Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware Trojaner in service.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.07.2013, 17:51   #1
Tim Weber
 
Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Hallo Trojaner-Board!

Leider habe ich mir einen Trojaner eingefangen, da ich Zeitweise keine Sicherheitssoftware installiert hatte. Ich habe mir also avast antivirus geholt und damit durchgescannt - mit Erfolg. Leider habe ich den Fehler gemacht und gefundene Infizierungen versucht zu löschen. Mittlerweile bekomme ich immerwieder dieselbe Fehlermeldung einer Malware namens:
C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\U\80000000.@
und
C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\U\800000cb.@

Infektion (bei beiden): Win32:Malware-gen
Prozess (bei beiden): C:\Windows\System32\services.exe

In einer anderen Warnmeldung stand der Trojaner "Patched-AKC"

Ich habe entsprechend eurer Thread-Vorbereitung 3 Programme durchlaufen lassen, die Dokumente finden Sie im Anhang.


Leider kann ich die gmer.txt und die OTL.txt nicht anhängen, da sie zu groß sind

Wie kann ich ihnen diese übermittlen?


Ich hoffe ihr könnt mir irgendwie helfen, freue mich auf eine Antwort und bedanke mich vorab vielmals!

Vielen Dank,



Tim Weber
Angehängte Dateien
Dateityp: log defogger_disable.log (480 Bytes, 136x aufgerufen)
Dateityp: txt Extras.Txt (46,7 KB, 155x aufgerufen)

Alt 29.07.2013, 17:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 29.07.2013, 21:07   #3
Tim Weber
 
Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



21:58:10.0540 13776 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:58:12.0552 13776 ============================================================
21:58:12.0552 13776 Current date / time: 2013/07/29 21:58:12.0552
21:58:12.0552 13776 SystemInfo:
21:58:12.0552 13776
21:58:12.0552 13776 OS Version: 6.1.7601 ServicePack: 1.0
21:58:12.0552 13776 Product type: Workstation
21:58:12.0552 13776 ComputerName: PUPSRAKETE
21:58:12.0552 13776 UserName: Tim Weber
21:58:12.0552 13776 Windows directory: C:\Windows
21:58:12.0552 13776 System windows directory: C:\Windows
21:58:12.0552 13776 Running under WOW64
21:58:12.0552 13776 Processor architecture: Intel x64
21:58:12.0552 13776 Number of processors: 4
21:58:12.0552 13776 Page size: 0x1000
21:58:12.0552 13776 Boot type: Normal boot
21:58:12.0552 13776 ============================================================
21:58:13.0566 13776 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:58:13.0597 13776 Drive \Device\Harddisk1\DR1 - Size: 0x3C1C00000 (15.03 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:58:13.0597 13776 ============================================================
21:58:13.0597 13776 \Device\Harddisk0\DR0:
21:58:13.0597 13776 MBR partitions:
21:58:13.0597 13776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x5D269000
21:58:13.0597 13776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5EEC7800, BlocksNum 0x89F40800
21:58:13.0597 13776 \Device\Harddisk1\DR1:
21:58:13.0597 13776 MBR partitions:
21:58:13.0597 13776 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1E0C000
21:58:13.0597 13776 ============================================================
21:58:13.0613 13776 C: <-> \Device\Harddisk0\DR0\Partition1
21:58:13.0644 13776 D: <-> \Device\Harddisk0\DR0\Partition2
21:58:13.0644 13776 ============================================================
21:58:13.0644 13776 Initialize success
21:58:13.0644 13776 ============================================================
21:58:14.0736 15392 ============================================================
21:58:14.0736 15392 Scan started
21:58:14.0736 15392 Mode: Manual;
21:58:14.0736 15392 ============================================================
21:58:15.0469 15392 ================ Scan system memory ========================
21:58:15.0469 15392 System memory - ok
21:58:15.0469 15392 ================ Scan services =============================
21:58:15.0578 15392 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:58:15.0578 15392 1394ohci - ok
21:58:15.0594 15392 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:58:15.0610 15392 ACPI - ok
21:58:15.0610 15392 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:58:15.0610 15392 AcpiPmi - ok
21:58:15.0703 15392 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:58:15.0703 15392 AdobeARMservice - ok
21:58:15.0797 15392 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:58:15.0797 15392 AdobeFlashPlayerUpdateSvc - ok
21:58:15.0828 15392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:58:15.0828 15392 adp94xx - ok
21:58:15.0844 15392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:58:15.0844 15392 adpahci - ok
21:58:15.0859 15392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:58:15.0859 15392 adpu320 - ok
21:58:15.0890 15392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:58:15.0890 15392 AeLookupSvc - ok
21:58:15.0922 15392 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:58:15.0922 15392 AFD - ok
21:58:15.0937 15392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:58:15.0937 15392 agp440 - ok
21:58:15.0968 15392 [ 8B6625D53C18774F0102F690E285B5E8 ] AiChargerPlus C:\Windows\system32\DRIVERS\AiChargerPlus.sys
21:58:15.0968 15392 AiChargerPlus - ok
21:58:15.0984 15392 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:58:15.0984 15392 ALG - ok
21:58:15.0984 15392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:58:16.0000 15392 aliide - ok
21:58:16.0015 15392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:58:16.0015 15392 amdide - ok
21:58:16.0031 15392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:58:16.0031 15392 AmdK8 - ok
21:58:16.0046 15392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:58:16.0046 15392 AmdPPM - ok
21:58:16.0062 15392 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:58:16.0062 15392 amdsata - ok
21:58:16.0078 15392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:58:16.0078 15392 amdsbs - ok
21:58:16.0078 15392 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:58:16.0078 15392 amdxata - ok
21:58:16.0140 15392 [ 18F64623E76FF58009D6F9CB9DEA5D0A ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
21:58:16.0140 15392 Amsp - ok
21:58:16.0156 15392 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:58:16.0156 15392 AppID - ok
21:58:16.0171 15392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:58:16.0171 15392 AppIDSvc - ok
21:58:16.0187 15392 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:58:16.0187 15392 Appinfo - ok
21:58:16.0249 15392 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:58:16.0249 15392 Apple Mobile Device - ok
21:58:16.0249 15392 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:58:16.0249 15392 arc - ok
21:58:16.0265 15392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:58:16.0265 15392 arcsas - ok
21:58:16.0296 15392 [ D7989234601A2DE9A1801F4ED9533B6E ] asahci64 C:\Windows\system32\drivers\asahci64.sys
21:58:16.0296 15392 asahci64 - ok
21:58:16.0358 15392 [ 6E3F4538B33BC19259E99BE1826286A3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
21:58:16.0358 15392 asComSvc - ok
21:58:16.0390 15392 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
21:58:16.0390 15392 asHmComSvc - ok
21:58:16.0421 15392 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
21:58:16.0421 15392 ASInsHelp - ok
21:58:16.0436 15392 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
21:58:16.0436 15392 AsIO - ok
21:58:16.0452 15392 [ 6D9C024AA8F24065A6DBEAB1F431D854 ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
21:58:16.0452 15392 asmthub3 - ok
21:58:16.0499 15392 [ ECAD22F15D8F17CC04F24E9A6FB00F2F ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
21:58:16.0499 15392 asmtxhci - ok
21:58:16.0546 15392 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
21:58:16.0546 15392 AsSysCtrlService - ok
21:58:16.0561 15392 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
21:58:16.0561 15392 AsUpIO - ok
21:58:16.0577 15392 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:58:16.0592 15392 aswFsBlk - ok
21:58:16.0624 15392 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:58:16.0624 15392 aswMonFlt - ok
21:58:16.0624 15392 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
21:58:16.0639 15392 aswRdr - ok
21:58:16.0655 15392 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
21:58:16.0655 15392 aswRvrt - ok
21:58:16.0670 15392 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:58:16.0686 15392 aswSnx - ok
21:58:16.0702 15392 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:58:16.0702 15392 aswSP - ok
21:58:16.0717 15392 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:58:16.0717 15392 aswTdi - ok
21:58:16.0748 15392 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
21:58:16.0748 15392 aswVmm - ok
21:58:16.0764 15392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:16.0764 15392 AsyncMac - ok
21:58:16.0780 15392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:58:16.0780 15392 atapi - ok
21:58:16.0811 15392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:58:16.0811 15392 AudioEndpointBuilder - ok
21:58:16.0826 15392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:58:16.0842 15392 AudioSrv - ok
21:58:16.0889 15392 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:58:16.0889 15392 avast! Antivirus - ok
21:58:16.0920 15392 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:58:16.0920 15392 AxInstSV - ok
21:58:16.0936 15392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:58:16.0936 15392 b06bdrv - ok
21:58:16.0967 15392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:16.0967 15392 b57nd60a - ok
21:58:16.0998 15392 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
21:58:16.0998 15392 BBSvc - ok
21:58:17.0029 15392 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
21:58:17.0029 15392 BBUpdate - ok
21:58:17.0060 15392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:58:17.0060 15392 BDESVC - ok
21:58:17.0076 15392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:58:17.0076 15392 Beep - ok
21:58:17.0123 15392 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:58:17.0123 15392 BFE - ok
21:58:17.0123 15392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:58:17.0123 15392 blbdrive - ok
21:58:17.0170 15392 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:58:17.0170 15392 Bonjour Service - ok
21:58:17.0170 15392 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:58:17.0170 15392 bowser - ok
21:58:17.0185 15392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:58:17.0185 15392 BrFiltLo - ok
21:58:17.0201 15392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:58:17.0201 15392 BrFiltUp - ok
21:58:17.0216 15392 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
21:58:17.0216 15392 Browser - ok
21:58:17.0341 15392 [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
21:58:17.0341 15392 BrowserProtect - ok
21:58:17.0357 15392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:58:17.0357 15392 Brserid - ok
21:58:17.0372 15392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:17.0372 15392 BrSerWdm - ok
21:58:17.0388 15392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:17.0388 15392 BrUsbMdm - ok
21:58:17.0404 15392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:17.0404 15392 BrUsbSer - ok
21:58:17.0419 15392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:58:17.0419 15392 BTHMODEM - ok
21:58:17.0419 15392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:58:17.0419 15392 bthserv - ok
21:58:17.0435 15392 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:58:17.0435 15392 cdfs - ok
21:58:17.0450 15392 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:58:17.0450 15392 cdrom - ok
21:58:17.0466 15392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:58:17.0466 15392 CertPropSvc - ok
21:58:17.0482 15392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:58:17.0482 15392 circlass - ok
21:58:17.0513 15392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:58:17.0513 15392 CLFS - ok
21:58:17.0560 15392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:58:17.0560 15392 clr_optimization_v2.0.50727_32 - ok
21:58:17.0591 15392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:58:17.0591 15392 clr_optimization_v2.0.50727_64 - ok
21:58:17.0653 15392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:58:17.0669 15392 clr_optimization_v4.0.30319_32 - ok
21:58:17.0684 15392 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:58:17.0700 15392 clr_optimization_v4.0.30319_64 - ok
21:58:17.0716 15392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:58:17.0716 15392 CmBatt - ok
21:58:17.0716 15392 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:58:17.0716 15392 cmdide - ok
21:58:17.0747 15392 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:58:17.0762 15392 CNG - ok
21:58:17.0778 15392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:58:17.0778 15392 Compbatt - ok
21:58:17.0794 15392 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:58:17.0794 15392 CompositeBus - ok
21:58:17.0794 15392 COMSysApp - ok
21:58:17.0809 15392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:58:17.0809 15392 crcdisk - ok
21:58:17.0840 15392 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:58:17.0840 15392 CryptSvc - ok
21:58:17.0872 15392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:58:17.0872 15392 DcomLaunch - ok
21:58:17.0903 15392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:58:17.0903 15392 defragsvc - ok
21:58:17.0934 15392 [ 0A403702CB00432AC818523CD416BF67 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
21:58:17.0934 15392 Device Handle Service - ok
21:58:17.0965 15392 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:58:17.0965 15392 DfsC - ok
21:58:17.0981 15392 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:58:17.0996 15392 Dhcp - ok
21:58:17.0996 15392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:58:17.0996 15392 discache - ok
21:58:18.0012 15392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:58:18.0012 15392 Disk - ok
21:58:18.0043 15392 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:58:18.0043 15392 Dnscache - ok
21:58:18.0059 15392 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:58:18.0059 15392 dot3svc - ok
21:58:18.0074 15392 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:58:18.0074 15392 DPS - ok
21:58:18.0090 15392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:58:18.0090 15392 drmkaud - ok
21:58:18.0121 15392 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:58:18.0121 15392 DXGKrnl - ok
21:58:18.0121 15392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:58:18.0137 15392 EapHost - ok
21:58:18.0199 15392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:58:18.0215 15392 ebdrv - ok
21:58:18.0277 15392 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:58:18.0277 15392 EFS - ok
21:58:18.0308 15392 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:58:18.0308 15392 ehRecvr - ok
21:58:18.0308 15392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:58:18.0308 15392 ehSched - ok
21:58:18.0340 15392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:58:18.0340 15392 elxstor - ok
21:58:18.0355 15392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:58:18.0355 15392 ErrDev - ok
21:58:18.0371 15392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:58:18.0371 15392 EventSystem - ok
21:58:18.0386 15392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:58:18.0386 15392 exfat - ok
21:58:18.0402 15392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:58:18.0402 15392 fastfat - ok
21:58:18.0418 15392 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:58:18.0433 15392 Fax - ok
21:58:18.0433 15392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:58:18.0433 15392 fdc - ok
21:58:18.0449 15392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:58:18.0449 15392 fdPHost - ok
21:58:18.0464 15392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:58:18.0464 15392 FDResPub - ok
21:58:18.0464 15392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:58:18.0464 15392 FileInfo - ok
21:58:18.0464 15392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:58:18.0464 15392 Filetrace - ok
21:58:18.0480 15392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:58:18.0480 15392 flpydisk - ok
21:58:18.0511 15392 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:58:18.0511 15392 FltMgr - ok
21:58:18.0542 15392 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:58:18.0542 15392 FontCache - ok
21:58:18.0605 15392 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:58:18.0605 15392 FontCache3.0.0.0 - ok
21:58:18.0620 15392 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:58:18.0620 15392 FsDepends - ok
21:58:18.0652 15392 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:58:18.0652 15392 fssfltr - ok
21:58:18.0714 15392 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:58:18.0730 15392 fsssvc - ok
21:58:18.0730 15392 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:58:18.0730 15392 Fs_Rec - ok
21:58:18.0745 15392 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:58:18.0761 15392 fvevol - ok
21:58:18.0776 15392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:58:18.0776 15392 gagp30kx - ok
21:58:18.0792 15392 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:58:18.0808 15392 GEARAspiWDM - ok
21:58:18.0823 15392 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:58:18.0823 15392 gpsvc - ok
21:58:18.0886 15392 GPU-Z - ok
21:58:18.0932 15392 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:18.0948 15392 gupdate - ok
21:58:18.0948 15392 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:18.0948 15392 gupdatem - ok
21:58:18.0979 15392 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:58:18.0979 15392 hamachi - ok
21:58:19.0057 15392 [ B1E3F445943F06E36DC079AF28D0F86B ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:58:19.0073 15392 Hamachi2Svc - ok
21:58:19.0088 15392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:58:19.0088 15392 hcw85cir - ok
21:58:19.0120 15392 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:58:19.0120 15392 HdAudAddService - ok
21:58:19.0135 15392 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:58:19.0135 15392 HDAudBus - ok
21:58:19.0135 15392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:58:19.0151 15392 HidBatt - ok
21:58:19.0151 15392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:58:19.0151 15392 HidBth - ok
21:58:19.0151 15392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:58:19.0151 15392 HidIr - ok
21:58:19.0166 15392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:58:19.0166 15392 hidserv - ok
21:58:19.0166 15392 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:58:19.0166 15392 HidUsb - ok
21:58:19.0198 15392 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:58:19.0198 15392 hkmsvc - ok
21:58:19.0198 15392 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:58:19.0198 15392 HomeGroupListener - ok
21:58:19.0213 15392 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:58:19.0229 15392 HomeGroupProvider - ok
21:58:19.0229 15392 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:58:19.0229 15392 HpSAMD - ok
21:58:19.0260 15392 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:58:19.0260 15392 HTTP - ok
21:58:19.0276 15392 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:58:19.0276 15392 hwpolicy - ok
21:58:19.0291 15392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:58:19.0307 15392 i8042prt - ok
21:58:19.0525 15392 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:58:19.0525 15392 iaStorV - ok
21:58:19.0588 15392 [ C58305AC412A2DE95D461072E0AF5AAF ] IBUpdaterService C:\Windows\system32\dmwu.exe
21:58:19.0603 15392 IBUpdaterService - ok
21:58:19.0650 15392 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:58:19.0666 15392 idsvc - ok
21:58:19.0681 15392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:58:19.0681 15392 iirsp - ok
21:58:19.0712 15392 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:58:19.0728 15392 IKEEXT - ok
21:58:19.0775 15392 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:58:19.0790 15392 IntcAzAudAddService - ok
21:58:19.0806 15392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:58:19.0806 15392 intelide - ok
21:58:19.0822 15392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:58:19.0822 15392 intelppm - ok
21:58:19.0837 15392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:58:19.0837 15392 IPBusEnum - ok
21:58:19.0868 15392 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:58:19.0868 15392 IpFilterDriver - ok
21:58:19.0884 15392 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:58:19.0884 15392 IPMIDRV - ok
21:58:19.0900 15392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:58:19.0900 15392 IPNAT - ok
21:58:19.0962 15392 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:58:19.0962 15392 iPod Service - ok
21:58:19.0962 15392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:58:19.0978 15392 IRENUM - ok
21:58:19.0993 15392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:58:19.0993 15392 isapnp - ok
21:58:20.0009 15392 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:58:20.0009 15392 iScsiPrt - ok
21:58:20.0040 15392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:58:20.0040 15392 kbdclass - ok
21:58:20.0040 15392 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:58:20.0040 15392 kbdhid - ok
21:58:20.0071 15392 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:58:20.0071 15392 KeyIso - ok
21:58:20.0102 15392 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:58:20.0102 15392 KSecDD - ok
21:58:20.0118 15392 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:58:20.0118 15392 KSecPkg - ok
21:58:20.0118 15392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:58:20.0118 15392 ksthunk - ok
21:58:20.0149 15392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:58:20.0165 15392 KtmRm - ok
21:58:20.0180 15392 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:58:20.0196 15392 LanmanServer - ok
21:58:20.0212 15392 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:58:20.0227 15392 LanmanWorkstation - ok
21:58:20.0227 15392 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:58:20.0227 15392 lltdio - ok
21:58:20.0274 15392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:58:20.0274 15392 lltdsvc - ok
21:58:20.0305 15392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:58:20.0305 15392 lmhosts - ok
21:58:20.0352 15392 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:58:20.0352 15392 LMS - ok
21:58:20.0368 15392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:58:20.0368 15392 LSI_FC - ok
21:58:20.0383 15392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:58:20.0383 15392 LSI_SAS - ok
21:58:20.0399 15392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:58:20.0399 15392 LSI_SAS2 - ok
21:58:20.0414 15392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:58:20.0414 15392 LSI_SCSI - ok
21:58:20.0430 15392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:58:20.0430 15392 luafv - ok
21:58:20.0446 15392 lxbv_device - ok
21:58:20.0477 15392 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:58:20.0477 15392 Mcx2Svc - ok
21:58:20.0477 15392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:58:20.0477 15392 megasas - ok
21:58:20.0508 15392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:58:20.0508 15392 MegaSR - ok
21:58:20.0524 15392 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
21:58:20.0524 15392 MEIx64 - ok
21:58:20.0539 15392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:58:20.0539 15392 MMCSS - ok
21:58:20.0555 15392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:58:20.0555 15392 Modem - ok
21:58:20.0570 15392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:58:20.0570 15392 monitor - ok
21:58:20.0586 15392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:58:20.0586 15392 mouclass - ok
21:58:20.0586 15392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:58:20.0586 15392 mouhid - ok
21:58:20.0602 15392 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:58:20.0602 15392 mountmgr - ok
21:58:20.0617 15392 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:58:20.0617 15392 mpio - ok
21:58:20.0633 15392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:58:20.0648 15392 mpsdrv - ok
21:58:20.0664 15392 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:58:20.0664 15392 MRxDAV - ok
21:58:20.0680 15392 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:58:20.0680 15392 mrxsmb - ok
21:58:20.0695 15392 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:58:20.0711 15392 mrxsmb10 - ok
21:58:20.0726 15392 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:58:20.0726 15392 mrxsmb20 - ok
21:58:20.0742 15392 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:58:20.0742 15392 msahci - ok
21:58:20.0742 15392 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:58:20.0742 15392 msdsm - ok
21:58:20.0758 15392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:58:20.0773 15392 MSDTC - ok
21:58:20.0804 15392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:58:20.0804 15392 Msfs - ok
21:58:20.0820 15392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:58:20.0820 15392 mshidkmdf - ok
21:58:20.0820 15392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:58:20.0820 15392 msisadrv - ok
21:58:20.0851 15392 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:58:20.0851 15392 MSiSCSI - ok
21:58:20.0851 15392 msiserver - ok
21:58:20.0867 15392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:58:20.0867 15392 MSKSSRV - ok
21:58:20.0882 15392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:58:20.0882 15392 MSPCLOCK - ok
21:58:20.0898 15392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:58:20.0898 15392 MSPQM - ok
21:58:20.0914 15392 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:58:20.0914 15392 MsRPC - ok
21:58:20.0929 15392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:58:20.0929 15392 mssmbios - ok
21:58:20.0945 15392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:58:20.0945 15392 MSTEE - ok
21:58:20.0945 15392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:58:20.0945 15392 MTConfig - ok
21:58:20.0960 15392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:58:20.0976 15392 Mup - ok
21:58:20.0992 15392 [ C752AB67A50F921622FE65725D1F6856 ] mv91xx C:\Windows\system32\drivers\mv91xx.sys
21:58:21.0007 15392 mv91xx - ok
21:58:21.0023 15392 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:58:21.0038 15392 napagent - ok
21:58:21.0054 15392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:58:21.0054 15392 NativeWifiP - ok
21:58:21.0085 15392 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:58:21.0085 15392 NDIS - ok
21:58:21.0101 15392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:58:21.0101 15392 NdisCap - ok
21:58:21.0132 15392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:58:21.0132 15392 NdisTapi - ok
21:58:21.0148 15392 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:58:21.0148 15392 Ndisuio - ok
21:58:21.0148 15392 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:58:21.0163 15392 NdisWan - ok
21:58:21.0163 15392 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:58:21.0163 15392 NDProxy - ok
21:58:21.0194 15392 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:58:21.0194 15392 Net Driver HPZ12 - ok
21:58:21.0210 15392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:58:21.0210 15392 NetBIOS - ok
21:58:21.0226 15392 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:58:21.0226 15392 NetBT - ok
21:58:21.0226 15392 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:58:21.0241 15392 Netlogon - ok
21:58:21.0272 15392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:58:21.0272 15392 Netman - ok
21:58:21.0288 15392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:58:21.0288 15392 netprofm - ok
21:58:21.0350 15392 [ 53D7442AA919C91D055DBD44635F32B1 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
21:58:21.0350 15392 netr28ux - ok
21:58:21.0397 15392 [ 5758FD37BF31E759F8610311E4D08ECA ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
21:58:21.0397 15392 netr28x - ok
21:58:21.0428 15392 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:58:21.0428 15392 NetTcpPortSharing - ok
21:58:21.0428 15392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:58:21.0428 15392 nfrd960 - ok
21:58:21.0444 15392 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:58:21.0444 15392 NlaSvc - ok
21:58:21.0460 15392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:58:21.0460 15392 Npfs - ok
21:58:21.0475 15392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:58:21.0475 15392 nsi - ok
21:58:21.0475 15392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:58:21.0475 15392 nsiproxy - ok
21:58:21.0506 15392 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:58:21.0522 15392 Ntfs - ok
21:58:21.0538 15392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:58:21.0538 15392 Null - ok
21:58:21.0553 15392 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
21:58:21.0553 15392 nusb3hub - ok
21:58:21.0569 15392 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
21:58:21.0569 15392 nusb3xhc - ok
21:58:21.0616 15392 [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:58:21.0616 15392 NVHDA - ok
21:58:21.0787 15392 [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:58:21.0818 15392 nvlddmkm - ok
21:58:21.0850 15392 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:58:21.0850 15392 nvraid - ok
21:58:21.0865 15392 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:58:21.0865 15392 nvstor - ok
21:58:21.0928 15392 [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:58:21.0928 15392 nvsvc - ok
21:58:21.0943 15392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:58:21.0943 15392 nv_agp - ok
21:58:21.0974 15392 [ 6D566CD4BBB53CA50722CDD1C443045C ] NxpCap64 C:\Windows\system32\DRIVERS\NxpCap64.sys
21:58:21.0990 15392 NxpCap64 - ok
21:58:22.0006 15392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:58:22.0006 15392 ohci1394 - ok
21:58:22.0052 15392 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:22.0052 15392 ose - ok
21:58:22.0084 15392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:58:22.0084 15392 p2pimsvc - ok
21:58:22.0115 15392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:58:22.0115 15392 p2psvc - ok
21:58:22.0130 15392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:58:22.0130 15392 Parport - ok
21:58:22.0162 15392 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:58:22.0162 15392 partmgr - ok
21:58:22.0193 15392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:58:22.0193 15392 PcaSvc - ok
21:58:22.0208 15392 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:58:22.0208 15392 pci - ok
21:58:22.0208 15392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:58:22.0208 15392 pciide - ok
21:58:22.0224 15392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:58:22.0240 15392 pcmcia - ok
21:58:22.0255 15392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:58:22.0255 15392 pcw - ok
21:58:22.0271 15392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:58:22.0286 15392 PEAUTH - ok
21:58:22.0333 15392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:58:22.0333 15392 PerfHost - ok
21:58:22.0380 15392 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:58:22.0380 15392 pla - ok
21:58:22.0411 15392 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:58:22.0427 15392 PlugPlay - ok
21:58:22.0442 15392 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:58:22.0442 15392 Pml Driver HPZ12 - ok
21:58:22.0458 15392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:58:22.0458 15392 PNRPAutoReg - ok
21:58:22.0458 15392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:58:22.0458 15392 PNRPsvc - ok
21:58:22.0489 15392 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:58:22.0489 15392 PolicyAgent - ok
21:58:22.0505 15392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:58:22.0505 15392 Power - ok
21:58:22.0520 15392 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:58:22.0520 15392 PptpMiniport - ok
21:58:22.0520 15392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:58:22.0520 15392 Processor - ok
21:58:22.0552 15392 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:58:22.0552 15392 ProfSvc - ok
21:58:22.0567 15392 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:58:22.0567 15392 ProtectedStorage - ok
21:58:22.0583 15392 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:58:22.0583 15392 Psched - ok
21:58:22.0614 15392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:58:22.0630 15392 ql2300 - ok
21:58:22.0645 15392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:58:22.0645 15392 ql40xx - ok
21:58:22.0661 15392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:58:22.0661 15392 QWAVE - ok
21:58:22.0676 15392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:58:22.0676 15392 QWAVEdrv - ok
21:58:22.0723 15392 [ 720FEA3AAA15FE7E0BEAB10AC2E6D2B0 ] RalinkRegistryWriter C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
21:58:22.0723 15392 RalinkRegistryWriter - ok
21:58:22.0739 15392 [ 178CEF55E09DC320FF6561D4EEB4F632 ] RalinkRegistryWriter64 C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
21:58:22.0739 15392 RalinkRegistryWriter64 - ok
21:58:22.0754 15392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:58:22.0754 15392 RasAcd - ok
21:58:22.0770 15392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:58:22.0770 15392 RasAgileVpn - ok
21:58:22.0786 15392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:58:22.0801 15392 RasAuto - ok
21:58:22.0817 15392 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:58:22.0817 15392 Rasl2tp - ok
21:58:22.0848 15392 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:58:22.0864 15392 RasMan - ok
21:58:22.0879 15392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:58:22.0879 15392 RasPppoe - ok
21:58:22.0879 15392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:58:22.0879 15392 RasSstp - ok
21:58:22.0895 15392 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:58:22.0895 15392 rdbss - ok
21:58:22.0910 15392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:58:22.0910 15392 rdpbus - ok
21:58:22.0942 15392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:58:22.0942 15392 RDPCDD - ok
21:58:22.0957 15392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:58:22.0957 15392 RDPENCDD - ok
21:58:22.0957 15392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:58:22.0957 15392 RDPREFMP - ok
21:58:22.0988 15392 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:58:22.0988 15392 RDPWD - ok
21:58:23.0004 15392 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:58:23.0004 15392 rdyboost - ok
21:58:23.0020 15392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:58:23.0020 15392 RemoteAccess - ok
21:58:23.0035 15392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:58:23.0051 15392 RemoteRegistry - ok
21:58:23.0066 15392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:58:23.0066 15392 RpcEptMapper - ok
21:58:23.0082 15392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:58:23.0082 15392 RpcLocator - ok
21:58:23.0098 15392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:58:23.0098 15392 RpcSs - ok
21:58:23.0113 15392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:58:23.0113 15392 rspndr - ok
21:58:23.0144 15392 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:58:23.0144 15392 RTL8167 - ok
21:58:23.0160 15392 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:58:23.0160 15392 RtNdPt60 - ok
21:58:23.0191 15392 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
21:58:23.0191 15392 RTTEAMPT - ok
21:58:23.0191 15392 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
21:58:23.0191 15392 RTVLANPT - ok
21:58:23.0207 15392 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:58:23.0207 15392 SamSs - ok
21:58:23.0222 15392 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:58:23.0222 15392 sbp2port - ok
21:58:23.0238 15392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:58:23.0254 15392 SCardSvr - ok
21:58:23.0269 15392 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:58:23.0269 15392 scfilter - ok
21:58:23.0300 15392 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:58:23.0316 15392 Schedule - ok
21:58:23.0332 15392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:58:23.0332 15392 SCPolicySvc - ok
21:58:23.0347 15392 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:58:23.0363 15392 SDRSVC - ok
21:58:23.0378 15392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:58:23.0378 15392 secdrv - ok
21:58:23.0394 15392 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:58:23.0394 15392 seclogon - ok
21:58:23.0410 15392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:58:23.0410 15392 SENS - ok
21:58:23.0410 15392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:58:23.0410 15392 SensrSvc - ok
21:58:23.0425 15392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:58:23.0425 15392 Serenum - ok
21:58:23.0456 15392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:58:23.0456 15392 Serial - ok
21:58:23.0456 15392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:58:23.0456 15392 sermouse - ok
21:58:23.0472 15392 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:58:23.0488 15392 SessionEnv - ok
21:58:23.0488 15392 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:58:23.0488 15392 sffdisk - ok
21:58:23.0503 15392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:58:23.0503 15392 sffp_mmc - ok
21:58:23.0503 15392 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:58:23.0503 15392 sffp_sd - ok
21:58:23.0534 15392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:58:23.0534 15392 sfloppy - ok
21:58:23.0550 15392 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:58:23.0550 15392 ShellHWDetection - ok
21:58:23.0550 15392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:58:23.0550 15392 SiSRaid2 - ok
21:58:23.0566 15392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:58:23.0566 15392 SiSRaid4 - ok
21:58:23.0690 15392 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:58:23.0690 15392 Skype C2C Service - ok
21:58:23.0753 15392 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:58:23.0753 15392 SkypeUpdate - ok
21:58:23.0768 15392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:58:23.0768 15392 Smb - ok
21:58:23.0800 15392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:58:23.0800 15392 SNMPTRAP - ok
21:58:23.0800 15392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:58:23.0800 15392 spldr - ok
21:58:23.0831 15392 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
21:58:23.0831 15392 Spooler - ok
21:58:23.0893 15392 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:58:23.0909 15392 sppsvc - ok
21:58:23.0924 15392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:58:23.0940 15392 sppuinotify - ok
21:58:23.0956 15392 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:58:23.0956 15392 srv - ok
21:58:23.0971 15392 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:58:23.0971 15392 srv2 - ok
21:58:23.0987 15392 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:58:23.0987 15392 srvnet - ok
21:58:24.0002 15392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:58:24.0002 15392 SSDPSRV - ok
21:58:24.0018 15392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:58:24.0018 15392 SstpSvc - ok
21:58:24.0080 15392 Steam Client Service - ok
21:58:24.0096 15392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:58:24.0096 15392 stexstor - ok
21:58:24.0127 15392 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:58:24.0127 15392 StillCam - ok
21:58:24.0143 15392 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:58:24.0158 15392 stisvc - ok
21:58:24.0158 15392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:58:24.0158 15392 swenum - ok
21:58:24.0174 15392 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:58:24.0174 15392 swprv - ok
21:58:24.0205 15392 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:58:24.0221 15392 SysMain - ok
21:58:24.0236 15392 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:58:24.0236 15392 TabletInputService - ok
21:58:24.0252 15392 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:58:24.0252 15392 TapiSrv - ok
21:58:24.0268 15392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:58:24.0268 15392 TBS - ok
21:58:24.0330 15392 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:58:24.0346 15392 Tcpip - ok
21:58:24.0377 15392 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:58:24.0377 15392 TCPIP6 - ok
21:58:24.0392 15392 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:58:24.0392 15392 tcpipreg - ok
21:58:24.0408 15392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:58:24.0408 15392 TDPIPE - ok
21:58:24.0439 15392 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:58:24.0439 15392 TDTCP - ok
21:58:24.0439 15392 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:58:24.0455 15392 tdx - ok
21:58:24.0470 15392 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
21:58:24.0470 15392 TEAM - ok
21:58:24.0486 15392 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:58:24.0486 15392 TermDD - ok
21:58:24.0517 15392 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:58:24.0517 15392 TermService - ok
21:58:24.0533 15392 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:58:24.0533 15392 Themes - ok
21:58:24.0564 15392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:58:24.0564 15392 THREADORDER - ok
21:58:24.0642 15392 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
21:58:24.0642 15392 tmactmon - ok
21:58:24.0751 15392 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
21:58:24.0751 15392 tmcomm - ok
21:58:24.0767 15392 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
21:58:24.0767 15392 tmevtmgr - ok
21:58:24.0798 15392 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
21:58:24.0798 15392 tmtdi - ok
21:58:24.0814 15392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:58:24.0814 15392 TrkWks - ok
21:58:24.0860 15392 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:58:24.0860 15392 TrustedInstaller - ok
21:58:24.0876 15392 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:58:24.0892 15392 tssecsrv - ok
21:58:24.0892 15392 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:58:24.0892 15392 TsUsbFlt - ok
21:58:24.0907 15392 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:58:24.0907 15392 TsUsbGD - ok
21:58:24.0923 15392 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:58:24.0923 15392 tunnel - ok
21:58:24.0938 15392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:58:24.0938 15392 uagp35 - ok
21:58:24.0970 15392 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:58:24.0970 15392 udfs - ok
21:58:25.0032 15392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:58:25.0032 15392 UI0Detect - ok
21:58:25.0048 15392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:58:25.0048 15392 uliagpkx - ok
21:58:25.0063 15392 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:58:25.0063 15392 umbus - ok
21:58:25.0094 15392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:58:25.0094 15392 UmPass - ok
21:58:25.0188 15392 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:58:25.0204 15392 UNS - ok
21:58:25.0219 15392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:58:25.0219 15392 upnphost - ok
21:58:25.0250 15392 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:58:25.0266 15392 USBAAPL64 - ok
21:58:25.0297 15392 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:58:25.0297 15392 usbaudio - ok
21:58:25.0297 15392 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:58:25.0313 15392 usbccgp - ok
21:58:25.0328 15392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:58:25.0328 15392 usbcir - ok
21:58:25.0344 15392 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:58:25.0344 15392 usbehci - ok
21:58:25.0360 15392 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:58:25.0360 15392 usbhub - ok
21:58:25.0375 15392 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:58:25.0375 15392 usbohci - ok
21:58:25.0391 15392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:58:25.0391 15392 usbprint - ok
21:58:25.0438 15392 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:58:25.0438 15392 usbscan - ok
21:58:25.0453 15392 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:58:25.0453 15392 USBSTOR - ok
21:58:25.0484 15392 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:58:25.0484 15392 usbuhci - ok
21:58:25.0516 15392 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:58:25.0531 15392 usbvideo - ok
21:58:25.0547 15392 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
21:58:25.0547 15392 usb_rndisx - ok
21:58:25.0562 15392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:58:25.0562 15392 UxSms - ok
21:58:25.0578 15392 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:58:25.0578 15392 VaultSvc - ok
21:58:25.0578 15392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:58:25.0578 15392 vdrvroot - ok
21:58:25.0609 15392 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:58:25.0609 15392 vds - ok
21:58:25.0625 15392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:58:25.0625 15392 vga - ok
21:58:25.0640 15392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:58:25.0640 15392 VgaSave - ok
21:58:25.0656 15392 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:58:25.0656 15392 vhdmp - ok
21:58:25.0656 15392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:58:25.0656 15392 viaide - ok
21:58:25.0687 15392 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] VLAN C:\Windows\system32\DRIVERS\RtVLAN60.sys
21:58:25.0687 15392 VLAN - ok
21:58:25.0703 15392 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:58:25.0703 15392 volmgr - ok
21:58:25.0718 15392 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:58:25.0718 15392 volmgrx - ok
21:58:25.0734 15392 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:58:25.0734 15392 volsnap - ok
21:58:25.0765 15392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:58:25.0781 15392 vsmraid - ok
21:58:25.0812 15392 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:58:25.0828 15392 VSS - ok
21:58:25.0828 15392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:58:25.0828 15392 vwifibus - ok
21:58:25.0859 15392 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:58:25.0859 15392 vwififlt - ok
21:58:25.0890 15392 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:58:25.0890 15392 vwifimp - ok
21:58:25.0921 15392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:58:25.0937 15392 W32Time - ok
21:58:25.0952 15392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:58:25.0952 15392 WacomPen - ok
21:58:25.0968 15392 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:58:25.0968 15392 WANARP - ok
21:58:25.0968 15392 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:58:25.0968 15392 Wanarpv6 - ok
21:58:25.0999 15392 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:58:25.0999 15392 wbengine - ok
21:58:26.0046 15392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:58:26.0046 15392 WbioSrvc - ok
21:58:26.0062 15392 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:58:26.0062 15392 wcncsvc - ok
21:58:26.0077 15392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:58:26.0077 15392 WcsPlugInService - ok
21:58:26.0093 15392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:58:26.0093 15392 Wd - ok
21:58:26.0108 15392 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:58:26.0108 15392 Wdf01000 - ok
21:58:26.0124 15392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:58:26.0124 15392 WdiServiceHost - ok
21:58:26.0124 15392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:58:26.0124 15392 WdiSystemHost - ok
21:58:26.0140 15392 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:58:26.0140 15392 WebClient - ok
21:58:26.0140 15392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:58:26.0155 15392 Wecsvc - ok
21:58:26.0155 15392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:58:26.0171 15392 wercplsupport - ok
21:58:26.0171 15392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:58:26.0186 15392 WerSvc - ok
21:58:26.0186 15392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:58:26.0186 15392 WfpLwf - ok
21:58:26.0202 15392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:58:26.0202 15392 WIMMount - ok
21:58:26.0202 15392 WinHttpAutoProxySvc - ok
21:58:26.0249 15392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:58:26.0249 15392 Winmgmt - ok
21:58:26.0296 15392 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:58:26.0327 15392 WinRM - ok
21:58:26.0342 15392 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:58:26.0342 15392 WinUsb - ok
21:58:26.0374 15392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:58:26.0374 15392 Wlansvc - ok
21:58:26.0436 15392 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:58:26.0436 15392 wlcrasvc - ok
21:58:26.0514 15392 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:58:26.0514 15392 wlidsvc - ok
21:58:26.0530 15392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:58:26.0530 15392 WmiAcpi - ok
21:58:26.0545 15392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:58:26.0545 15392 wmiApSrv - ok
21:58:26.0561 15392 WMPNetworkSvc - ok
21:58:26.0576 15392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:58:26.0576 15392 WPCSvc - ok
21:58:26.0576 15392 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:58:26.0576 15392 WPDBusEnum - ok
21:58:26.0592 15392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:58:26.0592 15392 ws2ifsl - ok
21:58:26.0608 15392 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:58:26.0608 15392 wscsvc - ok
21:58:26.0623 15392 WSearch - ok
21:58:26.0639 15392 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:58:26.0639 15392 WudfPf - ok
21:58:26.0654 15392 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:58:26.0654 15392 WUDFRd - ok
21:58:26.0654 15392 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:58:26.0654 15392 wudfsvc - ok
21:58:26.0670 15392 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:58:26.0670 15392 WwanSvc - ok
21:58:26.0701 15392 ================ Scan global ===============================
21:58:26.0717 15392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:58:26.0732 15392 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:58:26.0732 15392 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:58:26.0779 15392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:58:26.0795 15392 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
21:58:26.0810 15392 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
21:58:26.0810 15392 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
21:58:26.0810 15392 ================ Scan MBR ==================================
21:58:26.0826 15392 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:58:26.0998 15392 \Device\Harddisk0\DR0 - ok
21:58:27.0013 15392 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:58:27.0013 15392 \Device\Harddisk1\DR1 - ok
21:58:27.0013 15392 ================ Scan VBR ==================================
21:58:27.0029 15392 [ 1D4E75B5FB0999504AFCDFEF6E771044 ] \Device\Harddisk0\DR0\Partition1
21:58:27.0029 15392 \Device\Harddisk0\DR0\Partition1 - ok
21:58:27.0044 15392 [ 2C07BDEACD4EFC304CE769B0E854864E ] \Device\Harddisk0\DR0\Partition2
21:58:27.0044 15392 \Device\Harddisk0\DR0\Partition2 - ok
21:58:27.0044 15392 [ 905DD6D827E5EBCB39D458E0DC460E38 ] \Device\Harddisk1\DR1\Partition1
21:58:27.0044 15392 \Device\Harddisk1\DR1\Partition1 - ok
21:58:27.0044 15392 ============================================================
21:58:27.0044 15392 Scan finished
21:58:27.0044 15392 ============================================================
21:58:27.0044 15384 Detected object count: 1
21:58:27.0044 15384 Actual detected object count: 1
21:58:32.0364 15384 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
21:58:32.0364 15384 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip









