:\windows\ehome
2013-03-12 22:21 . 2013-03-12 22:21	--------	d-----w-	c:\users\Default\AppData\Roaming\Media Center Programs
2013-03-12 21:57 . 2013-03-12 21:57	--------	d-----w-	c:\users\Daniel\AppData\Roaming\ArcSoft
2013-03-12 21:57 . 2006-09-18 07:50	22784	----a-w-	c:\windows\SysWow64\drivers\afc.sys
2013-03-12 21:49 . 2013-03-12 21:49	28672	----a-w-	c:\windows\system32\AF15BDAEX.dll
2013-03-12 21:49 . 2013-03-12 21:49	126	----a-w-	c:\windows\system32\AF15IRTBL.bin
2013-03-12 21:49 . 2013-03-12 21:49	507392	----a-w-	c:\windows\system32\drivers\AF15BDA.sys
2013-03-11 10:43 . 2013-03-11 10:43	--------	d-----w-	c:\programdata\Local Settings
2013-03-10 15:33 . 2012-05-08 17:34	32600	----a-w-	c:\windows\system32\SmartDefragBootTime.exe
2013-03-10 15:33 . 2013-03-10 15:33	--------	d-----w-	c:\programdata\IObit
2013-03-10 15:33 . 2013-03-10 15:33	--------	d-----w-	c:\users\Daniel\AppData\Roaming\IObit
2013-03-10 15:33 . 2010-11-26 17:02	17720	----a-w-	c:\windows\system32\drivers\SmartDefragDriver.sys
2013-03-10 15:33 . 2013-03-10 15:33	--------	d-----w-	c:\program files (x86)\IObit
2013-03-09 14:07 . 2013-03-09 14:07	--------	d-----w-	c:\users\Daniel\AppData\Roaming\OpenOffice.org
2013-03-09 14:05 . 2013-03-09 14:05	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2013-03-09 12:31 . 2013-03-09 12:31	--------	d-----w-	c:\users\Daniel\AppData\Roaming\dvdcss
2013-03-09 11:43 . 2013-03-12 23:04	--------	d-----w-	c:\users\Daniel\AppData\Roaming\vlc
2013-03-09 11:39 . 2013-03-09 11:39	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-03-09 11:24 . 2013-03-09 11:24	--------	d-----w-	c:\users\Daniel\AppData\Roaming\DL
2013-03-09 11:23 . 2013-03-09 11:30	--------	d-----w-	c:\users\Daniel\.Zettelkasten
2013-03-09 10:32 . 2013-03-09 10:32	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-03-08 19:46 . 2013-03-08 19:46	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-03-08 17:00 . 2013-03-08 17:00	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Thunderbird
2013-03-08 17:00 . 2013-03-08 17:00	--------	d-----w-	c:\users\Daniel\AppData\Local\Thunderbird
2013-03-08 16:49 . 2013-03-21 21:56	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Skype
2013-03-08 16:49 . 2013-03-08 16:49	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-03-08 16:49 . 2013-03-08 16:49	--------	d-----r-	c:\program files (x86)\Skype
2013-03-08 16:49 . 2013-03-08 16:49	--------	d-----w-	c:\programdata\Skype
2013-03-08 10:38 . 2013-03-08 10:54	--------	d-----w-	c:\users\Daniel\AppData\Roaming\WindSolutions
2013-03-08 10:38 . 2013-03-08 10:41	--------	d-----w-	c:\programdata\WindSolutions
2013-03-08 02:07 . 2013-03-08 02:07	--------	d-----w-	c:\program files\CCleaner
2013-03-08 01:47 . 2013-01-13 19:53	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-03-08 01:46 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-03-08 01:46 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-03-08 01:46 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-03-08 01:46 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-03-08 01:46 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-03-08 01:46 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-03-08 01:46 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-03-08 01:46 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-03-08 01:46 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-03-08 00:30 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-03-08 00:30 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-03-08 00:30 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-03-08 00:30 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-03-08 00:27 . 2010-11-20 13:27	2851840	----a-w-	c:\windows\system32\themeui.dll.backup
2013-03-08 00:27 . 2009-07-14 01:41	44544	----a-w-	c:\windows\system32\themeservice.dll.backup
2013-03-08 00:27 . 2009-07-14 01:41	332288	----a-w-	c:\windows\system32\uxtheme.dll.backup
2013-03-08 00:25 . 2013-03-08 00:25	--------	d-----w-	c:\program files (x86)\7-Zip
2013-03-08 00:24 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24 . 2013-03-08 00:42	--------	d-----w-	c:\windows\system32\appmgmt
2013-03-08 00:15 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-03-08 00:15 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-03-08 00:15 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-03-08 00:15 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-03-08 00:15 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-03-08 00:15 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-03-08 00:15 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-03-08 00:15 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-03-08 00:15 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-03-08 00:15 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-03-08 00:15 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-03-08 00:08 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-03-08 00:08 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-03-08 00:03 . 2013-03-08 00:03	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-07 23:29 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-07 23:29 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-07 23:29 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-07 23:29 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-07 23:29 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-03-07 23:29 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-03-07 23:27 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-03-07 23:27 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-03-07 23:27 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2013-03-07 23:27 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-03-07 23:27 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-03-07 23:27 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 10:31 . 2012-01-31 06:11	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-08 00:27 . 2012-01-24 16:37	2851840	----a-w-	c:\windows\system32\themeui.dll
2013-03-08 00:27 . 2009-07-13 23:54	44544	----a-w-	c:\windows\system32\themeservice.dll
2013-03-08 00:27 . 2009-07-13 23:55	332288	----a-w-	c:\windows\system32\uxtheme.dll
2013-03-08 00:03 . 2012-01-03 12:49	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 13:53 . 2009-10-14 05:12	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-02-18 08:22 . 2013-02-18 08:22	31080	----a-w-	c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2013-02-18 08:22	1472360	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22	72552	----a-w-	c:\windows\system32\nvapo64v.dll
2013-02-18 08:22 . 2013-02-18 08:22	189288	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-20 08:31	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-20 08:31	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-20 08:31	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-20 08:31	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-20 08:31	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-20 08:31	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2009-10-14 05:13	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-08 00:07	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"64428"="c:\progra~3\dxoidaj.exe" [2010-11-20 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"1781466620"= 504b0304c1c4d969fc052f6a1204000000300000bdb4b115d2af6be88d0dc594ffffd90db7914a288095f40bbdda47aadabf662c9fb3ba34f4f2df6c8cf1f53cf3a1be08728e78783fb49269354839f8861f6a053dd0a09bfa896646414abb20a4f91ec9a2502fbe27793e723d518f9d356536e640d14262950c781337718d356909c886b71513367f09eccd113321d9265616540806e871d36d0e92dc4356d3348ad64910bac1fcd25b5358502d6809e0b979b4a1d0ebdb1e165f99740c16a5c83a9d17f5668ad2cb3dabfa36916af7cd5b8c045b63acf1516c9140be766d0e7796d132de104d86266f38c85b7fc8ed7cf62461722cec1f77bfe90de1939ed304231e541181008cc16625a639fec26346c3bea270573e77f08adc907c5881e2e8e0db9a2db0ce72b0de6ba1605a2c427ceebf13673b12e14eed8b42da2a2ac59b6150c53655cd2f0c0bbb7d72edf110bfe36995941f27cdee3381c6cbfea5f4175d68e135bfac0866055239313362db5db3914fcd0f2d417c1c00224bfeb90f71c742fb29221a96338ddb41aaee98b887dc4af7b6c32ce2257a29ee876550f605778c201d92c9b129c55cae25a61c5422285712ca007c7380325536631e5eab3f68c6c48029eec65003315a36517d38d5da65d76e38ac61860f0e19be51b7ef684be92512759c1f6a183aae945ea4e2c4a8b8562a27388edbd169c8770bd6e0c4033635a311554aa846c14454895413a104296e2fb46e2dbe00d97b6b830f754471efe6772c6e87f0e9316bc620147a7cf098206bd614b9ce01b6d149b7c27f1c82520ae0248a8e687f2d11ff37ed97486b89a4f895154a6c3b37404bc285b0d658203b2751b10768a7b33641cd8a6a787149f87f59a889a65e0dd943816479452597d21c739a2be6575a91bc0b343a208572272b892842d78a5585d7805dd6f8f450c843f80b1884d29a9a3a7cbd377edcf3d3f25af4134d6c56f6e810dd15d451fd3a8d3b6b92c263bcea9f74d4e8dbb97fccb7ef2f4e02330cbae645c9584ce10d3bd6bd6e46c8cd2ccf5ecd692a6f44dab739b06411b8ad0e93e9374f61ec0305239a81a5fbc46b7fd0b9630ea0e39e54561dfe098263a86d85c2283862c62749b3d69ce2ac15628ccbc5b2b81de5bd7360216190729cbabbe717db6ce41cb7f69f48491a6963810b6c3b8917c1f8bc021ed32ec1b86c04369ec50eb4476e1c247021af0659390a809e1a1b0b50e980f0447a217b0c166461e504fb2425d9bbcfb4a667ce00d5cc2356754dd97cc21e2258a9379211026cca4c354476868e3437643d1160363e3990151322d4d0640683ddda0bcce80bcb65b19a9d1f054f5a5ee70a979a4a897c3af504913ba3ed1d5b9a94a2910850b35ff65724ccd0168cc422d72224f48d94a3c31079a9bb6f60313bd41eb79da58359274d6334dd0dc8d23e1f87159bc2902c6a3858e550c68bb89df234dcff2710541036cb3c0c67c60007449b
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Anti-Malware\mbamservice.exe [2012-12-14 682344]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
S0 40872330;40872330;c:\windows\system32\DRIVERS\40872330.sys [2013-02-18 460888]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 09:14	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:11]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:11]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 83.169.184.33 192.168.0.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpaxita.info
FF - ExtSQL: 2013-02-14 16:41; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-687046182-1720888418-2620476028-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,7c,a4,b3,a5,bf,57,d6,cc,00,39,64,ec,f4,cc,9d,1c,a4,47,91,a9,
   63,86,07,8d,36,9d,ec,18,ee,2c,73,4e,3f,d8,42,24,0c,11,6e,4e,61,da,f5,82,83,\
"rkeysecu"=hex:21,1b,fa,2b,9c,f0,f2,1d,72,a5,69,33,06,a7,6d,4a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-22  12:12:30
ComboFix-quarantined-files.txt  2013-03-22 11:12
ComboFix2.txt  2013-03-22 10:50
.
Vor Suchlauf: 17 Verzeichnis(se), 105.023.717.376 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 104.962.560.000 Bytes frei
.
- - End Of File - - 814BF0CA6F7FA859B5E26497A491B0E9
         