Das sagte TDSSKiller. Eine Frage noch: Manchmal habe ich Probleme mit meiner Internetverbindung, bis ein Pop-up von avast antivirus erscheint, mit der Meldung: Malware blockiert. Ab dann geht es wieder einwandfrei. Kann ich dagegen etwas tun? Ich poste noch die Ergebnisse von OTL und gmer.


Danke nochmal,

Tim Weber
__________________

Alt 29.07.2013, 21:08   #4
Tim Weber
 
Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



OTL:




OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.07.2013 16:01:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tim Weber\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,36 Gb Available Physical Memory | 79,62% Memory free
15,96 Gb Paging File | 13,47 Gb Available in Paging File | 84,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,21 Gb Total Space | 345,84 Gb Free Space | 46,41% Space Free | Partition Type: NTFS
Drive D: | 1103,63 Gb Total Space | 205,87 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive F: | 15,02 Gb Total Space | 9,67 Gb Free Space | 64,36% Space Free | Partition Type: FAT32
 
Computer Name: PUPSRAKETE | User Name: Tim Weber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.29 15:55:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim Weber\Desktop\OTL.exe
PRC - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.07.10 03:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.06.28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.06.16 15:56:50 | 000,020,248 | ---- | M] (Smartbar) -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2013.06.06 06:47:59 | 003,456,080 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.01.18 21:29:28 | 001,209,392 | ---- | M] () -- C:\Users\Tim Weber\AppData\Roaming\HoolappForAndroid\Hoolapp.exe
PRC - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.10.04 17:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.15 20:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2011.06.13 10:36:54 | 000,922,240 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
PRC - [2011.05.25 06:54:46 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.12 02:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
PRC - [2010.11.27 07:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.11.21 05:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010.11.09 01:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010.10.21 11:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010.09.25 07:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010.03.19 08:48:54 | 001,626,112 | ---- | M] (Sitecom Europe BV.) -- C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
PRC - [2009.12.31 03:20:16 | 000,195,200 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
PRC - [2009.12.23 23:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009.12.23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009.12.15 22:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.10 03:56:22 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.07.09 23:45:48 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.07.01 18:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.06.16 15:57:42 | 000,021,272 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013.06.16 15:57:36 | 000,025,368 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013.06.16 15:57:34 | 000,019,736 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013.06.16 15:57:28 | 000,013,592 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013.06.16 15:57:26 | 000,245,528 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
MOD - [2013.06.16 15:57:26 | 000,051,480 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013.06.16 15:57:24 | 000,111,896 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013.06.16 15:57:14 | 000,053,016 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013.06.16 15:57:10 | 000,078,104 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013.06.16 15:57:10 | 000,016,152 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013.06.16 15:57:06 | 000,149,784 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013.06.16 15:57:04 | 000,057,112 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013.06.16 15:57:00 | 000,012,568 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013.06.16 15:56:58 | 000,032,024 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013.06.16 15:56:58 | 000,013,592 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013.06.16 15:56:56 | 000,014,104 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013.06.16 15:56:54 | 001,710,872 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013.06.16 15:56:52 | 000,722,712 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013.06.16 15:56:52 | 000,081,176 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013.06.16 15:55:40 | 000,047,384 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013.06.16 15:55:26 | 000,025,368 | ---- | M] () -- C:\Users\Tim Weber\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013.06.15 01:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013.06.15 01:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013.06.15 01:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013.06.06 06:47:59 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013.05.27 10:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
MOD - [2013.01.19 00:08:11 | 000,911,432 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013.01.19 00:08:11 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
MOD - [2013.01.19 00:08:10 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013.01.19 00:08:10 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013.01.18 21:29:28 | 001,209,392 | ---- | M] () -- C:\Users\Tim Weber\AppData\Roaming\HoolappForAndroid\Hoolapp.exe
MOD - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.01.16 18:26:01 | 002,212,304 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.06.14 19:31:47 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012.06.14 19:31:46 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 19:31:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 19:31:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.10 14:53:15 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.06.09 19:39:03 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012.06.09 19:38:35 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012.06.09 19:38:34 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.06.09 19:38:34 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.06.09 19:38:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.09 19:38:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.09 19:38:07 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.09 19:38:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.10.13 02:19:23 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.05.20 19:12:18 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2011.05.17 03:35:56 | 000,965,632 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011.05.12 00:01:40 | 001,264,640 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011.05.07 02:53:38 | 001,036,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2011.04.08 03:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011.02.24 20:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011.02.09 19:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011.01.08 02:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011.01.06 20:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.21 05:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.11.05 03:58:52 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.08.23 04:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
MOD - [2010.08.07 04:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010.08.07 04:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010.06.22 01:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010.06.22 01:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009.12.10 11:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files (x86)\Sitecom\Common\RaWLAPI.dll
MOD - [2009.08.13 06:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2005.10.25 02:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Easy Update\AsMultiLang.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2007.04.25 13:19:08 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbvcoms.exe -- (lxbv_device)
SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.06.12 16:23:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.13 10:36:54 | 000,922,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.10.21 11:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009.12.15 22:49:12 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.12.15 22:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.04.25 13:18:48 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbvcoms.exe -- (lxbv_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.07.23 11:23:49 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.07.23 11:23:49 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.07.23 11:23:49 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.13 02:26:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.13 02:26:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.09.14 11:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.09.14 11:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.14 01:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.04.21 20:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.19 05:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011.03.24 01:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2010.12.28 19:55:30 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.12.02 04:08:44 | 001,865,088 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NxpCap64.sys -- (NxpCap64)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.09 00:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.07.02 12:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.01.14 14:27:46 | 000,032,544 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010.01.14 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010.01.14 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010.01.14 14:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010.01.14 14:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.01.04 23:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={54530CA4-61BB-11E2-A97F-5404A6B890F8}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={54530CA4-61BB-11E2-A97F-5404A6B890F8}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=44f4e894000000000000000cf6ba4814
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tim Weber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012.06.03 11:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files (x86)\Flock\components [2013.05.11 19:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2013.05.11 19:47:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.17 22:10:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcsing@msingsoftware.net: C:\Program Files (x86)\LyricSing\FF\ [2013.03.03 17:59:32 | 000,000,000 | ---D | M]
 
[2013.02.17 22:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: Search
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh\1.111_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh\1.111_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Lyrics Sing) - {C16A630A-DE50-4432-8D5B-5A7D92727D4C} - C:\Program Files (x86)\LyricSing\lrsing.dll File not found
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Tim Weber\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Hoolapp Android] C:\Users\Tim Weber\AppData\Roaming\HoolappForAndroid\Hoolapp.exe ()
O4 - HKCU..\Run: [HP Officejet 6600 (NET)] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Qiunavfa] "C:\Users\Tim Weber\AppData\Roaming\Ryhi\obodm.exe" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{886D054C-C2B5-475B-B72B-2D6FCE3763EB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2410ADE-4B9D-4B46-9D5B-C28F5E54565B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECD435CD-AA6A-4DF1-ABB0-1957B3F9E642}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F778E7EB-92A0-4202-B12D-BBE9C436D596}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ee747412-ac28-11e1-994c-5404a6b890f8}\Shell - "" = AutoRun
O33 - MountPoints2\{ee747412-ac28-11e1-994c-5404a6b890f8}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.29 15:55:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tim Weber\Desktop\OTL.exe
[2013.07.27 12:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.07.26 17:06:04 | 000,000,000 | ---D | C] -- C:\Users\Tim Weber\AppData\Roaming\XMedia Recode
[2013.07.26 16:34:27 | 000,000,000 | ---D | C] -- C:\Users\Tim Weber\AppData\Local\{0540E39E-83E9-4D42-8888-648F27BB27BC}
[2013.07.26 16:33:53 | 000,000,000 | ---D | C] -- C:\Users\Tim Weber\AppData\Local\{2ABDDAF0-90FD-4000-8361-38D912B7FD20}
[2013.07.26 16:30:25 | 000,000,000 | ---D | C] -- C:\Users\Tim Weber\AppData\Local\{0EB0E8EB-1E2B-433C-A8E4-7647D66F1F08}
[2013.07.23 11:23:39 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.07.23 11:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.07.23 11:23:38 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.07.23 11:23:35 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.07.23 11:23:34 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.07.23 11:23:32 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.07.23 11:23:23 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.07.23 11:23:22 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.07.23 11:23:06 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.07.23 11:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.07.23 11:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.07.15 22:39:07 | 000,000,000 | ---D | C] -- C:\Users\Tim Weber\AppData\Local\{FFEA71D3-63BA-4C6D-9303-075BF802247A}
[2013.07.02 19:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.07.02 19:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.07.01 21:34:15 | 000,000,000 | ---D | C] -- C:\Users\Tim Weber\AppData\Roaming\Minecraft Version Changer
[2013.07.01 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Tim Weber\AppData\Local\Craften_Dev_Team
[2013.07.01 21:33:44 | 000,000,000 | ---D | C] -- C:\Users\Tim Weber\AppData\Local\Programs
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.29 16:00:35 | 000,377,856 | ---- | M] () -- C:\Users\Tim Weber\Desktop\gmer_2.1.19163.exe
[2013.07.29 15:57:03 | 000,000,000 | ---- | M] () -- C:\Users\Tim Weber\defogger_reenable
[2013.07.29 15:55:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim Weber\Desktop\OTL.exe
[2013.07.29 15:55:14 | 000,050,477 | ---- | M] () -- C:\Users\Tim Weber\Desktop\Defogger.exe
[2013.07.29 15:43:59 | 001,529,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.29 15:43:59 | 000,665,340 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.29 15:43:59 | 000,627,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.29 15:43:59 | 000,133,552 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.29 15:43:59 | 000,109,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.29 15:22:21 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.29 15:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.29 15:09:52 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.29 15:04:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.27 22:16:06 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.27 22:16:06 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.27 22:11:48 | 000,001,922 | ---- | M] () -- C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk
[2013.07.27 18:14:57 | 2133,569,535 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.27 12:23:35 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.07.23 11:23:49 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.07.23 11:23:49 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.07.23 11:23:49 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.07.23 11:23:49 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.07.23 11:23:49 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.07.23 11:23:49 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.07.23 11:23:39 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.07.23 11:23:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.07.22 10:07:17 | 000,246,389 | ---- | M] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_15.198156.dmp
[2013.07.22 10:07:16 | 000,246,389 | ---- | M] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.724129.dmp
[2013.07.22 10:07:16 | 000,246,389 | ---- | M] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.412111.dmp
[2013.07.22 10:07:16 | 000,000,000 | ---- | M] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_16.736244.dmp
[2013.07.22 10:07:15 | 000,246,389 | ---- | M] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_13.010031.dmp
[2013.07.22 10:07:14 | 000,246,389 | ---- | M] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_10.463885.dmp
[2013.07.03 19:26:02 | 000,000,000 | ---- | M] () -- C:\END
[2013.07.03 17:13:21 | 000,484,992 | ---- | M] () -- C:\Users\Tim Weber\Desktop\Minecraft(1).exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.29 16:00:35 | 000,377,856 | ---- | C] () -- C:\Users\Tim Weber\Desktop\gmer_2.1.19163.exe
[2013.07.29 15:57:03 | 000,000,000 | ---- | C] () -- C:\Users\Tim Weber\defogger_reenable
[2013.07.29 15:55:14 | 000,050,477 | ---- | C] () -- C:\Users\Tim Weber\Desktop\Defogger.exe
[2013.07.27 12:23:35 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.07.23 11:23:49 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.07.23 11:23:49 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.07.23 11:23:49 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.07.23 11:23:39 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.07.23 11:23:29 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.07.23 11:23:27 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.07.23 11:23:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.07.22 10:07:16 | 000,000,000 | ---- | C] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_16.736244.dmp
[2013.07.22 10:07:15 | 000,246,389 | ---- | C] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_15.198156.dmp
[2013.07.22 10:07:14 | 000,246,389 | ---- | C] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.724129.dmp
[2013.07.22 10:07:14 | 000,246,389 | ---- | C] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.412111.dmp
[2013.07.22 10:07:13 | 000,246,389 | ---- | C] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_13.010031.dmp
[2013.07.22 10:07:10 | 000,246,389 | ---- | C] () -- C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_10.463885.dmp
[2013.07.03 17:14:46 | 000,484,992 | ---- | C] () -- C:\Users\Tim Weber\Desktop\Minecraft(1).exe
[2013.05.27 19:35:29 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.10.09 17:43:16 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvserv.dll
[2012.10.09 17:43:16 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvusb1.dll
[2012.10.09 17:43:16 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvhbn3.dll
[2012.10.09 17:43:16 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvcomc.dll
[2012.10.09 17:43:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvpmui.dll
[2012.10.09 17:43:16 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvlmpm.dll
[2012.10.09 17:43:16 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvcoms.exe
[2012.10.09 17:43:16 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvcomm.dll
[2012.10.09 17:43:16 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbvutil.dll
[2012.10.09 17:43:16 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvinpa.dll
[2012.10.09 17:43:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbviesc.dll
[2012.10.09 17:43:16 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvih.exe
[2012.10.09 17:43:16 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvcfg.exe
[2012.10.09 17:43:16 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBVinst.dll
[2012.10.09 17:43:16 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvppls.exe
[2012.10.09 17:43:16 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvprox.dll
[2012.10.09 17:43:16 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbvpplc.dll
[2012.08.06 18:55:54 | 000,014,051 | R--- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.07.14 13:01:43 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011.10.13 02:49:36 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.10.13 02:48:45 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.10.13 02:48:39 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2011.10.13 02:48:39 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.10.13 02:48:39 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.10.13 02:37:39 | 000,006,884 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.10.13 02:37:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.10.13 02:37:32 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2011.10.13 02:37:32 | 000,004,317 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\L
[2013.07.29 16:06:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\U
[2013.07.02 18:57:39 | 000,000,912 | ---- | M] () -- C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\U\00000001.@
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\L
[2013.07.23 12:50:25 | 000,000,000 | -HSD | M] -- C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.28 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\.minecraft
[2013.02.17 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\1S1C1F2W1B1P1C1N1T1H1P1BtF1Q1P
[2012.07.24 12:53:55 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Asocm
[2012.06.02 06:30:50 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\ASUS WebStorage
[2013.02.17 22:07:59 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Babylon
[2013.02.17 22:08:44 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\DealPly
[2013.02.17 22:09:59 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Delta
[2013.02.17 22:08:19 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\HoolappForAndroid
[2013.05.11 19:47:50 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Maxthon3
[2013.07.01 21:34:15 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Minecraft Version Changer
[2012.11.05 17:36:39 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\MTE
[2012.10.22 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Niryd
[2012.09.28 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\OpenOffice.org
[2012.06.10 18:34:35 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Opera
[2013.06.06 06:48:33 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Origin
[2012.09.28 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Premaider
[2012.10.22 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Rikuzo
[2012.07.24 12:53:55 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Ryhi
[2013.07.23 12:54:04 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Temimy
[2013.07.28 23:15:05 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\TS3Client
[2012.09.11 20:12:48 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Unity
[2013.07.09 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\Uxcu
[2013.07.26 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\Tim Weber\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         
--- --- ---

Alt 30.07.2013, 07:15   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



TDSSkiller nochmal laufen lassen, hinter dem Eintrag Services.exe Cure wählen und weiter.
Logfile in Codetags posten.