HAL6996 ( ° )

Geändert von HAL6996 (22.03.2013 um 11:14 Uhr) Grund: Habe nicht aufgepasst!

Alt 22.03.2013, 12:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 13:15   #15
HAL6996
 
Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Standard

Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei



JRT Log

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by HAL9000 on 22.03.2013 at 13:40:03,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\jjoa6wuc.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2013 at 13:48:21,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

AdwCleaner Log 1

Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 22/03/2013 um 13:52:15 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HAL9000 - HAL9000
# Bootmodus : Normal
# Ausgeführt unter : D:\Computer\Sicherheit\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v9.0.1 (de)

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [2352 octets] - [22/03/2013 13:50:27]
AdwCleaner[R3].txt - [2412 octets] - [22/03/2013 13:52:05]
AdwCleaner[S1].txt - [2347 octets] - [22/03/2013 13:52:15]

########## EOF - C:\AdwCleaner[S1].txt - [2407 octets] ##########
         

AdwCleaner Log 2

Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 22/03/2013 um 13:50:27 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HAL9000 - HAL9000
# Bootmodus : Normal
# Ausgeführt unter : D:\Computer\Sicherheit\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\END

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v9.0.1 (de)

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [2225 octets] - [22/03/2013 13:50:27]

########## EOF - C:\AdwCleaner[R2].txt - [2285 octets] ##########
         
OTL Log

Code:
ATTFilter
OTL logfile created on: 22.03.2013 13:57:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Download
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 68,04% Memory free
7,93 Gb Paging File | 6,55 Gb Available in Paging File | 82,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 97,68 Gb Free Space | 67,81% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 112,68 Gb Free Space | 80,20% Space Free | Partition Type: NTFS
 