Dann:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.07.2013, 08:46   #6
Tim Weber
 
Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Code:
ATTFilter
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Tim Weber (administrator) on 30-07-2013 09:40:05
Running from C:\Users\Tim Weber\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Windows\system32\dmwu.exe
( ) C:\Windows\system32\lxbvcoms.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Users\Tim Weber\AppData\Roaming\HoolappForAndroid\Hoolapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Smartbar) C:\Users\Tim Weber\AppData\Local\Smartbar\Application\QuickShare.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(Sitecom Europe BV.) C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\WscStatusController.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17425072 2012-06-07] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Hoolapp Android] - C:\Users\TIMWEB~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe [1209392 2013-01-18] ()
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3456080 2013-06-06] (Electronic Arts)
HKCU\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Tim Weber\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-06-16] (Smartbar)
HKCU\...\Run: [Qiunavfa] - "C:\Users\Tim Weber\AppData\Roaming\Ryhi\obodm.exe" [x]
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {ee747412-ac28-11e1-994c-5404a6b890f8} - G:\Startme.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RunAIShell] - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-09] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2009-12-31] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe [737104 2011-07-05] (ecareme)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll  [2212304 2013-01-16] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
ShortcutTarget: Sitecom Wireless Utility.lnk -> C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe (Sitecom Europe BV.)
Startup: C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=hp&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=44f4e894000000000000000cf6ba4814
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={54530CA4-61BB-11E2-A97F-5404A6B890F8}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={54530CA4-61BB-11E2-A97F-5404A6B890F8}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={54530CA4-61BB-11E2-A97F-5404A6B890F8}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=44f4e894000000000000000cf6ba4814
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Lyrics Sing - {C16A630A-DE50-4432-8D5B-5A7D92727D4C} - C:\Program Files (x86)\LyricSing\lrsing.dll No File
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)

Chrome: 
=======
CHR Extension: (Lyrics Sing) - C:\Users\TIMWEB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh\1.111_0
CHR Extension: (Delta Toolbar) - C:\Users\TIMWEB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0
CHR Extension: (DealPly) - C:\Users\TIMWEB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0
CHR Extension: (Wajam) - C:\Users\TIMWEB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: (Yontoo) - C:\Users\TIMWEB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0
CHR Extension: () - C:\Users\TIMWEB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0
CHR Extension: () - C:\Users\TIMWEB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0
CHR HKLM-x32\...\Chrome\Extension: [empccjjjdnnmgajlbddhbdejjjjhijeh] - C:\Program Files (x86)\LyricSing\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Tim Weber\AppData\Roaming\Delta\delta.crx
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1447728 2013-05-21] ()
R2 lxbv_device; C:\Windows\system32\lxbvcoms.exe [566704 2007-04-25] ( )
R2 RalinkRegistryWriter; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-09] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [36448 2011-03-24] (Asmedia Technology)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-23] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-23] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-23] ()
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1865088 2010-12-02] (NXP Semiconductors Germany GmbH)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 GPU-Z; \??\C:\Users\TIMWEB~1\AppData\Local\Temp\GPU-Z.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 09:40 - 2013-07-30 09:40 - 00000000 ____D C:\FRST
2013-07-30 09:20 - 2013-07-30 09:24 - 01781589 _____ (Farbar) C:\Users\Tim Weber\Desktop\FRST64.exe
2013-07-30 09:12 - 2013-07-30 09:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-29 21:53 - 2013-07-29 21:53 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tim Weber\Desktop\tdsskiller.exe
2013-07-29 17:16 - 2013-07-29 17:16 - 943370334 _____ C:\Windows\MEMORY.DMP
2013-07-29 17:16 - 2013-07-29 17:16 - 00473280 _____ C:\Windows\Minidump\072913-23930-01.dmp
2013-07-29 17:16 - 2013-07-29 17:16 - 00000000 ____D C:\Windows\Minidump
2013-07-29 17:03 - 2013-07-29 17:03 - 00739586 _____ C:\Users\Tim Weber\Desktop\gmer.log
2013-07-29 16:10 - 2013-07-29 16:10 - 00047808 _____ C:\Users\Tim Weber\Desktop\Extras.Txt
2013-07-29 16:09 - 2013-07-29 16:09 - 00137584 _____ C:\Users\Tim Weber\Desktop\OTL.Txt
2013-07-29 16:00 - 2013-07-29 16:00 - 00377856 _____ C:\Users\Tim Weber\Desktop\gmer_2.1.19163.exe
2013-07-29 15:57 - 2013-07-29 15:57 - 00000480 _____ C:\Users\Tim Weber\Desktop\defogger_disable.log
2013-07-29 15:57 - 2013-07-29 15:57 - 00000000 _____ C:\Users\Tim Weber\defogger_reenable
2013-07-29 15:55 - 2013-07-29 15:55 - 00602112 _____ (OldTimer Tools) C:\Users\Tim Weber\Desktop\OTL.exe
2013-07-29 15:55 - 2013-07-29 15:55 - 00050477 _____ C:\Users\Tim Weber\Desktop\Defogger.exe
2013-07-27 12:23 - 2013-07-27 12:23 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 17:06 - 2013-07-26 17:06 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\XMedia Recode
2013-07-26 16:54 - 2013-07-26 16:55 - 05099868 _____ (XMedia Recode                                               ) C:\Users\Tim Weber\Downloads\XMediaRecode3148_setup.exe
2013-07-26 16:34 - 2013-07-26 16:34 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\{0540E39E-83E9-4D42-8888-648F27BB27BC}
2013-07-26 16:33 - 2013-07-26 16:34 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\{2ABDDAF0-90FD-4000-8361-38D912B7FD20}
2013-07-26 16:30 - 2013-07-26 16:30 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\{0EB0E8EB-1E2B-433C-A8E4-7647D66F1F08}
2013-07-23 11:23 - 2013-07-23 11:35 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-23 11:23 - 2013-07-23 11:23 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-23 11:23 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-23 11:23 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-23 11:23 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-23 11:23 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-23 11:23 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-23 11:23 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-23 11:23 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-23 11:22 - 2013-07-23 11:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-23 11:22 - 2013-07-23 11:22 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-23 11:00 - 2013-07-23 11:12 - 117478104 _____ C:\Users\Tim Weber\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_15.198156.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.724129.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.412111.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_13.010031.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_10.463885.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00000000 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_16.736244.dmp
2013-07-15 22:39 - 2013-07-15 22:39 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\{FFEA71D3-63BA-4C6D-9303-075BF802247A}
2013-07-03 17:14 - 2013-07-03 17:13 - 00484992 _____ C:\Users\Tim Weber\Desktop\Minecraft(1).exe
2013-07-02 19:05 - 2013-07-02 19:05 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-01 21:34 - 2013-07-01 21:34 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\Craften_Dev_Team
2013-07-01 21:34 - 2013-07-01 21:34 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Minecraft Version Changer

==================== One Month Modified Files and Folders =======

2013-07-30 09:39 - 2012-09-21 18:32 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-30 09:39 - 2012-06-17 12:47 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Skype
2013-07-30 09:38 - 2013-05-25 18:04 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-30 09:38 - 2012-06-02 23:42 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\LogMeIn Hamachi
2013-07-30 09:37 - 2012-09-06 18:43 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 09:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 09:37 - 2009-07-14 06:51 - 00088387 _____ C:\Windows\setupact.log
2013-07-30 09:36 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 09:36 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 09:32 - 2012-06-01 22:26 - 01742248 _____ C:\Windows\WindowsUpdate.log
2013-07-30 09:24 - 2013-07-30 09:20 - 01781589 _____ (Farbar) C:\Users\Tim Weber\Desktop\FRST64.exe
2013-07-30 09:21 - 2012-09-06 18:43 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 09:16 - 2012-06-10 18:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 09:15 - 2009-07-14 01:19 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2013-07-30 09:12 - 2013-07-30 09:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-30 00:40 - 2012-12-20 21:50 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\.minecraft
2013-07-30 00:40 - 2012-06-20 18:51 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\TS3Client
2013-07-29 21:53 - 2013-07-29 21:53 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tim Weber\Desktop\tdsskiller.exe
2013-07-29 21:08 - 2013-02-17 22:08 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-29 17:16 - 2013-07-29 17:16 - 943370334 _____ C:\Windows\MEMORY.DMP
2013-07-29 17:16 - 2013-07-29 17:16 - 00473280 _____ C:\Windows\Minidump\072913-23930-01.dmp
2013-07-29 17:16 - 2013-07-29 17:16 - 00000000 ____D C:\Windows\Minidump
2013-07-29 17:03 - 2013-07-29 17:03 - 00739586 _____ C:\Users\Tim Weber\Desktop\gmer.log
2013-07-29 16:10 - 2013-07-29 16:10 - 00047808 _____ C:\Users\Tim Weber\Desktop\Extras.Txt
2013-07-29 16:09 - 2013-07-29 16:09 - 00137584 _____ C:\Users\Tim Weber\Desktop\OTL.Txt
2013-07-29 16:00 - 2013-07-29 16:00 - 00377856 _____ C:\Users\Tim Weber\Desktop\gmer_2.1.19163.exe
2013-07-29 15:57 - 2013-07-29 15:57 - 00000480 _____ C:\Users\Tim Weber\Desktop\defogger_disable.log
2013-07-29 15:57 - 2013-07-29 15:57 - 00000000 _____ C:\Users\Tim Weber\defogger_reenable
2013-07-29 15:57 - 2012-06-01 22:27 - 00000000 ____D C:\Users\Tim Weber
2013-07-29 15:55 - 2013-07-29 15:55 - 00602112 _____ (OldTimer Tools) C:\Users\Tim Weber\Desktop\OTL.exe
2013-07-29 15:55 - 2013-07-29 15:55 - 00050477 _____ C:\Users\Tim Weber\Desktop\Defogger.exe
2013-07-29 15:55 - 2012-08-21 20:42 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFCC396F-5B23-4263-A720-8D4804449E98}
2013-07-29 15:43 - 2011-03-15 23:23 - 00665340 _____ C:\Windows\system32\perfh007.dat
2013-07-29 15:43 - 2011-03-15 23:23 - 00133552 _____ C:\Windows\system32\perfc007.dat
2013-07-29 15:43 - 2009-07-14 07:13 - 01529092 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 18:12 - 2013-03-03 17:59 - 00000000 ____D C:\Program Files (x86)\LyricSing
2013-07-27 12:23 - 2013-07-27 12:23 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-27 12:23 - 2012-09-06 18:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 17:06 - 2013-07-26 17:06 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\XMedia Recode
2013-07-26 16:55 - 2013-07-26 16:54 - 05099868 _____ (XMedia Recode                                               ) C:\Users\Tim Weber\Downloads\XMediaRecode3148_setup.exe
2013-07-26 16:34 - 2013-07-26 16:34 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\{0540E39E-83E9-4D42-8888-648F27BB27BC}
2013-07-26 16:34 - 2013-07-26 16:33 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\{2ABDDAF0-90FD-4000-8361-38D912B7FD20}
2013-07-26 16:30 - 2013-07-26 16:30 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\{0EB0E8EB-1E2B-433C-A8E4-7647D66F1F08}
2013-07-23 12:54 - 2012-10-22 16:52 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Temimy
2013-07-23 11:35 - 2013-07-23 11:23 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-23 11:25 - 2012-06-17 13:22 - 00000000 ____D C:\Users\Tim Weber\Downloads\Minecraft
2013-07-23 11:23 - 2013-07-23 11:23 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-23 11:22 - 2013-07-23 11:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-23 11:22 - 2013-07-23 11:22 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-23 11:12 - 2013-07-23 11:00 - 117478104 _____ C:\Users\Tim Weber\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-23 11:06 - 2012-11-05 17:35 - 00000000 ____D C:\Program Files (x86)\Minecraft Texturepack Editor
2013-07-23 11:05 - 2012-08-17 23:56 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_15.198156.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.724129.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.412111.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_13.010031.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_10.463885.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00000000 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_16.736244.dmp
2013-07-15 22:39 - 2013-07-15 22:39 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\{FFEA71D3-63BA-4C6D-9303-075BF802247A}
2013-07-15 15:07 - 2013-05-26 08:33 - 00000000 ____D C:\Users\Tim Weber\Documents\FIFA 13
2013-07-15 09:00 - 2010-11-21 05:47 - 00271480 _____ C:\Windows\PFRO.log
2013-07-13 13:16 - 2012-09-06 18:43 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 13:16 - 2012-09-06 18:43 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-09 19:13 - 2012-07-24 12:53 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Uxcu
2013-07-03 19:26 - 2013-03-07 20:24 - 00000000 _____ C:\END
2013-07-03 17:13 - 2013-07-03 17:14 - 00484992 _____ C:\Users\Tim Weber\Desktop\Minecraft(1).exe
2013-07-02 19:05 - 2013-07-02 19:05 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-01 21:34 - 2013-07-01 21:34 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\Craften_Dev_Team
2013-07-01 21:34 - 2013-07-01 21:34 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Minecraft Version Changer

ZeroAccess:
C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}

ZeroAccess:
C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 16:39

==================== End Of Log ============================
         
--- --- ---










Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by Tim Weber at 2013-07-30 09:40:43
Running from C:\Users\Tim Weber\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
64 Bit HP CIO Components Installer (Version: 1.2.0)
Adobe Acrobat 4.0 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.4) MUI (x32 Version: 10.1.4)
AI Manager (x32 Version: 1.09.06)
AI Suite II (x32 Version: 1.01.40)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Arctic Combat (x32)
Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.2.2.000)
ASUS Backup Wizard (x32 Version: 1.00.11)
ASUS Easy Update (x32 Version: 2.00.21)
ASUS WebStorage (x32 Version: 3.0.104.216)
AsusVibe2.0 (x32 Version: 2.0.4.628)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bing Bar (x32 Version: 7.1.391.0)
BloatFish (x32 Version: 1.0.0.0)
BloatFish Packages (HKCU)
Bonjour (Version: 3.0.0.10)
BrowserProtect (x32)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
D3DX10 (x32 Version: 15.4.2368.0902)
DealPly (HKCU)
DealPly (x32 Version: )
Delta Chrome Toolbar (x32 Version: 1.0.0.0)
Delta toolbar   (x32 Version: 1.8.10.0)
DomaIQ Uninstaller (x32)
Driver San Francisco (x32 Version: 1.4.0.0)
EA SPORTS online 2007 (x32)
F1 2012 (x32)
FIFA 13 (x32 Version: 1.8.0.0)
Flock (2.5.6) (x32 Version: 2.5.6 (en-US))
Fraps (remove only) (x32)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Hoolapp For Android (HKCU)
HP Officejet 6600 - Grundlegende Software für das Gerät (Version: 25.0.619.0)
HP Officejet 6600 Hilfe (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.003.000.004)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
IB Updater Service (x32 Version: 3.0.5.4)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Internet Explorer Toolbar 4.7 by SweetPacks (x32 Version: 4.7.0002)
iTunes (Version: 11.0.1.12)
Java 7 Update 7 (x32 Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.0)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Lyrics Sing (x32)
mark 2200 Series
Maxthon Cloud Browser (x32 Version: 4.0.6.2000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MindManager Smart (x32 Version: 2.1.3)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
Need for Speed™ Most Wanted (x32 Version: 1.0.0.0)
NVIDIA 3D Vision Controller-Treiber 320.18 (Version: 320.18)
NVIDIA Grafiktreiber 320.18 (Version: 320.18)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Systemsteuerung 320.18 (Version: 320.18)
OpenAL (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.15 (x32 Version: 12.15.1748)
Origin (x32 Version: 9.0.10.69)
Pando Media Booster (x32 Version: 2.6.0.8)
PlanetSide 2 (x32)
QuickShare (x32 Version: 1.38.61.10911)
Rapture3D 2.4.9 Game (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011)
Realtek Ethernet Diagnostic Utility (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Sitecom Europe BV Wireless LAN (x32 Version: 1.5.6.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 5.10 (x32 Version: 5.10.114)
Steam (x32 Version: 1.0.0.0)
Studie zur Verbesserung von HP Officejet 6600 Produkten (Version: 25.0.619.0)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007)
Sweetpacks Bundle Uninstaller (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
TechPowerUp GPU-Z (x32)
Trend Micro Titanium Internet Security (Version: 3.00)
Trend Micro Titanium Internet Security (Version: 3.1.1109)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.11 (32-Bit) (x32 Version: 4.11.0)
Yontoo 1.12.02 (Version: 1.12.02)

==================== Restore Points  =========================

25-07-2013 11:33:50 Geplanter Prüfpunkt
28-07-2013 17:00:19 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {130B05CB-2CFD-4F81-B0B0-DD02F3952813} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {2415B89A-BADE-42AE-9473-F7E1B960D386} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {2F334437-5A96-400C-8EA2-13C51658B2EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
Task: {3CAD0F4B-4D52-4EAC-917A-8F43D1A26A89} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {40D7FE59-18C4-4B22-8EEE-C30E9CE2B0FD} - System32\Tasks\User_Feed_Synchronization-{FFCC396F-5B23-4263-A720-8D4804449E98} => C:\Windows\system32\msfeedssync.exe [2011-10-13] (Microsoft Corporation)
Task: {4B31B1E4-7E38-4992-962C-693F58C406EB} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {4D631910-7412-404C-99B0-52F8CE100D46} - System32\Tasks\DealPly => C:\Users\TIMWEB~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE [2013-03-10] ()
Task: {551918F1-D38D-4CC3-8471-0BE0EC2CE06B} - System32\Tasks\Software Updater => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Bootstrapper.exe No File
Task: {5BD6BB80-ADA2-4915-99B5-36F85665EBCD} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {62731120-31FB-4393-8F18-08748B834071} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
Task: {688F57C3-CF32-438F-A584-EA76A8AF7605} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {699515AF-1D33-4468-826F-A17CB56FAAE1} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [2013-01-16] (DealPly)
Task: {71F8B670-434C-4015-8EB4-CFC590BD44E8} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-24] (ASUSTeK Computer Inc.)
Task: {84C3BB53-D3CD-4609-A830-C9E5B4B1E049} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {93047097-8499-4088-95BB-D7B39C889D80} - System32\Tasks\Hoolapp Init => C:\Users\TIMWEB~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe [2013-01-18] ()
Task: {9FD9AEE9-5222-42C1-AF95-A526051F94AF} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Ui.exe No File
Task: {C4D0FD41-826D-48AA-A5B5-4184B6D8C8CC} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-27] (ASUSTeK Computer Inc.)
Task: {F3AC7492-65F7-4A79-A8BE-078E74B89534} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-05-06] (Maxthon International ltd.)
Task: {F628EFD8-FFEA-4F7E-BE7C-753E664058E2} - System32\Tasks\Hoolapp For Android => C:\Users\TIMWEB~1\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE [2013-01-18] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2013 09:37:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2013 09:30:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2013 09:16:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2013 09:16:14 AM) (Source: atkexComSvc.exe) (User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen

Error: (07/29/2013 05:19:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 04:17:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/30/2013 09:41:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Security Center" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (07/30/2013 09:41:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Security Center" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (07/30/2013 09:39:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Security Center" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (07/30/2013 09:39:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (07/30/2013 09:39:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (07/30/2013 09:39:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (07/30/2013 09:39:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (07/30/2013 09:38:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Security Center" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (07/30/2013 09:38:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (07/30/2013 09:38:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (07/30/2013 09:37:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2013 09:30:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2013 09:16:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2013 09:16:14 AM) (Source: atkexComSvc.exe)(User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen

Error: (07/29/2013 05:19:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 04:17:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 8174.31 MB
Available physical RAM: 6141.44 MB
Total Pagefile: 16346.81 MB
Available Pagefile: 14243.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:344.42 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:1103.63 GB) (Free:205.88 GB) NTFS (Disk=0 Partition=3)
Drive f: () (Removable) (Total:15.02 GB) (Free:9.67 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 12AFB731)
Partition 1: (Not Active) - (Size=14 GB) - (Type=1B)
Partition 2: (Active) - (Size=745 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-1014013886464) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
         




Soll ich auch noch die gmer.txt posten? Danke für die weitere Hilfe


LG, Tim Weber

Alt 30.07.2013, 09:14   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Nee brauch ich nit

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Tim Weber\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-06-16] (Smartbar)
HKCU\...\Run: [Qiunavfa] - "C:\Users\Tim Weber\AppData\Roaming\Ryhi\obodm.exe" [x]
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}\n. ATTENTION! ====> ZeroAccess?
C:\Users\Tim Weber\AppData\Local\Smartbar
C:\Users\Tim Weber\AppData\Roaming\Ryhi
ZeroAccess:
C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}

ZeroAccess:
C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a}
         


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.07.2013, 10:35   #8
Tim Weber
 
Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Tim Weber at 2013-07-30 10:59:11 Run:1
Running from C:\Users\Tim Weber\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Qiunavfa => Value deleted successfully.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.

"C:\Users\Tim Weber\AppData\Local\Smartbar" directory move:

C:\Users\Tim Weber\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.952\user.config => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.924\user.config => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.827\user.config => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.696\user.config => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.38.61.10911\user.config => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\DistributionFiles\Profiles\13131313-1313-1313-1313-131313131313.xml => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\DistributionFiles\Configs\IconsSettings.xml => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\DistributionFiles\Configs\LocalMethods.xml => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\DistributionFiles\Configs\ProfileManager.xml => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\DistributionFiles\Configs\PublisherSettings.xml => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\DistributionFiles\Configs\UserSettings.xml => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.NotepadPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.ScreenCapturePlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.UninstallProductsPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\00659FA4-2CAD-45fc-A8A0-DB7862840BA9.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\00659FA4-2CAD-45fc-A8A0-DB7862840BA9hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\00659FA4-2CAD-45fc-A8A0-DB7862840BA9press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\07a9a58b-c653-4285-a870-1fa70cb6c00c.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\07a9a58b-c653-4285-a870-1fa70cb6c00c.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\07a9a58b-c653-4285-a870-1fa70cb6c00chover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\07a9a58b-c653-4285-a870-1fa70cb6c00cpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0A2DE7DB-ADE9-44FC-BC66-CF5604F9BF7A.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0A2DE7DB-ADE9-44FC-BC66-CF5604F9BF7Ahover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0A2DE7DB-ADE9-44FC-BC66-CF5604F9BF7Apress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0DB19630-EB33-4B18-8357-78FC2687C788.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0DB19630-EB33-4B18-8357-78FC2687C788hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0DB19630-EB33-4B18-8357-78FC2687C788press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0E29BC94-7C9B-4A23-B682-81D0D1A806E1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0E29BC94-7C9B-4A23-B682-81D0D1A806E1hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0E29BC94-7C9B-4A23-B682-81D0D1A806E1press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0FA6F971-16AA-4921-A39F-543C9839CABE.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0FA6F971-16AA-4921-A39F-543C9839CABEhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\0FA6F971-16AA-4921-A39F-543C9839CABEpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\101FF2F5-9F51-405F-ACBB-D4A5F3601679.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\101FF2F5-9F51-405F-ACBB-D4A5F3601679hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\101FF2F5-9F51-405F-ACBB-D4A5F3601679press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE081313.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE081313hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE081313press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE08E613.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE08E613hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE08E613press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE131313.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE131313hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\139D15A7-C5E1-4C5E-ABF2-484DBE131313press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1A039A19-BD34-4760-8DE0-E9A8E8AA8827.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1A039A19-BD34-4760-8DE0-E9A8E8AA8827hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1A039A19-BD34-4760-8DE0-E9A8E8AA8827press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1A19CD12-F9A2-44A6-8F44-F3A95E0081A0.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1A19CD12-F9A2-44A6-8F44-F3A95E0081A0hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1A19CD12-F9A2-44A6-8F44-F3A95E0081A0press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1FFDDB6E-8EB3-4CE0-9C2B-44910A3C5975.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1FFDDB6E-8EB3-4CE0-9C2B-44910A3C5975hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\1FFDDB6E-8EB3-4CE0-9C2B-44910A3C5975press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\2141A104-423C-43EF-A27A-CA0DADB7B9BC.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\2141A104-423C-43EF-A27A-CA0DADB7B9BChover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\2141A104-423C-43EF-A27A-CA0DADB7B9BCpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\225323D0-97BB-46E4-85E1-15EA27174BF4.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\225323D0-97BB-46E4-85E1-15EA27174BF4hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\225323D0-97BB-46E4-85E1-15EA27174BF4press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\23E3FEB8-E6FF-4475-811A-805773D02D08.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\23E3FEB8-E6FF-4475-811A-805773D02D08hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\23E3FEB8-E6FF-4475-811A-805773D02D08press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\26E2804B-65B5-47E1-A457-DAA75A2B1370.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\26E2804B-65B5-47E1-A457-DAA75A2B1370hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\26E2804B-65B5-47E1-A457-DAA75A2B1370press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\28E2C7BC-F857-44D5-A42F-7DD66FAB5EE6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\28E2C7BC-F857-44D5-A42F-7DD66FAB5EE6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\28E2C7BC-F857-44D5-A42F-7DD66FAB5EE6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\2C37338C-837B-4846-B50B-E32D70C6A0F5.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\2C37338C-837B-4846-B50B-E32D70C6A0F5hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\2C37338C-837B-4846-B50B-E32D70C6A0F5press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30657846-199A-4D0D-984D-BE588084F1F6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30657846-199A-4D0D-984D-BE588084F1F6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30657846-199A-4D0D-984D-BE588084F1F6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30DEBC8A-1CC6-4480-B3E5-C55E214043A8.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30DEBC8A-1CC6-4480-B3E5-C55E214043A8Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30DEBC8A-1CC6-4480-B3E5-C55E214043A8Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30DFF8F0-BA79-4360-A3EA-51B6D006133C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30DFF8F0-BA79-4360-A3EA-51B6D006133CHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\30DFF8F0-BA79-4360-A3EA-51B6D006133CPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\328F7722-52E8-46A6-9197-B2F27C5142C7.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\328F7722-52E8-46A6-9197-B2F27C5142C7hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\328F7722-52E8-46A6-9197-B2F27C5142C7press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\372FF78B-6E4B-4B38-8E3F-797B4680FB98.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\372FF78B-6E4B-4B38-8E3F-797B4680FB98hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\372FF78B-6E4B-4B38-8E3F-797B4680FB98press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\39028511-3F15-4442-9188-DDC86BE1BBD0.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\39028511-3F15-4442-9188-DDC86BE1BBD0hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\39028511-3F15-4442-9188-DDC86BE1BBD0press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\39079B96-6DD1-42DE-89E6-76F79C8BB4E4.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\39079B96-6DD1-42DE-89E6-76F79C8BB4E4Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\39079B96-6DD1-42DE-89E6-76F79C8BB4E4Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\3C610B86-19DE-4757-B46A-871C9C27FF0A.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\3C610B86-19DE-4757-B46A-871C9C27FF0AHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\3C610B86-19DE-4757-B46A-871C9C27FF0APress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\3f9ac55c-6db5-4c01-9d34-a92da2347be6.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\3f9ac55c-6db5-4c01-9d34-a92da2347be6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\3f9ac55c-6db5-4c01-9d34-a92da2347be6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\3f9ac55c-6db5-4c01-9d34-a92da2347be6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\412D5531-A3E1-40BB-B0C3-71E3C45A4E13.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\412D5531-A3E1-40BB-B0C3-71E3C45A4E13hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\412D5531-A3E1-40BB-B0C3-71E3C45A4E13press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\47BFF758-9581-4C68-9293-1181A70CDEE8.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\47BFF758-9581-4C68-9293-1181A70CDEE8Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\47BFF758-9581-4C68-9293-1181A70CDEE8Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\48A9C19C-5A4C-4652-A6E7-1C17AEE45675.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\48A9C19C-5A4C-4652-A6E7-1C17AEE45675Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\48A9C19C-5A4C-4652-A6E7-1C17AEE45675Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\4a110a71-0e7e-4552-af6e-3ef88b2d6511.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\4a110a71-0e7e-4552-af6e-3ef88b2d6511.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\4a110a71-0e7e-4552-af6e-3ef88b2d6511Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\4a110a71-0e7e-4552-af6e-3ef88b2d6511Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\511B6809-2468-4A36-A6FC-FC24F05499BE.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\511B6809-2468-4A36-A6FC-FC24F05499BEHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\511B6809-2468-4A36-A6FC-FC24F05499BEPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5252af60-ef03-41a8-babe-415dba235478.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5252af60-ef03-41a8-babe-415dba235478.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5252af60-ef03-41a8-babe-415dba235478Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5252af60-ef03-41a8-babe-415dba235478Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\536b9063-fc09-4e82-8769-73c77317aae6.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\536b9063-fc09-4e82-8769-73c77317aae6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\536b9063-fc09-4e82-8769-73c77317aae6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\536b9063-fc09-4e82-8769-73c77317aae6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5558C4C6-18C1-4AF3-8F8D-0E2CF70D19C8.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5558C4C6-18C1-4AF3-8F8D-0E2CF70D19C8hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5558C4C6-18C1-4AF3-8F8D-0E2CF70D19C8press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\56591C8E-DA35-4A97-AC9B-5055E0F7089E.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\56591C8E-DA35-4A97-AC9B-5055E0F7089Ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\56591C8E-DA35-4A97-AC9B-5055E0F7089Epress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\56B19DA1-B4C5-4FCF-87D0-44E8B2C1002A.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\56B19DA1-B4C5-4FCF-87D0-44E8B2C1002Ahover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\56B19DA1-B4C5-4FCF-87D0-44E8B2C1002Apress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5D0A6D97-85F2-47E9-8F04-04A747B25A0E.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5D0A6D97-85F2-47E9-8F04-04A747B25A0Ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5D0A6D97-85F2-47E9-8F04-04A747B25A0Epress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5F1B269B-7C66-474F-A473-BE7FA51BE5B2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5F1B269B-7C66-474F-A473-BE7FA51BE5B2hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5F1B269B-7C66-474F-A473-BE7FA51BE5B2press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5F488FA5-C35B-44A9-A0E4-2C7B41035780.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5F488FA5-C35B-44A9-A0E4-2C7B41035780hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\5F488FA5-C35B-44A9-A0E4-2C7B41035780press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\65B1A402-FC79-410D-AE1C-AF92E206AC1D.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\65B1A402-FC79-410D-AE1C-AF92E206AC1Dhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\65B1A402-FC79-410D-AE1C-AF92E206AC1Dpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\69C7DFE3-CDAE-4A22-B753-93ABF8BAE7EC.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\69C7DFE3-CDAE-4A22-B753-93ABF8BAE7EChover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\69C7DFE3-CDAE-4A22-B753-93ABF8BAE7ECpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\708d8b1e-6545-474a-9f07-d854acf8ad43.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\708d8b1e-6545-474a-9f07-d854acf8ad43.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\708d8b1e-6545-474a-9f07-d854acf8ad43hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\708d8b1e-6545-474a-9f07-d854acf8ad43press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\72CDFC8C-6F2D-4df8-9811-18C4D682C406.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\72CDFC8C-6F2D-4df8-9811-18C4D682C406hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\72CDFC8C-6F2D-4df8-9811-18C4D682C406press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\7CF3BACC-BF1C-4860-BB4E-F1A8440250FE.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\7CF3BACC-BF1C-4860-BB4E-F1A8440250FEhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\7CF3BACC-BF1C-4860-BB4E-F1A8440250FEpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\7fe83ae9-caef-41f0-aa99-d114c0ce3941.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\7fe83ae9-caef-41f0-aa99-d114c0ce3941.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\7fe83ae9-caef-41f0-aa99-d114c0ce3941hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\7fe83ae9-caef-41f0-aa99-d114c0ce3941press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8217d395-9ebe-4ebb-807c-38cc911a307f.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8217d395-9ebe-4ebb-807c-38cc911a307f.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8217d395-9ebe-4ebb-807c-38cc911a307fHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8217d395-9ebe-4ebb-807c-38cc911a307fPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\83B4B6FE-910D-412E-BED4-E3AFA6E5CA61.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\83B4B6FE-910D-412E-BED4-E3AFA6E5CA61hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\83B4B6FE-910D-412E-BED4-E3AFA6E5CA61press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\85CF6427-8441-427A-859A-7A3C72288481.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\85CF6427-8441-427A-859A-7A3C72288481hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\85CF6427-8441-427A-859A-7A3C72288481press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\87442BEF-FD31-405C-A807-650CB7CC8886.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\87442BEF-FD31-405C-A807-650CB7CC8886hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\87442BEF-FD31-405C-A807-650CB7CC8886press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\89582936-094c-4880-b87a-2af16fc31313.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\89582936-094c-4880-b87a-2af16fc31313Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\89582936-094c-4880-b87a-2af16fc31313Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\89582936-094C-4880-B87A-2AF16FC33B2C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\89582936-094C-4880-B87A-2AF16FC33B2Chover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\89582936-094C-4880-B87A-2AF16FC33B2Cpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8b3608b1-c2d5-4ad3-a382-33601228c6d3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8b3608b1-c2d5-4ad3-a382-33601228c6d3hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8b3608b1-c2d5-4ad3-a382-33601228c6d3press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8D338D8F-3189-41AB-BCFF-2958D48AAA6A.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8D338D8F-3189-41AB-BCFF-2958D48AAA6AHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8D338D8F-3189-41AB-BCFF-2958D48AAA6APress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8F4131CE-D4F0-4F08-9102-78C397F3748C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8F4131CE-D4F0-4F08-9102-78C397F3748CHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\8F4131CE-D4F0-4F08-9102-78C397F3748CPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\90165d32-a3ef-438c-8625-be9b538b6eba.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\90165d32-a3ef-438c-8625-be9b538b6eba.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\90165d32-a3ef-438c-8625-be9b538b6ebaHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\90165d32-a3ef-438c-8625-be9b538b6ebaPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\925D8F0E-E5EA-45F9-A657-0C14B68C4A61.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\925D8F0E-E5EA-45F9-A657-0C14B68C4A61hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\925D8F0E-E5EA-45F9-A657-0C14B68C4A61press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\929407CC-7E48-47E0-A9F9-A4A167AC24D1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\929407CC-7E48-47E0-A9F9-A4A167AC24D1hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\929407CC-7E48-47E0-A9F9-A4A167AC24D1press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\95ae73f0-9799-46fd-bceb-57efcb7f0537.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\95ae73f0-9799-46fd-bceb-57efcb7f0537.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\95ae73f0-9799-46fd-bceb-57efcb7f0537hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\95ae73f0-9799-46fd-bceb-57efcb7f0537press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\95D9E2EA-40AD-40B8-95D0-58209F584BBE.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\95D9E2EA-40AD-40B8-95D0-58209F584BBEHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\95D9E2EA-40AD-40B8-95D0-58209F584BBEPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\99938D89-FF78-49C8-B92B-5AB4C8DFA2D1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\99938D89-FF78-49C8-B92B-5AB4C8DFA2D1hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\99938D89-FF78-49C8-B92B-5AB4C8DFA2D1press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A1D51ECC-DBD7-4C7E-9A75-364B8E2F1D8C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A1D51ECC-DBD7-4C7E-9A75-364B8E2F1D8Chover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A1D51ECC-DBD7-4C7E-9A75-364B8E2F1D8Cpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A1F75F5D-1D24-4F7A-9ABC-BDA55E332E67.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A1F75F5D-1D24-4F7A-9ABC-BDA55E332E67hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A1F75F5D-1D24-4F7A-9ABC-BDA55E332E67press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A46C5E77-16B5-42A0-8761-C6F861D22308.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A46C5E77-16B5-42A0-8761-C6F861D22308Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A46C5E77-16B5-42A0-8761-C6F861D22308Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A75C6A50-13B0-4704-AA87-8DD113E31310.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A75C6A50-13B0-4704-AA87-8DD113E31310hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A75C6A50-13B0-4704-AA87-8DD113E31310press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A89DA5A2-D390-47F4-84EF-6044EC8AC368.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A89DA5A2-D390-47F4-84EF-6044EC8AC368hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\A89DA5A2-D390-47F4-84EF-6044EC8AC368press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\a94e6710-6021-4cdc-82de-1c001238bd8f.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\a94e6710-6021-4cdc-82de-1c001238bd8f.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\a94e6710-6021-4cdc-82de-1c001238bd8fHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\a94e6710-6021-4cdc-82de-1c001238bd8fPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B1BEF453-913F-4EC4-B057-A2BB21C09DCB.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B1BEF453-913F-4EC4-B057-A2BB21C09DCB.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B1BEF453-913F-4EC4-B057-A2BB21C09DCBhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B1BEF453-913F-4EC4-B057-A2BB21C09DCBpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B1FE90EC-CEDA-4467-86CE-6CD7F1D3D55F.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B1FE90EC-CEDA-4467-86CE-6CD7F1D3D55Fhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B1FE90EC-CEDA-4467-86CE-6CD7F1D3D55Fpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B81443D4-15F7-4B97-9DC8-3645A012C817.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B81443D4-15F7-4B97-9DC8-3645A012C817hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\B81443D4-15F7-4B97-9DC8-3645A012C817press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\bbf677d4-d0bc-4a59-be4a-6a6cfd3c6c28.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\bbf677d4-d0bc-4a59-be4a-6a6cfd3c6c28hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\bbf677d4-d0bc-4a59-be4a-6a6cfd3c6c28press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BC303DD4-37E7-4242-8DDD-8DEE2171066B.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BC303DD4-37E7-4242-8DDD-8DEE2171066Bhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BC303DD4-37E7-4242-8DDD-8DEE2171066Bpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\bc8dcde3-3fd0-4f9b-af5d-15c20f3239ab.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\bc8dcde3-3fd0-4f9b-af5d-15c20f3239ab.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\bc8dcde3-3fd0-4f9b-af5d-15c20f3239abhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\bc8dcde3-3fd0-4f9b-af5d-15c20f3239abpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BCE4103A-6273-4E49-8B43-2BDEDA1C91B0.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BCE4103A-6273-4E49-8B43-2BDEDA1C91B0hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BCE4103A-6273-4E49-8B43-2BDEDA1C91B0press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BE3608B1-C2D5-4AD3-A382-45635338C6D1.PNG => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BE3608B1-C2D5-4AD3-A382-45635338C6D1HOVER.PNG => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\BE3608B1-C2D5-4AD3-A382-45635338C6D1PRESS.PNG => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C0AC006A-9C65-42F9-AE11-D675DCCC6840.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C0AC006A-9C65-42F9-AE11-D675DCCC6840hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C0AC006A-9C65-42F9-AE11-D675DCCC6840press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\c1546a00-e42d-4ce7-aac5-5353a895f3cf.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\c1546a00-e42d-4ce7-aac5-5353a895f3cf.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\c1546a00-e42d-4ce7-aac5-5353a895f3cfhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\c1546a00-e42d-4ce7-aac5-5353a895f3cfpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C41AD485-FE91-4EFE-A613-66CB2BA96EAB.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C41AD485-FE91-4EFE-A613-66CB2BA96EABHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C41AD485-FE91-4EFE-A613-66CB2BA96EABPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C438F0F0-525A-4942-8307-6B71E596367D.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C438F0F0-525A-4942-8307-6B71E596367Dhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C438F0F0-525A-4942-8307-6B71E596367Dpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C48E3725-71FB-4824-969A-C6D428C18A2B.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C48E3725-71FB-4824-969A-C6D428C18A2Bhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\C48E3725-71FB-4824-969A-C6D428C18A2Bpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CCEE5A80-8C88-4BB1-89BF-4A7EFF93E452.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CCEE5A80-8C88-4BB1-89BF-4A7EFF93E452hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CCEE5A80-8C88-4BB1-89BF-4A7EFF93E452press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CCF42F56-0405-4697-A513-AA01DEE5DF02.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CCF42F56-0405-4697-A513-AA01DEE5DF02hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CCF42F56-0405-4697-A513-AA01DEE5DF02press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CE1500FE-6F59-421C-8005-3E137AC051A2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CE1500FE-6F59-421C-8005-3E137AC051A2hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CE1500FE-6F59-421C-8005-3E137AC051A2press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CFEFCFCB-4871-46CD-86F7-14C1F17A7FF6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CFEFCFCB-4871-46CD-86F7-14C1F17A7FF6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\CFEFCFCB-4871-46CD-86F7-14C1F17A7FF6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D13971C4-4DA8-4C4B-87F6-17E97BFE7448.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D13971C4-4DA8-4C4B-87F6-17E97BFE7448hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D13971C4-4DA8-4C4B-87F6-17E97BFE7448press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D2B0680C-17C4-492D-85D7-D4CA3E724D50.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D2B0680C-17C4-492D-85D7-D4CA3E724D50hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D2B0680C-17C4-492D-85D7-D4CA3E724D50press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D469E1BA-B745-45B3-B7EE-378E000E74C8.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D469E1BA-B745-45B3-B7EE-378E000E74C8Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D469E1BA-B745-45B3-B7EE-378E000E74C8Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D5113B95-781C-4737-A26F-3ED3A2CB876F.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D5113B95-781C-4737-A26F-3ED3A2CB876FHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D5113B95-781C-4737-A26F-3ED3A2CB876FPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\d65acfc2-6ab9-4b66-84fc-ecc7813e35c1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\d65acfc2-6ab9-4b66-84fc-ecc7813e35c1Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\d65acfc2-6ab9-4b66-84fc-ecc7813e35c1Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\d65acfc2-6ab9-4b66-84fc-ecc7813e35d0.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\d65acfc2-6ab9-4b66-84fc-ecc7813e35d0.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\d65acfc2-6ab9-4b66-84fc-ecc7813e35d0Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\d65acfc2-6ab9-4b66-84fc-ecc7813e35d0Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D8043E67-EBD0-4ABD-A5A4-63CF4DADFC85.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D8043E67-EBD0-4ABD-A5A4-63CF4DADFC85hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\D8043E67-EBD0-4ABD-A5A4-63CF4DADFC85press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\DBE2517B-67B8-4D8B-A7CC-B66F8FE52D82.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\DBE2517B-67B8-4D8B-A7CC-B66F8FE52D82hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\DBE2517B-67B8-4D8B-A7CC-B66F8FE52D82press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\DCF8B81C-11B5-4B12-A6E5-F74F09BBDD4C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\DCF8B81C-11B5-4B12-A6E5-F74F09BBDD4Chover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\DCF8B81C-11B5-4B12-A6E5-F74F09BBDD4Cpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e2870479-a572-412b-8a8f-5604d19b55cd.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e2870479-a572-412b-8a8f-5604d19b55cdhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e2870479-a572-412b-8a8f-5604d19b55cdpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E3345571-EEF9-4041-8C24-F7F5A9331C23.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E3345571-EEF9-4041-8C24-F7F5A9331C23hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E3345571-EEF9-4041-8C24-F7F5A9331C23press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e357f164-c5d8-4257-aab2-fe0cad41c12e.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e357f164-c5d8-4257-aab2-fe0cad41c12e.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e357f164-c5d8-4257-aab2-fe0cad41c12ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e357f164-c5d8-4257-aab2-fe0cad41c12epress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e3c610dc-deed-47cd-acc0-493d71556c16.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e3c610dc-deed-47cd-acc0-493d71556c16Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e3c610dc-deed-47cd-acc0-493d71556c16Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E458493F-867F-4712-A3AF-D9664ED47C19.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E458493F-867F-4712-A3AF-D9664ED47C19hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E458493F-867F-4712-A3AF-D9664ED47C19press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E52BEFE7-6535-439c-B168-A3B105E4212E.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E52BEFE7-6535-439c-B168-A3B105E4212Ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E52BEFE7-6535-439c-B168-A3B105E4212Epress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E6EE3C0D-1AF6-4A1E-AD63-1AFD7CB84583.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E6EE3C0D-1AF6-4A1E-AD63-1AFD7CB84583hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E6EE3C0D-1AF6-4A1E-AD63-1AFD7CB84583press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E8584703-6CA5-4351-82CC-09E40938A066.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E8584703-6CA5-4351-82CC-09E40938A066hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\E8584703-6CA5-4351-82CC-09E40938A066press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e8967c62-9ea0-4fde-9832-2c10f1d580de.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e8967c62-9ea0-4fde-9832-2c10f1d580de.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e8967c62-9ea0-4fde-9832-2c10f1d580dehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\e8967c62-9ea0-4fde-9832-2c10f1d580depress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\EA99E20A-FBBA-4197-954B-E2013280A29B.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\EA99E20A-FBBA-4197-954B-E2013280A29Bhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\EA99E20A-FBBA-4197-954B-E2013280A29Bpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\EC116BC4-0583-4E07-908A-9D2AD3647177.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\EC116BC4-0583-4E07-908A-9D2AD3647177Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\EC116BC4-0583-4E07-908A-9D2AD3647177Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\f41901a8-2a78-4794-b455-d53a24b37aef.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\f41901a8-2a78-4794-b455-d53a24b37aefHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\f41901a8-2a78-4794-b455-d53a24b37aefPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F5297DBC-3B3B-4744-A54D-308EAD98D223.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F5297DBC-3B3B-4744-A54D-308EAD98D223hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F5297DBC-3B3B-4744-A54D-308EAD98D223press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\f7fd4890-7f89-4c73-8ff2-52105657cbb6.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\f7fd4890-7f89-4c73-8ff2-52105657cbb6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\f7fd4890-7f89-4c73-8ff2-52105657cbb6Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\f7fd4890-7f89-4c73-8ff2-52105657cbb6Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F84A3FBA-7CF5-4F44-A080-C26C04D0E3BD.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F84A3FBA-7CF5-4F44-A080-C26C04D0E3BDhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F84A3FBA-7CF5-4F44-A080-C26C04D0E3BDpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F9218572-58F0-4FB9-B0C5-4EA74848D6EC.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F9218572-58F0-4FB9-B0C5-4EA74848D6EChover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F9218572-58F0-4FB9-B0C5-4EA74848D6ECpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F9B1CE4C-4CE6-4093-948F-F8FD6A8F48A3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F9B1CE4C-4CE6-4093-948F-F8FD6A8F48A3hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\F9B1CE4C-4CE6-4093-948F-F8FD6A8F48A3press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\FA3DE5E1-19AC-42FA-8E77-C25C60E60EC7.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\FA3DE5E1-19AC-42FA-8E77-C25C60E60EC7hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\FA3DE5E1-19AC-42FA-8E77-C25C60E60EC7press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\fac5189f-f2c7-4eed-bae8-011eca170d7b.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\fac5189f-f2c7-4eed-bae8-011eca170d7b.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\fac5189f-f2c7-4eed-bae8-011eca170d7bhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\fac5189f-f2c7-4eed-bae8-011eca170d7bpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\FF927FFB-35DC-43A3-A502-690B99FCC056.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\FF927FFB-35DC-43A3-A502-690B99FCC056hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\FF927FFB-35DC-43A3-A502-690B99FCC056press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\youtube.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\youtubehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\iconsWide\youtubepress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\00659FA4-2CAD-45fc-A8A0-DB7862840BA9.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\00659FA4-2CAD-45fc-A8A0-DB7862840BA9hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\00659FA4-2CAD-45fc-A8A0-DB7862840BA9press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\07a9a58b-c653-4285-a870-1fa70cb6c00c.