Computer Name: HAL9000 | User Name: HAL9000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:64bit: - (40872330) -- C:\Windows\SysNative\drivers\40872330.sys (Kaspersky Lab ZAO)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 31 9F C2 0E 0B CD 01  [binary data]
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gaxpaxita.info"
FF - prefs.js..browser.search.suggest.enabled: false
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 00:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 11:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.08 20:46:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.01.03 12:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2013.03.22 13:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jjoa6wuc.default\extensions
[2012.01.31 09:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.31 09:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.12.21 08:50:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
 
O1 HOSTS File: ([2013.03.22 11:48:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1781466620 = 50 4B 03 04 C1 C4 D9 69 FC 05 2F 6A 12 04 00 00 00 30 00 00 BD B4 B1 15 D2 AF 6B E8 8D 0D C5 94 FF FF D9 0D B7 91 4A 28 80 95 F4 0B BD DA 47 AA DA BF 66 2C 9F B3 BA 34 F4 F2 DF 6C 8C F1 F5 3C F3 A1 BE 08 72 8E 78 78 3F B4 92 69 35 48 39 F8 86 1F 6A 05 3D D0 A0 9B FA 89 66 46 41 4A BB 20 A4 F9 1E C9 A2 50 2F BE 27 79 3E 72 3D 51 8F 9D 35 65 36 E6 40 D1 42 62 95 0C 78 13 37 71 8D 35 69 09 C8 86 B7 15 13 36 7F 09 EC CD 11 33 21 D9 26 56 16 54 08 06 E8 71 D3 6D 0E 92 DC 43 56 D3 34 8A D6 49 10 BA C1 FC D2 5B 53 58 50 2D 68 09 E0 B9 79 B4 A1 D0 EB DB 1E 16 5F 99 74 0C 16 A5 C8 3A 9D 17 F5 66 8A D2 CB 3D AB FA 36 91 6A F7 CD 5B 8C 04 5B 63 AC F1 51 6C 91 40 BE 76 6D 0E 77 96 D1 32 DE 10 4D 86 26 6F 38 C8 5B 7F C8 ED 7C F6 24 61 72 2C EC 1F 77 BF E9 0D E1 93 9E D3 04 23 1E 54 11 81 00 8C C1 66 25 A6 39 FE C2 63 46 C3 BE A2 70 57 3E 77 F0 8A DC 90 7C 58 81 E2 E8 E0 DB 9A 2D B0 CE 72 B0 DE 6B A1 60 5A 2C 42 7C EE BF 13 67 3B 12 E1 4E ED 8B 42 DA 2A 2A C5 9B 61 50 C5 36 55 CD 2F 0C 0B BB 7D 72 ED F1 10 BF E3 69 95 94 1F 27 CD EE 33 81 C6 CB FE A5 F4 17 5D 68 E1 35 BF AC 08 66 05 52 39 31 33 62 DB 5D B3 91 4F CD 0F 2D 41 7C 1C 00 22 4B FE B9 0F 71 C7 42 FB 29 22 1A 96 33 8D DB 41 AA EE 98 B8 87 DC 4A F7 B6 C3 2C E2 25 7A 29 EE 87 65 50 F6 05 77 8C 20 1D 92 C9 B1 29 C5 5C AE 25 A6 1C 54 22 28 57 12 CA 00 7C 73 80 32 55 36 63 1E 5E AB 3F 68 C6 C4 80 29 EE C6 50 03 31 5A 36 51 7D 38 D5 DA 65 D7 6E 38 AC 61 86 0F 0E 19 BE 51 B7 EF 68 4B E9 25 12 75 9C 1F 6A 18 3A AE 94 5E A4 E2 C4 A8 B8 56 2A 27 38 8E DB D1 69 C8 77 0B D6 E0 C4 03 36 35 A3 11 55 4A A8 46 C1 44 54 89 54 13 A1 04 29 6E 2F B4 6E 2D BE 00 D9 7B 6B 83 0F 75 44 71 EF E6 77 2C 6E 87 F0 E9 31 6B C6 20 14 7A 7C F0 98 20 6B D6 14 B9 CE 01 B6 D1 49 B7 C2 7F 1C 82 52 0A E0 24 8A 8E 68 7F 2D 11 FF 37 ED 97 48 6B 89 A4 F8 95 15 4A 6C 3B 37 40 4B C2 85 B0 D6 58 20 3B 27 51 B1 07 68 A7 B3 36 41 CD 8A 6A 78 71 49 F8 7F 59 A8 89 A6 5E 0D D9 43 81 64 79 45 25 97 D2 1C 73 9A 2B E6 57 5A 91 BC 0B 34 3A 20 85 72 27 2B 89 28 42 D7 8A 55 85 D7 80 5D D6 F8 F4 50 C8 43 F8 0B 18 84 D2 9A 9A 3A 7C BD 37 7E DC F3 D3 F2 5A F4 13 4D 6C 56 F6 E8 10 DD 15 D4 51 FD 3A 8D 3B 6B 92 C2 63 BC EA 9F 74 D4 E8 DB B9 7F CC B7 EF 2F 4E 02 33 0C BA E6 45 C9 58 4C E1 0D 3B D6 BD 6E 46 C8 CD 2C CF 5E CD 69 2A 6F 44 DA B7 39 B0 64 11 B8 AD 0E 93 E9 37 4F 61 EC 03 05 23 9A 81 A5 FB C4 6B 7F D0 B9 63 0E A0 E3 9E 54 56 1D FE 09 82 63 A8 6D 85 C2 28 38 62 C6 27 49 B3 D6 9C E2 AC 15 62 8C CB C5 B2 B8 1D E5 BD 73 60 21 61 90 72 9C BA BB E7 17 DB 6C E4 1C B7 F6 9F 48 49 1A 69 63 81 0B 6C 3B 89 17 C1 F8 BC 02 1E D3 2E C1 B8 6C 04 36 9E C5 0E B4 47 6E 1C 24 70 21 AF 06 59 39 0A 80 9E 1A 1B 0B 50 E9 80 F0 44 7A 21 7B 0C 16 64 61 E5 04 FB 24 25 D9 BB CF B4 A6 67 CE 00 D5 CC 23 56 75 4D D9 7C C2 1E 22 58 A9 37 92 11 02 6C CA 4C 35 44 76 86 8E 34 37 64 3D 11 60 36 3E 39 90 15 13 22 D4 D0 64 06 83 DD DA 0B CC E8 0B CB 65 B1 9A 9D 1F 05 4F 5A 5E E7 0A 97 9A 4A 89 7C 3A F5 04 91 3B A3 ED 1D 5B 9A 94 A2 91 08 50 B3 5F F6 57 24 CC D0 16 8C C4 22 D7 22 24 F4 8D 94 A3 C3 10 79 A9 BB 6F 60 31 3B D4 1E B7 9D A5 83 59 27 4D 63 34 DD 0D C8 D2 3E 1F 87 15 9B C2 90 2C 6A 38 58 E5 50 C6 8B B8 9D F2 34 DC FF 27 10 54 10 36 CB 3C 0C 67 C6 00 07 44 9B  [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 64428 = c:\progra~3\dxoidaj.exe (Unjibafe. Lymen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://comport-emea.daimler.com/,DSID=dadca7ce55cbc7782b10ab029b390293,DanaInfo=.astvuhr99HnJn043x3-9tT80E,SSL,ST=1+/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{780A8806-5207-42AA-ABAC-6B224290FCFA}: DhcpNameServer = 83.169.184.33 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACB780E-E525-4441-A3DD-EA7C8FE376B6}: DhcpNameServer = 83.169.184.33 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.22 13:40:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.22 13:39:35 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.22 12:12:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.22 12:05:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.22 11:42:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.22 11:42:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.22 11:42:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.22 11:42:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.22 11:42:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.22 11:41:15 | 005,042,224 | R--- | C] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2013.03.22 11:15:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.03.22 11:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.03.22 11:15:26 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.03.22 11:15:26 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013.03.22 11:15:26 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013.03.22 11:15:26 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013.03.22 11:15:26 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013.03.22 11:15:25 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.03.22 11:15:25 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.03.22 11:15:25 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.03.22 11:15:25 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.03.22 11:15:24 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.03.22 11:15:24 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.03.22 11:15:24 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.03.22 11:15:24 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.03.22 11:15:24 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.03.22 11:15:23 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.03.22 11:15:23 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.03.22 11:15:22 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.03.22 11:15:22 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.03.22 11:15:22 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.03.22 11:15:22 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.03.22 11:15:22 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.03.22 11:15:22 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.03.22 11:15:22 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.03.22 11:15:22 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.03.22 11:15:22 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.03.22 11:15:22 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.03.22 11:15:22 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.03.22 11:15:22 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.03.22 11:15:21 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.03.22 11:15:21 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.03.22 11:15:20 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.03.22 11:15:20 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.03.22 11:15:20 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.03.22 11:15:20 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.03.22 11:15:20 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.03.22 11:15:20 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.03.22 11:15:20 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.03.22 11:15:20 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.03.22 11:15:19 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.03.22 11:15:19 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.03.22 11:15:19 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.03.22 11:15:19 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.03.22 11:15:19 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.03.22 11:15:15 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.03.22 11:15:15 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.03.22 11:15:15 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.03.22 11:15:15 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.03.22 11:15:14 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.03.22 11:15:14 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.03.22 11:15:14 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.03.22 11:15:14 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.03.22 11:15:14 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.03.22 11:15:14 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.03.22 11:15:14 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.03.22 11:15:14 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.03.22 11:15:14 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.03.22 11:15:14 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.03.22 11:15:13 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.03.22 11:15:13 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.03.22 11:15:13 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.03.22 11:15:13 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.03.22 11:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.03.21 10:32:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2013.03.20 23:40:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\MBA
[2013.03.20 10:01:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.20 09:27:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.20 09:27:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.20 09:27:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.20 09:27:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.20 09:27:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.20 09:27:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.20 09:27:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.20 09:27:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.20 09:27:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.20 09:27:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.20 09:27:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.20 09:27:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.20 09:27:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.20 09:27:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.20 09:27:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.20 00:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2013.03.20 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2013.03.19 22:23:54 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\40872330.sys
[2013.03.19 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.19 09:54:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2013.03.19 09:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.19 09:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Malware
[2013.03.19 09:53:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.19 09:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware
[2013.03.19 09:49:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs
[2013.03.18 11:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.03.18 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013.03.18 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.18 11:31:40 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.18 11:31:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.18 11:31:31 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.18 10:36:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\QuickScan
[2013.03.18 10:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.03.17 15:15:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\http___www.julien-manici
[2013.03.17 11:05:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Spotify
[2013.03.17 11:04:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Spotify
[2013.03.12 23:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2013.03.12 23:21:21 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2013.03.12 22:57:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\ArcSoft
[2013.03.12 22:57:30 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2013.03.12 22:49:07 | 000,028,672 | ---- | C] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll
[2013.03.12 22:49:03 | 000,507,392 | ---- | C] (ITETech                  ) -- C:\Windows\SysNative\drivers\AF15BDA.sys
[2013.03.11 11:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2013.03.10 23:53:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Local Settings
[2013.03.10 16:33:46 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013.03.10 16:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.03.10 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013.03.10 16:33:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\IObit
[2013.03.10 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.03.10 16:14:45 | 000,000,000 | R--D | C] -- C:\Users\Daniel\Documents\Scanned Documents
[2013.03.10 16:14:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Fax
[2013.03.09 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2013.03.09 15:06:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.03.09 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.03.09 13:31:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\dvdcss
[2013.03.09 12:43:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\vlc
[2013.03.09 12:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.03.09 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DL
[2013.03.09 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.Zettelkasten
[2013.03.08 20:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.08 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2013.03.08 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Thunderbird
[2013.03.08 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Skype