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\07a9a58b-c653-4285-a870-1fa70cb6c00chover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\07a9a58b-c653-4285-a870-1fa70cb6c00cPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0A2DE7DB-ADE9-44FC-BC66-CF5604F9BF7A.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0A2DE7DB-ADE9-44FC-BC66-CF5604F9BF7Ahover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0A2DE7DB-ADE9-44FC-BC66-CF5604F9BF7Apress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0E29BC94-7C9B-4A23-B682-81D0D1A806E1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0E29BC94-7C9B-4A23-B682-81D0D1A806E1hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0E29BC94-7C9B-4A23-B682-81D0D1A806E1press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0FA6F971-16AA-4921-A39F-543C9839CABE.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0FA6F971-16AA-4921-A39F-543C9839CABEhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\0FA6F971-16AA-4921-A39F-543C9839CABEpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\101FF2F5-9F51-405F-ACBB-D4A5F3601679.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\101FF2F5-9F51-405F-ACBB-D4A5F3601679hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\101FF2F5-9F51-405F-ACBB-D4A5F3601679press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1A039A19-BD34-4760-8DE0-E9A8E8AA8827.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1A039A19-BD34-4760-8DE0-E9A8E8AA8827Ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1A039A19-BD34-4760-8DE0-E9A8E8AA8827press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1A19CD12-F9A2-44A6-8F44-F3A95E0081A0.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1A19CD12-F9A2-44A6-8F44-F3A95E0081A0hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1A19CD12-F9A2-44A6-8F44-F3A95E0081A0press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1FFDDB6E-8EB3-4CE0-9C2B-44910A3C5975.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1FFDDB6E-8EB3-4CE0-9C2B-44910A3C5975hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\1FFDDB6E-8EB3-4CE0-9C2B-44910A3C5975press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\225323D0-97BB-46E4-85E1-15EA27174BF4.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\225323D0-97BB-46E4-85E1-15EA27174BF4hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\225323D0-97BB-46E4-85E1-15EA27174BF4press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\23E3FEB8-E6FF-4475-811A-805773D02D08.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\23E3FEB8-E6FF-4475-811A-805773D02D08hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\23E3FEB8-E6FF-4475-811A-805773D02D08press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\26E2804B-65B5-47E1-A457-DAA75A2B1370.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\26E2804B-65B5-47E1-A457-DAA75A2B1370hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\26E2804B-65B5-47E1-A457-DAA75A2B1370press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\2C37338C-837B-4846-B50B-E32D70C6A0F5.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\2C37338C-837B-4846-B50B-E32D70C6A0F5hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\2C37338C-837B-4846-B50B-E32D70C6A0F5press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\30657846-199A-4D0D-984D-BE588084F1F6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\30657846-199A-4D0D-984D-BE588084F1F6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\30657846-199A-4D0D-984D-BE588084F1F6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\30DFF8F0-BA79-4360-A3EA-51B6D006133C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\30DFF8F0-BA79-4360-A3EA-51B6D006133CHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\30DFF8F0-BA79-4360-A3EA-51B6D006133CPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\328F7722-52E8-46A6-9197-B2F27C5142C7.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\328F7722-52E8-46A6-9197-B2F27C5142C7hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\328F7722-52E8-46A6-9197-B2F27C5142C7press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\372FF78B-6E4B-4B38-8E3F-797B4680FB98.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\372FF78B-6E4B-4B38-8E3F-797B4680FB98hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\372FF78B-6E4B-4B38-8E3F-797B4680FB98press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\39028511-3F15-4442-9188-DDC86BE1BBD0.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\39028511-3F15-4442-9188-DDC86BE1BBD0hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\39028511-3F15-4442-9188-DDC86BE1BBD0press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\39079B96-6DD1-42DE-89E6-76F79C8BB4E4.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\39079B96-6DD1-42DE-89E6-76F79C8BB4E4Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\39079B96-6DD1-42DE-89E6-76F79C8BB4E4Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\3C610B86-19DE-4757-B46A-871C9C27FF0A.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\3C610B86-19DE-4757-B46A-871C9C27FF0AHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\3C610B86-19DE-4757-B46A-871C9C27FF0APress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\3f9ac55c-6db5-4c01-9d34-a92da2347be6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\3f9ac55c-6db5-4c01-9d34-a92da2347be6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\3f9ac55c-6db5-4c01-9d34-a92da2347be6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\412D5531-A3E1-40BB-B0C3-71E3C45A4E13.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\412D5531-A3E1-40BB-B0C3-71E3C45A4E13hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\412D5531-A3E1-40BB-B0C3-71E3C45A4E13press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\4a110a71-0e7e-4552-af6e-3ef88b2d6511.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\4a110a71-0e7e-4552-af6e-3ef88b2d6511Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\4a110a71-0e7e-4552-af6e-3ef88b2d6511Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5252af60-ef03-41a8-babe-415dba235478.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5252af60-ef03-41a8-babe-415dba235478Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5252af60-ef03-41a8-babe-415dba235478Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\536b9063-fc09-4e82-8769-73c77317aae6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\536b9063-fc09-4e82-8769-73c77317aae6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\536b9063-fc09-4e82-8769-73c77317aae6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5558C4C6-18C1-4AF3-8F8D-0E2CF70D19C8.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5558C4C6-18C1-4AF3-8F8D-0E2CF70D19C8hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5558C4C6-18C1-4AF3-8F8D-0E2CF70D19C8press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\56591C8E-DA35-4A97-AC9B-5055E0F7089E.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\56591C8E-DA35-4A97-AC9B-5055E0F7089Ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\56591C8E-DA35-4A97-AC9B-5055E0F7089Epress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\56B19DA1-B4C5-4FCF-87D0-44E8B2C1002A.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\56B19DA1-B4C5-4FCF-87D0-44E8B2C1002Ahover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\56B19DA1-B4C5-4FCF-87D0-44E8B2C1002Apress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5D0A6D97-85F2-47E9-8F04-04A747B25A0E.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5D0A6D97-85F2-47E9-8F04-04A747B25A0Ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5D0A6D97-85F2-47E9-8F04-04A747B25A0Epress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5F488FA5-C35B-44A9-A0E4-2C7B41035780.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5F488FA5-C35B-44A9-A0E4-2C7B41035780hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\5F488FA5-C35B-44A9-A0E4-2C7B41035780press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\65B1A402-FC79-410D-AE1C-AF92E206AC1D.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\65B1A402-FC79-410D-AE1C-AF92E206AC1Dhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\65B1A402-FC79-410D-AE1C-AF92E206AC1Dpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\69C7DFE3-CDAE-4A22-B753-93ABF8BAE7EC.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\69C7DFE3-CDAE-4A22-B753-93ABF8BAE7EChover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\69C7DFE3-CDAE-4A22-B753-93ABF8BAE7ECpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\708d8b1e-6545-474a-9f07-d854acf8ad43.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\708d8b1e-6545-474a-9f07-d854acf8ad43hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\708d8b1e-6545-474a-9f07-d854acf8ad43press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\72CDFC8C-6F2D-4df8-9811-18C4D682C406.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\72CDFC8C-6F2D-4df8-9811-18C4D682C406hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\72CDFC8C-6F2D-4df8-9811-18C4D682C406press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\7CF3BACC-BF1C-4860-BB4E-F1A8440250FE.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\7CF3BACC-BF1C-4860-BB4E-F1A8440250FEhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\7CF3BACC-BF1C-4860-BB4E-F1A8440250FEpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\7fe83ae9-caef-41f0-aa99-d114c0ce3941.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\7fe83ae9-caef-41f0-aa99-d114c0ce3941hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\7fe83ae9-caef-41f0-aa99-d114c0ce3941press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8217d395-9ebe-4ebb-807c-38cc911a307f.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8217d395-9ebe-4ebb-807c-38cc911a307fHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8217d395-9ebe-4ebb-807c-38cc911a307fPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\83B4B6FE-910D-412E-BED4-E3AFA6E5CA61.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\83B4B6FE-910D-412E-BED4-E3AFA6E5CA61hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\83B4B6FE-910D-412E-BED4-E3AFA6E5CA61press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\85CF6427-8441-427A-859A-7A3C72288481.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\85CF6427-8441-427A-859A-7A3C72288481hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\85CF6427-8441-427A-859A-7A3C72288481press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\87442BEF-FD31-405C-A807-650CB7CC8886.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\87442BEF-FD31-405C-A807-650CB7CC8886hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\87442BEF-FD31-405C-A807-650CB7CC8886press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\89582936-094C-4880-B87A-2AF16FC33B2C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\89582936-094C-4880-B87A-2AF16FC33B2Chover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\89582936-094C-4880-B87A-2AF16FC33B2Cpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8b3608b1-c2d5-4ad3-a382-33601228c6d3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8b3608b1-c2d5-4ad3-a382-33601228c6d3hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8b3608b1-c2d5-4ad3-a382-33601228c6d3press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8F4131CE-D4F0-4F08-9102-78C397F3748C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8F4131CE-D4F0-4F08-9102-78C397F3748CHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\8F4131CE-D4F0-4F08-9102-78C397F3748CPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\90165d32-a3ef-438c-8625-be9b538b6eba.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\90165d32-a3ef-438c-8625-be9b538b6ebaHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\90165d32-a3ef-438c-8625-be9b538b6ebaPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\925D8F0E-E5EA-45F9-A657-0C14B68C4A61.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\925D8F0E-E5EA-45F9-A657-0C14B68C4A61hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\925D8F0E-E5EA-45F9-A657-0C14B68C4A61press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\929407CC-7E48-47E0-A9F9-A4A167AC24D1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\929407CC-7E48-47E0-A9F9-A4A167AC24D1hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\929407CC-7E48-47E0-A9F9-A4A167AC24D1press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\95ae73f0-9799-46fd-bceb-57efcb7f0537.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\95ae73f0-9799-46fd-bceb-57efcb7f0537hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\95ae73f0-9799-46fd-bceb-57efcb7f0537press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\99938D89-FF78-49C8-B92B-5AB4C8DFA2D1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\99938D89-FF78-49C8-B92B-5AB4C8DFA2D1hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\99938D89-FF78-49C8-B92B-5AB4C8DFA2D1press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A1D51ECC-DBD7-4C7E-9A75-364B8E2F1D8C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A1D51ECC-DBD7-4C7E-9A75-364B8E2F1D8Chover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A1D51ECC-DBD7-4C7E-9A75-364B8E2F1D8Cpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A1F75F5D-1D24-4F7A-9ABC-BDA55E332E67.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A1F75F5D-1D24-4F7A-9ABC-BDA55E332E67hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A1F75F5D-1D24-4F7A-9ABC-BDA55E332E67press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A75C6A50-13B0-4704-AA87-8DD113E31310.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A75C6A50-13B0-4704-AA87-8DD113E31310hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A75C6A50-13B0-4704-AA87-8DD113E31310press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A89DA5A2-D390-47F4-84EF-6044EC8AC368.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A89DA5A2-D390-47F4-84EF-6044EC8AC368hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\A89DA5A2-D390-47F4-84EF-6044EC8AC368press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\a94e6710-6021-4cdc-82de-1c001238bd8f.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\a94e6710-6021-4cdc-82de-1c001238bd8fHover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\a94e6710-6021-4cdc-82de-1c001238bd8fPress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B1BEF453-913F-4EC4-B057-A2BB21C09DCB.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B1BEF453-913F-4EC4-B057-A2BB21C09DCBhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B1BEF453-913F-4EC4-B057-A2BB21C09DCBpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B1FE90EC-CEDA-4467-86CE-6CD7F1D3D55F.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B1FE90EC-CEDA-4467-86CE-6CD7F1D3D55Fhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B1FE90EC-CEDA-4467-86CE-6CD7F1D3D55Fpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B81443D4-15F7-4B97-9DC8-3645A012C817.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B81443D4-15F7-4B97-9DC8-3645A012C817hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\B81443D4-15F7-4B97-9DC8-3645A012C817press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\bbf677d4-d0bc-4a59-be4a-6a6cfd3c6c28.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\bbf677d4-d0bc-4a59-be4a-6a6cfd3c6c28hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\bbf677d4-d0bc-4a59-be4a-6a6cfd3c6c28press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\bc8dcde3-3fd0-4f9b-af5d-15c20f3239ab.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\bc8dcde3-3fd0-4f9b-af5d-15c20f3239ab.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\bc8dcde3-3fd0-4f9b-af5d-15c20f3239abhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\bc8dcde3-3fd0-4f9b-af5d-15c20f3239abpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\BCE4103A-6273-4E49-8B43-2BDEDA1C91B0.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\BCE4103A-6273-4E49-8B43-2BDEDA1C91B0hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\BCE4103A-6273-4E49-8B43-2BDEDA1C91B0press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C0AC006A-9C65-42F9-AE11-D675DCCC6840.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C0AC006A-9C65-42F9-AE11-D675DCCC6840hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C0AC006A-9C65-42F9-AE11-D675DCCC6840press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\c1546a00-e42d-4ce7-aac5-5353a895f3cf.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\c1546a00-e42d-4ce7-aac5-5353a895f3cfhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\c1546a00-e42d-4ce7-aac5-5353a895f3cfpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C438F0F0-525A-4942-8307-6B71E596367D.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C438F0F0-525A-4942-8307-6B71E596367Dhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C438F0F0-525A-4942-8307-6B71E596367Dpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C48E3725-71FB-4824-969A-C6D428C18A2B.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C48E3725-71FB-4824-969A-C6D428C18A2Bhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\C48E3725-71FB-4824-969A-C6D428C18A2Bpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CCEE5A80-8C88-4BB1-89BF-4A7EFF93E452.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CCEE5A80-8C88-4BB1-89BF-4A7EFF93E452hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CCEE5A80-8C88-4BB1-89BF-4A7EFF93E452press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CCF42F56-0405-4697-A513-AA01DEE5DF02.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CCF42F56-0405-4697-A513-AA01DEE5DF02hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CCF42F56-0405-4697-A513-AA01DEE5DF02press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CE1500FE-6F59-421C-8005-3E137AC051A2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CE1500FE-6F59-421C-8005-3E137AC051A2hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CE1500FE-6F59-421C-8005-3E137AC051A2press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CFEFCFCB-4871-46CD-86F7-14C1F17A7FF6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CFEFCFCB-4871-46CD-86F7-14C1F17A7FF6hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\CFEFCFCB-4871-46CD-86F7-14C1F17A7FF6press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D13971C4-4DA8-4C4B-87F6-17E97BFE7448.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D13971C4-4DA8-4C4B-87F6-17E97BFE7448hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D13971C4-4DA8-4C4B-87F6-17E97BFE7448press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D2B0680C-17C4-492D-85D7-D4CA3E724D50.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D2B0680C-17C4-492D-85D7-D4CA3E724D50hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D2B0680C-17C4-492D-85D7-D4CA3E724D50press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D469E1BA-B745-45B3-B7EE-378E000E74C8.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D469E1BA-B745-45B3-B7EE-378E000E74C8Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D469E1BA-B745-45B3-B7EE-378E000E74C8Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D5113B95-781C-4737-A26F-3ED3A2CB876F.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D5113B95-781C-4737-A26F-3ED3A2CB876Fhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D5113B95-781C-4737-A26F-3ED3A2CB876Fpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\d65acfc2-6ab9-4b66-84fc-ecc7813e35c1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\d65acfc2-6ab9-4b66-84fc-ecc7813e35c1Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\d65acfc2-6ab9-4b66-84fc-ecc7813e35c1Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\d65acfc2-6ab9-4b66-84fc-ecc7813e35d0.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\d65acfc2-6ab9-4b66-84fc-ecc7813e35d0Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\d65acfc2-6ab9-4b66-84fc-ecc7813e35d0Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D8043E67-EBD0-4ABD-A5A4-63CF4DADFC85.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D8043E67-EBD0-4ABD-A5A4-63CF4DADFC85hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\D8043E67-EBD0-4ABD-A5A4-63CF4DADFC85press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\DBE2517B-67B8-4D8B-A7CC-B66F8FE52D82.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\DBE2517B-67B8-4D8B-A7CC-B66F8FE52D82hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\DBE2517B-67B8-4D8B-A7CC-B66F8FE52D82press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\DCF8B81C-11B5-4B12-A6E5-F74F09BBDD4C.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\DCF8B81C-11B5-4B12-A6E5-F74F09BBDD4Chover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\DCF8B81C-11B5-4B12-A6E5-F74F09BBDD4Cpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e2870479-a572-412b-8a8f-5604d19b55cd.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e2870479-a572-412b-8a8f-5604d19b55cdhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e2870479-a572-412b-8a8f-5604d19b55cdpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E3345571-EEF9-4041-8C24-F7F5A9331C23.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E3345571-EEF9-4041-8C24-F7F5A9331C23hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E3345571-EEF9-4041-8C24-F7F5A9331C23press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e357f164-c5d8-4257-aab2-fe0cad41c12e.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e357f164-c5d8-4257-aab2-fe0cad41c12e.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e357f164-c5d8-4257-aab2-fe0cad41c12ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e357f164-c5d8-4257-aab2-fe0cad41c12epress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E458493F-867F-4712-A3AF-D9664ED47C19.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E458493F-867F-4712-A3AF-D9664ED47C19hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E458493F-867F-4712-A3AF-D9664ED47C19press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E52BEFE7-6535-439c-B168-A3B105E4212E.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E52BEFE7-6535-439c-B168-A3B105E4212Ehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E52BEFE7-6535-439c-B168-A3B105E4212Epress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E6EE3C0D-1AF6-4A1E-AD63-1AFD7CB84583.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E6EE3C0D-1AF6-4A1E-AD63-1AFD7CB84583hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E6EE3C0D-1AF6-4A1E-AD63-1AFD7CB84583press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E8584703-6CA5-4351-82CC-09E40938A066.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E8584703-6CA5-4351-82CC-09E40938A066hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\E8584703-6CA5-4351-82CC-09E40938A066press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e8967c62-9ea0-4fde-9832-2c10f1d580de.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e8967c62-9ea0-4fde-9832-2c10f1d580dehover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\e8967c62-9ea0-4fde-9832-2c10f1d580depress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\EA99E20A-FBBA-4197-954B-E2013280A29B.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\EA99E20A-FBBA-4197-954B-E2013280A29Bhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\EA99E20A-FBBA-4197-954B-E2013280A29Bpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F5297DBC-3B3B-4744-A54D-308EAD98D223.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F5297DBC-3B3B-4744-A54D-308EAD98D223hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F5297DBC-3B3B-4744-A54D-308EAD98D223press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\f7fd4890-7f89-4c73-8ff2-52105657cbb6.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\f7fd4890-7f89-4c73-8ff2-52105657cbb6Hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\f7fd4890-7f89-4c73-8ff2-52105657cbb6Press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F84A3FBA-7CF5-4F44-A080-C26C04D0E3BD.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F84A3FBA-7CF5-4F44-A080-C26C04D0E3BDhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F84A3FBA-7CF5-4F44-A080-C26C04D0E3BDpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F9218572-58F0-4FB9-B0C5-4EA74848D6EC.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F9218572-58F0-4FB9-B0C5-4EA74848D6EChover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F9218572-58F0-4FB9-B0C5-4EA74848D6ECpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F9B1CE4C-4CE6-4093-948F-F8FD6A8F48A3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F9B1CE4C-4CE6-4093-948F-F8FD6A8F48A3hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\F9B1CE4C-4CE6-4093-948F-F8FD6A8F48A3press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\FA3DE5E1-19AC-42FA-8E77-C25C60E60EC7.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\FA3DE5E1-19AC-42FA-8E77-C25C60E60EC7hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\FA3DE5E1-19AC-42FA-8E77-C25C60E60EC7press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\fac5189f-f2c7-4eed-bae8-011eca170d7b.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\fac5189f-f2c7-4eed-bae8-011eca170d7bhover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\fac5189f-f2c7-4eed-bae8-011eca170d7bpress.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\FF927FFB-35DC-43A3-A502-690B99FCC056.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\FF927FFB-35DC-43A3-A502-690B99FCC056hover.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\icons\FF927FFB-35DC-43A3-A502-690B99FCC056press.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Common\Configs\UserInfo.xml => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\BrowserHelper.exe => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\BrowserHelper.exe.config => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\IEButton.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\MACTrackBarLib.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.Common.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.Logging.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Microsoft.Practices.ObjectBuilder.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\NDde.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Newtonsoft.Json.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\ProductsRemovalTool.exe => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\QuickShare.exe => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\QuickShare.exe.config => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\RegAsm.exe => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.Base.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.DefaultBrowser.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ShareManagerLocalPlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessEntities.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Personalization.Settings.PersonalizationSettingsManager.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Personalization.Settings.UserSettingsManager.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.BrowserHelperUtils.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.GeneralUtilities.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.ProductsRemovalLibary.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.ProductUninstaller.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettingsAutoUpdater.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.ShortcutsLibrary.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.Translations.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.UninstallScreen.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.UrlHistorySupplier.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\SmartbarInstallationIcon.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\SmartbarShortcutIcon.ico => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.config => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\System.Data.SQLite.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome.manifest => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\install.rdf => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\ISmartbarFireFoxRemotePlugin.xpt => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\BackPageRemove.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\externalJS.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\FBImagePreview.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\FirefoxExtensionMain.css => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\FirefoxExtensionMain.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\FirefoxExtensionMain.xul => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\InternalJS.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\jquery-1.5.1.min.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\publisherDefinitions.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages\QuickShare.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages\QuickShare128.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages\QuickShare16.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\down-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\down-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\down-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\down.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\fb.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\fblike.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\gmail.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\googleplus.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\hide-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\hide-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\hide-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\left.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\maximize-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\maximize-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\maximize-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\mgsplusvideo.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\minimize-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\minimize-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\minimize-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\pinit.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\right.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\searchBox.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\show-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\show-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\show-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\twitter.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\up-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\up-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\up-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\up.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Configs\QueryParameters.xml => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\Configs\XmlSideBySideProtocol.xml => Moved successfully.
Could not move "C:\Users\Tim Weber\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll" => Scheduled to move on reboot.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\bg.html => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\bg.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\manifest.json => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\options.htm => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\options.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\popup.html => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\popup.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\redirect.html => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\redirect.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages\QuickShare.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages\QuickShare128.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages\QuickShare16.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages\QuickShare48.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\BackPageRemove.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\defaultBlockList.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\documentEvents.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\externalJS.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\FBImagePreview.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\InternalJS.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\jquery-1.9.0.min.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\PluginWrapper.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\publisherDefinitions.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\tabReload.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\TopFrameJS.js => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\down-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\down-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\down-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\down.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\fb.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\fblike.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\gmail.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\google.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\googleplus.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\hide-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\hide-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\hide-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\left.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\maximize-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\maximize-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\maximize-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\mgsplusvideo.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\minimize-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\minimize-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\minimize-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\pinit.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\right.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\searchBox.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\show-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\show-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\show-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\twitter.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\up-1.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\up-2.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\up-3.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\up.png => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\CSS\border.css => Moved successfully.
Could not move "C:\Users\Tim Weber\AppData\Local\Smartbar" directory. => Scheduled to move on reboot.