[2013.03.08 17:49:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.03.08 17:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.08 17:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.03.08 17:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.03.08 11:38:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2013.03.08 11:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2013.03.08 03:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.08 02:49:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.03.08 02:49:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.03.08 02:49:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.03.08 02:49:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.03.08 02:49:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.03.08 02:49:30 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.03.08 02:49:30 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.03.08 02:49:30 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.03.08 02:49:30 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.03.08 02:49:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.03.08 02:49:30 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.03.08 02:49:30 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.03.08 02:49:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.03.08 02:49:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.03.08 02:49:30 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.03.08 02:49:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.03.08 02:49:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.03.08 02:49:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.03.08 02:49:30 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.03.08 02:49:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.03.08 02:49:29 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.03.08 02:49:29 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.03.08 02:49:29 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.03.08 02:49:28 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.03.08 02:47:22 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.08 02:47:22 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.08 02:47:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.08 02:47:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.08 02:47:11 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.08 02:47:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.08 02:47:09 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.08 02:47:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.08 02:47:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.08 02:47:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.08 02:47:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.08 02:47:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.08 02:47:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.08 02:47:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.08 02:47:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.08 02:47:08 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.08 02:47:08 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.08 02:47:08 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.08 02:47:08 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.08 02:47:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.08 02:47:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.08 02:47:07 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.08 02:47:07 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.08 02:47:07 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.08 02:47:07 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.08 02:47:07 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.08 02:47:07 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.08 02:47:07 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.08 02:47:07 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.03.08 02:47:06 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.08 02:47:06 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.08 02:46:37 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.03.08 02:46:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.03.08 02:46:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.03.08 01:31:39 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.08 01:30:09 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.03.08 01:30:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.03.08 01:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skin Pack
[2013.03.08 01:28:33 | 006,676,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspaint.exe
[2013.03.08 01:28:33 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.03.08 01:28:32 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe
[2013.03.08 01:28:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013.03.08 01:28:27 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.03.08 01:28:27 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagesp1.dll
[2013.03.08 01:28:12 | 020,268,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imageres.dll
[2013.03.08 01:28:11 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2013.03.08 01:28:11 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2013.03.08 01:28:09 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2013.03.08 01:28:09 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2013.03.08 01:28:06 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll
[2013.03.08 01:28:01 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll.backup
[2013.03.08 01:27:50 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup
[2013.03.08 01:27:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup
[2013.03.08 01:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.08 01:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.03.08 01:24:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.08 01:15:56 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.03.08 01:15:56 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.03.08 01:15:56 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.03.08 01:15:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.03.08 01:15:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.03.08 01:15:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.03.08 01:15:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.03.08 01:15:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.03.08 01:09:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.03.08 01:09:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.03.08 01:09:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.03.08 01:09:17 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.03.08 01:09:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.03.08 01:09:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.03.08 01:09:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.03.08 01:08:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.03.08 01:07:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.03.08 01:07:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.03.08 01:07:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.03.08 01:07:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.03.08 01:07:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.03.08 01:07:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.03.08 01:07:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.03.08 01:07:37 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.03.08 01:07:13 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.03.08 01:07:13 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.03.08 01:03:11 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.08 00:29:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.08 00:29:09 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.08 00:29:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.08 00:29:06 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.08 00:29:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.03.08 00:28:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.03.08 00:28:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.03.08 00:28:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.03.08 00:28:44 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.03.08 00:28:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.03.08 00:28:44 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.03.08 00:28:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.03.08 00:28:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.03.08 00:28:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.03.08 00:28:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.03.08 00:28:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.03.08 00:28:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.03.08 00:28:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.03.08 00:28:40 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.03.08 00:28:40 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.03.08 00:28:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.03.08 00:28:40 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.03.08 00:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.03.08 00:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.03.08 00:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.03.08 00:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.03.08 00:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.03.08 00:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.03.08 00:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.03.08 00:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.03.08 00:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.03.08 00:28:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.03.08 00:28:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.03.08 00:28:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.03.08 00:28:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.03.08 00:28:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.03.08 00:28:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.03.08 00:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.03.08 00:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.03.08 00:28:22 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.03.08 00:28:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.03.08 00:28:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.03.08 00:28:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.03.08 00:28:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.03.08 00:28:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.03.08 00:28:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.03.08 00:28:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.03.08 00:28:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.03.08 00:28:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.03.08 00:28:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.03.08 00:28:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.03.08 00:28:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.03.08 00:28:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013.03.08 00:28:06 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013.03.08 00:28:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013.03.08 00:28:05 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013.03.08 00:28:05 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.03.08 00:28:04 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.03.08 00:28:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013.03.08 00:27:59 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.03.08 00:27:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.01.24 17:36:25 | 000,055,296 | -HS- | C] (Unjibafe. Lymen) -- C:\ProgramData\dxoidaj.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.22 13:58:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.22 13:58:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.22 13:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.22 13:53:27 | 3193,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.22 13:14:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.22 11:48:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.22 11:41:47 | 005,042,224 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2013.03.21 10:52:06 | 000,000,512 | ---- | M] () -- C:\Users\Daniel\Desktop\MBR.dat
[2013.03.21 10:34:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2013.03.21 10:20:56 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.18 11:31:24 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.18 11:31:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.18 11:31:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.18 11:31:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.18 11:31:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.18 11:31:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.17 15:02:21 | 000,000,017 | ---- | M] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg
[2013.03.12 22:49:03 | 000,507,392 | ---- | M] (ITETech                  ) -- C:\Windows\SysNative\drivers\AF15BDA.sys
[2013.03.12 22:49:03 | 000,028,672 | ---- | M] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll
[2013.03.12 22:49:03 | 000,000,126 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2013.03.11 00:14:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.08 04:32:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.08 02:17:28 | 000,609,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.08 02:17:28 | 000,113,108 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.08 01:32:15 | 001,456,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.08 01:32:15 | 000,595,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.08 01:32:15 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.08 01:27:50 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2013.03.08 01:27:48 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.03.08 01:03:11 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.08 01:03:11 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.03.22 11:42:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.22 11:42:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.22 11:42:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.22 11:42:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.22 11:42:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.22 11:15:22 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.03.21 10:52:06 | 000,000,512 | ---- | C] () -- C:\Users\Daniel\Desktop\MBR.dat
[2013.03.21 10:20:45 | 000,294,168 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.17 15:02:21 | 000,000,017 | ---- | C] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg
[2013.03.17 11:05:04 | 000,001,803 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.03.12 23:22:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.03.12 23:22:06 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.03.12 22:49:07 | 000,000,126 | ---- | C] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2013.03.12 12:46:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.03.10 16:33:20 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013.03.08 04:32:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.08 01:30:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.08 01:15:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.04.08 18:27:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.03 10:28:18 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.01.03 10:28:18 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.01.03 10:28:18 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.01.03 10:28:18 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Ich habe bei OTL noch nicht gefixt. War das richtig? Vielen Dank!


HAL6996 ( ° )

Antwort

Themen zu Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei
administrator, anti-malware, appdata, autostart, c:\windows, csrss.exe, explorer, löschen?, malwarebytes, microsoft, pum.userwload, regedit.exe, rundll32.exe, svchost.exe, trojan.agent, trojan.agent.cv, trojan.agent.ge, trojan.agent.gen, trojan.downloader, trojan.ransom, trojan.ransom.gen, win32/bundpil.a, win32/kryptik.axac, win32/trojandownloader.wauchos.a



Ähnliche Themen: Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei


  1. Verständnis Frage; Malwarebytes Anti-Malware vs. Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 21.12.2014 (3)
  2. Malwarebytes Anti-Malware
    Diskussionsforum - 21.05.2014 (7)
  3. Win7, firefox startet nicht, Malware laut Malwarebytes Anti-Malware, Security.Hijack
    Log-Analyse und Auswertung - 30.03.2014 (9)
  4. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  5. Malwarebytes Anti-Malware findet Malware.NSPack
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (13)
  6. Virus? Malwarebytes Anti-Malware Logdatei
    Log-Analyse und Auswertung - 02.04.2013 (14)
  7. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  8. Malwarebytes Anti-Malware Einstellungen
    Alles rund um Windows - 10.01.2013 (0)
  9. Email Accounts gehackt! Malwarebytes-Anti Malware Funde: Trojan.Refroso uvm. Wer kann mir helfen
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (3)
  10. kann Malwarebytes Anti-Malware nicht als Admin installieren
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (1)
  11. Malwarebytes Anti Malware LOG! (19.3.2012)
    Log-Analyse und Auswertung - 20.03.2012 (1)
  12. Malwarebytes Anti Malware LOG!
    Log-Analyse und Auswertung - 22.03.2011 (3)
  13. Malwarebytes Anti-Malware hat was gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (26)
  14. Kann "Malwarebytes-Anti-Malware" nicht öffnen!
    Log-Analyse und Auswertung - 23.12.2009 (1)
  15. Malwarebytes Anti-Malware
    Antiviren-, Firewall- und andere Schutzprogramme - 11.10.2009 (10)
  16. Frage zu Malwarebytes Anti-Malware
    Antiviren-, Firewall- und andere Schutzprogramme - 08.06.2009 (1)

Zum Thema Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei - Liebe PC-Freunde! Ich habe einen Quick-Scan mit Malwarebytes Anti-Malware durchgeführt und folgende Logdatei vorliegen: Malwarebytes Anti-Malware (Test) 1.70.0.1100 Datenbank Version: v2013.03.19.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer - Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei...
Archiv
Du betrachtest: Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.