C:\Users\Tim Weber\AppData\Roaming\Ryhi => Moved successfully.
C:\Windows\Installer\{69ea0e17-23cc-0717-1232-9d491f0f1a4a} => Moved successfully.
C:\Users\Tim Weber\AppData\Local\{69ea0e17-23cc-0717-1232-9d491f0f1a4a} => Moved successfully.

=========== Result of Scheduled Files to move ===========
C:\Users\Tim Weber\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Users\Tim Weber\AppData\Local\Smartbar => Moved successfully.

==== End of Fixlog ====
         



Nach der Fehlermeldung und einem Neustart reagiert ComboFix nicht mehr. Die ständigen avast Pop-Ups kommen nun garnichtmehr und meine Windows-Firewall meldet sich öfter


LG, Tim Weber

Alt 30.07.2013, 13:38   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Combofix beenden und neu ausführen geht nicht?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.07.2013, 18:11   #10
Tim Weber
 
Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-27.01 - Tim Weber 30.07.2013  16:33:00.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.5784 [GMT 2:00]
ausgeführt von:: c:\users\Tim Weber\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\users\Tim Weber\AppData\Roaming\Asocm\esorp.buo
c:\users\Tim Weber\AppData\Roaming\Niryd\moec.tia
c:\users\Tim Weber\AppData\Roaming\Rikuzo\yzvi.tyy
c:\windows\IsUn0407.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\tmp51DB.tmp
c:\windows\SysWow64\tmp51EC.tmp
c:\windows\SysWow64\tmp8DD3.tmp
c:\windows\SysWow64\tmp8E12.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-28 bis 2013-07-30  ))))))))))))))))))))))))))))))
.
.
2013-07-30 15:26 . 2013-07-30 15:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-30 07:40 . 2013-07-30 09:02	--------	d-----w-	C:\FRST
2013-07-30 07:12 . 2013-07-30 07:12	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-07-26 15:06 . 2013-07-26 15:06	--------	d-----w-	c:\users\Tim Weber\AppData\Roaming\XMedia Recode
2013-07-23 09:23 . 2013-05-09 08:59	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-07-23 09:23 . 2013-07-23 09:23	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-07-23 09:23 . 2013-05-09 08:59	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-07-23 09:23 . 2013-05-09 08:59	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-07-23 09:23 . 2013-07-23 09:23	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-07-23 09:23 . 2013-07-23 09:23	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-07-23 09:23 . 2013-05-09 08:59	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-07-23 09:23 . 2013-05-09 08:59	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-07-23 09:23 . 2013-05-09 08:58	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-07-23 09:23 . 2013-05-09 08:58	41664	----a-w-	c:\windows\avastSS.scr
2013-07-23 09:22 . 2013-07-23 09:22	--------	d-----w-	c:\program files\AVAST Software
2013-07-23 09:22 . 2013-07-23 09:22	--------	d-----w-	c:\programdata\AVAST Software
2013-07-02 17:05 . 2013-07-02 17:05	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2013-07-01 19:34 . 2013-07-01 19:34	--------	d-----w-	c:\users\Tim Weber\AppData\Roaming\Minecraft Version Changer
2013-07-01 19:34 . 2013-07-01 19:34	--------	d-----w-	c:\users\Tim Weber\AppData\Local\Craften_Dev_Team
2013-07-01 19:33 . 2013-07-01 19:33	--------	d-----w-	c:\users\Tim Weber\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-30 07:15 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe
2013-06-12 14:23 . 2012-06-10 16:44	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 14:23 . 2011-10-13 00:37	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-31 23:50 . 2011-03-29 02:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-30 19:21 . 2013-05-30 19:20	8282192	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-05-21 13:31 . 2013-06-08 14:16	1447728	----a-w-	c:\windows\system32\dmwu.exe
2013-05-21 13:30 . 2013-06-08 14:16	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-05-12 21:42 . 2013-05-26 08:12	925648	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-05-12 21:42 . 2013-05-26 08:12	9233688	----a-w-	c:\windows\system32\nvcuda.dll
2013-05-12 21:42 . 2013-05-26 08:12	7641832	----a-w-	c:\windows\system32\nvopencl.dll
2013-05-12 21:42 . 2013-05-26 08:12	6324360	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-05-12 21:42 . 2013-05-26 08:12	550176	----a-w-	c:\windows\system32\NvFBC64.dll
2013-05-12 21:42 . 2013-05-26 08:12	518944	----a-w-	c:\windows\system32\NvIFR64.dll
2013-05-12 21:42 . 2013-05-26 08:12	443168	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-05-12 21:42 . 2013-05-26 08:12	421152	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-05-12 21:42 . 2013-05-26 08:12	2942240	----a-w-	c:\windows\system32\nvcuvid.dll
2013-05-12 21:42 . 2013-05-26 08:12	27775776	----a-w-	c:\windows\system32\nvoglv64.dll
2013-05-12 21:42 . 2013-05-26 08:12	2754336	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-05-12 21:42 . 2013-05-26 08:12	266448	----a-w-	c:\windows\system32\nvinitx.dll
2013-05-12 21:42 . 2013-05-26 08:12	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-05-12 21:42 . 2013-05-26 08:12	2363680	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-05-12 21:42 . 2013-05-26 08:12	218592	----a-w-	c:\windows\system32\nvoglshim64.dll
2013-05-12 21:42 . 2013-05-26 08:12	214448	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-05-12 21:42 . 2013-05-26 08:12	21096736	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-05-12 21:42 . 2013-05-26 08:12	2002720	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-05-12 21:42 . 2013-05-26 08:12	1832224	----a-w-	c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-05-26 08:12	181488	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2013-05-12 21:42 . 2013-05-26 08:12	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-05-12 21:42 . 2013-05-26 08:12	15143904	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-05-12 21:42 . 2013-05-26 08:12	1511712	----a-w-	c:\windows\system32\nvdispgenco6432018.dll
2013-05-12 21:42 . 2013-05-26 08:12	13403168	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-05-12 21:42 . 2013-05-26 08:12	11216160	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-05-12 21:42 . 2013-05-26 08:12	1059560	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2012-06-01 20:28	7682960	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-05-12 21:42 . 2012-06-01 20:28	2935696	----a-w-	c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2012-06-01 20:28	2597344	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-05-12 21:42 . 2012-06-01 20:28	15910736	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-05-12 21:42 . 2012-06-01 20:28	12426216	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-05-12 20:34 . 2012-06-01 20:28	6491936	----a-w-	c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2012-06-01 20:28	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2012-06-01 20:28	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2012-06-01 20:28	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2012-06-01 20:28	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2012-06-01 20:28	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-05-08 14:13 . 2013-05-26 08:16	3165737	----a-w-	c:\windows\system32\nvcoproc.bin
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24	247704	----a-w-	c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-12-06 14:35	1308504	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-01-10 22:05	197920	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-12-06 1308504]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]
"Hoolapp Android"="c:\users\TIMWEB~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe" [2013-01-18 1209392]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-06 3456080]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2009-12-31 195200]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe" [2011-07-05 737104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AT5KJYV05RN;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-10-13 548528]
Sitecom Wireless Utility.lnk - c:\program files (x86)\Sitecom\Common\WLANUtil.exe -s [2012-8-6 1626112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GPU-Z;GPU-Z;c:\users\TIMWEB~1\AppData\Local\Temp\GPU-Z.sys;c:\users\TIMWEB~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 NxpCap64;NXP capture service;c:\windows\system32\DRIVERS\NxpCap64.sys;c:\windows\SYSNATIVE\DRIVERS\NxpCap64.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 lxbv_device;lxbv_device;c:\windows\system32\lxbvcoms.exe;c:\windows\SYSNATIVE\lxbvcoms.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Sitecom\Common\RaRegistry64.exe;c:\program files (x86)\Sitecom\Common\RaRegistry64.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 11:22	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 14:23]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 16:43]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 16:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=hp&installDate=01/01/1970
mStart Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={54530CA4-61BB-11E2-A97F-5404A6B890F8}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=522b8739-7f91-4127-bbff-8d325813248b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
BHO-{C16A630A-DE50-4432-8D5B-5A7D92727D4C} - c:\program files (x86)\LyricSing\lrsing.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-40185524.sys
Toolbar-Locked - (no file)
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-DomaIQ Uninstaller - c:\program files\DomaIQ Uninstaller\uninstaller.exe
AddRemove-Fraps - c:\users\Tim Weber\Videos\Lets Plays\uninstall.exe
AddRemove-lrcsing@msingsoftware.net - c:\program files (x86)\LyricSing\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f6,02,48,3f,06,91,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-30  17:28:45
ComboFix-quarantined-files.txt  2013-07-30 15:28
.
Vor Suchlauf: 16 Verzeichnis(se), 375.499.202.560 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 375.232.937.984 Bytes frei
.
- - End Of File - - 74A83298258E6D449AE4EB850186439A
         
--- --- --- A36C5E4F47E84449FF07ED3517B43A31

Alt 31.07.2013, 08:14   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.07.2013, 11:33   #12
Tim Weber
 
Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Tim Weber :: PUPSRAKETE [Administrator]

Schutz: Aktiviert

31.07.2013 11:59:22
mbam-log-2013-07-31 (11-59-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218613
Laufzeit: 2 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 22
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 12
C:\Users\Tim Weber\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tim Weber\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tim Weber\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 25
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\aaea9b.msi (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tim Weber\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tim Weber\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tim Weber\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltasrv.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\escortShld.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.10.0\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 31/07/2013 um 12:10:37 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Tim Weber - PUPSRAKETE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tim Weber\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserProtect

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\AddLyrics
Ordner Gelöscht : C:\Program Files (x86)\delta
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ordner Gelöscht : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Tim Weber\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Tim Weber\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Tim Weber\AppData\Roaming\delta
Ordner Gelöscht : C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C16A630A-DE50-4432-8D5B-5A7D92727D4C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\5f288dde134e545
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B3FE01107D5856345B58C425C1AF0946
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B3FE01107D5856345B58C425C1AF0946
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5f288dde134e545
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C16A630A-DE50-4432-8D5B-5A7D92727D4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C16A630A-DE50-4432-8D5B-5A7D92727D4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0110EF3B-85D7-4365-B585-4C521CFA9064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKU\S-1-5-21-1978473582-4017670107-2009466819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [lrcsing@msingsoftware.net]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Tim Weber\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Tim Weber\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [20974 octets] - [31/07/2013 12:10:37]

########## EOF - C:\AdwCleaner[S1].txt - [21035 octets] ##########
         
--- --- ---


[/CODE]


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tim Weber on 31.07.2013 at 12:17:11,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1978473582-4017670107-2009466819-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\lyricsing"
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{0540E39E-83E9-4D42-8888-648F27BB27BC}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{0EB0E8EB-1E2B-433C-A8E4-7647D66F1F08}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{23001487-E1C4-4BEB-B8A2-46F584AD742A}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{2ABDDAF0-90FD-4000-8361-38D912B7FD20}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{52B58CB4-641C-4992-A0E4-20529399B35C}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{8C9AF279-C51F-4B6C-BC0E-7B5D32B15B03}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{AF8D3915-04CC-4C3F-9C02-7D5235C4F0E5}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{BBC6F9CF-9578-400E-9F54-E54CF2EE26D8}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{D9CC377C-F57E-4841-B896-1EEF50A59B37}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{E919A912-59E0-49BA-AFBD-410A32081695}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{F6B0E681-9A0E-4216-A73B-6434B6B0E1D1}
Successfully deleted: [Empty Folder] C:\Users\Tim Weber\appdata\local\{FFEA71D3-63BA-4C6D-9303-075BF802247A}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Tim Weber\appdata\local\Google\Chrome\User Data\Default\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh
Successfully deleted: [Folder] C:\Users\Tim Weber\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Tim Weber\appdata\local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Successfully deleted: [Folder] C:\Users\Tim Weber\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Folder] C:\Users\Tim Weber\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Folder] C:\Users\Tim Weber\appdata\local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.07.2013 at 12:26:04,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST ist im Anhang weil Post sonst zu lange :O

Danke für die Hilfe

LG, Tim Weber
Angehängte Dateien
Dateityp: txt FRST.txt (92,3 KB, 113x aufgerufen)

Alt 31.07.2013, 15:13   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRT log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.07.2013, 18:34   #14
Tim Weber
 
Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Wow das dauerte lange

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus                         
Trend Micro Titanium Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.0    
 Java 7 Update 7  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Tim Weber (administrator) on 31-07-2013 19:30:38
Running from C:\Users\Tim Weber\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
( ) C:\Windows\system32\lxbvcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
() C:\Users\Tim Weber\AppData\Roaming\HoolappForAndroid\Hoolapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sitecom Europe BV.) C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [197152 2011-02-10] (Trend Micro Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Hoolapp Android] - C:\Users\TIMWEB~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe [1209392 2013-01-18] ()
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3456080 2013-06-06] (Electronic Arts)
HKCU\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RunAIShell] - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-09] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2009-12-31] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe [737104 2011-07-05] (ecareme)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
ShortcutTarget: Sitecom Wireless Utility.lnk -> C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe (Sitecom Europe BV.)
Startup: C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 lxbv_device; C:\Windows\system32\lxbvcoms.exe [566704 2007-04-25] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-09] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [36448 2011-03-24] (Asmedia Technology)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-23] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-23] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1865088 2010-12-02] (NXP Semiconductors Germany GmbH)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GPU-Z; \??\C:\Users\TIMWEB~1\AppData\Local\Temp\GPU-Z.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 17:27 - 2013-07-31 17:27 - 00102164 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-31 16:46 - 2013-07-31 16:46 - 00891098 _____ C:\Users\Tim Weber\Desktop\SecurityCheck.exe
2013-07-31 16:45 - 2013-07-31 16:45 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-31 16:41 - 2013-07-31 16:42 - 02347384 _____ (ESET) C:\Users\Tim Weber\Desktop\esetsmartinstaller_enu.exe
2013-07-31 12:26 - 2013-07-31 12:26 - 00004285 _____ C:\Users\Tim Weber\Desktop\JRT.txt
2013-07-31 12:17 - 2013-07-31 12:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 12:15 - 2013-07-31 12:15 - 00021041 _____ C:\Users\Tim Weber\Desktop\AdwCleaner[S1].txt
2013-07-31 12:10 - 2013-07-31 12:11 - 00021041 _____ C:\AdwCleaner[S1].txt
2013-07-31 12:10 - 2013-07-31 12:11 - 00000097 _____ C:\Windows\DeleteOnReboot.bat
2013-07-31 11:57 - 2013-07-31 11:57 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-31 11:57 - 2013-07-31 11:57 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Malwarebytes
2013-07-31 11:57 - 2013-07-31 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-31 11:57 - 2013-07-31 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 11:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-31 11:55 - 2013-07-31 11:55 - 00666633 _____ C:\Users\Tim Weber\Desktop\adwcleaner.exe
2013-07-31 11:55 - 2013-07-31 11:55 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Tim Weber\Desktop\JRT.exe
2013-07-31 11:54 - 2013-07-31 11:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim Weber\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-31 08:31 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-31 08:31 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-31 07:40 - 2013-07-31 07:40 - 00001429 _____ C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-30 20:41 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-30 20:41 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-30 20:31 - 2013-07-31 12:06 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-07-30 19:36 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-30 19:36 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-07-30 19:36 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-07-30 19:36 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-30 19:29 - 2013-07-30 19:29 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-30 19:29 - 2013-07-30 19:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-30 19:29 - 2013-07-30 19:29 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-30 19:29 - 2013-07-30 19:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-30 19:29 - 2013-07-30 19:29 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-30 19:29 - 2013-07-30 19:29 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-30 19:29 - 2013-07-30 19:29 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-30 19:29 - 2013-07-30 19:29 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-30 19:29 - 2013-07-30 19:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-30 19:29 - 2013-07-30 19:29 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-30 19:29 - 2013-07-30 19:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-30 19:26 - 2013-07-30 19:26 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-30 19:24 - 2013-07-30 19:35 - 00011841 _____ C:\Windows\IE10_main.log
2013-07-30 19:13 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-30 19:13 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-30 19:13 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-30 19:13 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-30 19:10 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-07-30 19:10 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-07-30 19:10 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-07-30 19:10 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-07-30 19:10 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-07-30 19:10 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-07-30 19:10 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-07-30 19:10 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-30 19:03 - 2013-07-30 19:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-30 19:03 - 2013-07-30 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-30 19:01 - 2013-07-30 19:01 - 00265196 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-30 17:28 - 2013-07-30 17:28 - 00027470 _____ C:\ComboFix.txt
2013-07-30 12:11 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-30 12:11 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-30 12:11 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-07-30 12:11 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-30 12:11 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-30 12:11 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-30 12:11 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-30 12:11 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-30 12:11 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-30 12:11 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-30 12:11 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-30 12:11 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-30 12:11 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-30 12:11 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-07-30 12:11 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-30 12:11 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-07-30 12:11 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-30 12:11 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-30 12:11 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-30 12:11 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-30 12:11 - 2012-11-09 07:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-30 12:11 - 2012-11-09 06:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-30 12:11 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-07-30 12:11 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-07-30 12:11 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-07-30 12:11 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-07-30 12:11 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-07-30 12:10 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-30 12:10 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-30 12:10 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-30 12:10 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-30 12:10 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-30 12:10 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-07-30 12:10 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-30 12:10 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-30 12:10 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-30 12:10 - 2013-01-04 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-30 12:10 - 2013-01-04 04:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-30 12:10 - 2013-01-04 04:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-30 12:10 - 2013-01-04 04:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-30 12:10 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-07-30 12:10 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-07-30 12:10 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-07-30 12:10 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-30 12:10 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-07-30 12:10 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-07-30 12:10 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-07-30 12:10 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-07-30 12:10 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-07-30 12:10 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-07-30 12:10 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-07-30 12:10 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-07-30 12:10 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-07-30 12:10 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-07-30 12:10 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-07-30 12:10 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-07-30 12:10 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-07-30 12:10 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-07-30 12:10 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-07-30 12:10 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-07-30 12:10 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-30 12:10 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-07-30 12:10 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-07-30 12:10 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-07-30 12:10 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-30 12:10 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-30 12:10 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-07-30 12:10 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-30 12:10 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-30 12:10 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-07-30 12:10 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-07-30 12:10 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-07-30 12:10 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-07-30 12:10 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-07-30 12:10 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-30 12:10 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-07-30 12:10 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-07-30 12:10 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-07-30 12:10 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-07-30 12:10 - 2012-08-24 20:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-07-30 12:10 - 2012-08-24 18:57 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-07-30 12:10 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-30 12:10 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-07-30 12:10 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-07-30 12:10 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2013-07-30 12:10 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-07-30 12:10 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-30 12:09 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-30 12:09 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-30 12:09 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-30 12:09 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-07-30 12:09 - 2012-11-30 07:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-07-30 12:09 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-07-30 12:09 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-07-30 12:09 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-30 12:09 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-30 12:09 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-07-30 12:09 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-07-30 12:09 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-07-30 12:09 - 2012-11-30 01:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-07-30 12:09 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-30 12:09 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-30 12:08 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-30 12:08 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-30 12:08 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-30 12:08 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-30 12:08 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-30 12:08 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-30 12:08 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-30 12:08 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-30 12:08 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-30 12:08 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-07-30 12:08 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-30 12:08 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-30 12:08 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-07-30 12:08 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-07-30 12:08 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-30 12:08 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-30 12:08 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-30 12:08 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-30 12:08 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-30 12:08 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-07-30 12:08 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-30 12:08 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-30 12:08 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-30 12:08 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-07-30 12:08 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-07-30 12:08 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-07-30 12:08 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-07-30 12:08 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-07-30 12:08 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-07-30 12:08 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-07-30 12:08 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-07-30 12:08 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-07-30 12:02 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-07-30 12:02 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-07-30 11:09 - 2013-07-30 17:28 - 00000000 ____D C:\Qoobox
2013-07-30 11:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-30 11:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-30 11:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-30 11:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-30 11:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-30 11:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-30 11:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-30 11:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-30 11:06 - 2013-07-30 17:27 - 00000000 ____D C:\Windows\erdnt
2013-07-30 11:04 - 2013-07-30 11:04 - 05095176 ____R (Swearware) C:\Users\Tim Weber\Desktop\ComboFix.exe
2013-07-30 09:40 - 2013-07-30 11:02 - 00000000 ____D C:\FRST
2013-07-30 09:40 - 2013-07-30 09:43 - 00018986 _____ C:\Users\Tim Weber\Desktop\Addition.txt
2013-07-30 09:20 - 2013-07-30 09:24 - 01781589 _____ (Farbar) C:\Users\Tim Weber\Desktop\FRST64.exe
2013-07-30 09:12 - 2013-07-30 09:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-29 21:53 - 2013-07-29 21:53 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tim Weber\Desktop\tdsskiller.exe
2013-07-29 17:16 - 2013-07-29 17:16 - 943370334 _____ C:\Windows\MEMORY.DMP
2013-07-29 17:16 - 2013-07-29 17:16 - 00473280 _____ C:\Windows\Minidump\072913-23930-01.dmp
2013-07-29 17:16 - 2013-07-29 17:16 - 00000000 ____D C:\Windows\Minidump
2013-07-29 17:03 - 2013-07-29 17:03 - 00739586 _____ C:\Users\Tim Weber\Desktop\gmer.log
2013-07-29 16:10 - 2013-07-29 16:10 - 00047808 _____ C:\Users\Tim Weber\Desktop\Extras.Txt
2013-07-29 16:09 - 2013-07-29 16:09 - 00137584 _____ C:\Users\Tim Weber\Desktop\OTL.Txt
2013-07-29 16:00 - 2013-07-29 16:00 - 00377856 _____ C:\Users\Tim Weber\Desktop\gmer_2.1.19163.exe
2013-07-29 15:57 - 2013-07-29 15:57 - 00000480 _____ C:\Users\Tim Weber\Desktop\defogger_disable.log
2013-07-29 15:57 - 2013-07-29 15:57 - 00000000 _____ C:\Users\Tim Weber\defogger_reenable
2013-07-29 15:55 - 2013-07-29 15:55 - 00602112 _____ (OldTimer Tools) C:\Users\Tim Weber\Desktop\OTL.exe
2013-07-29 15:55 - 2013-07-29 15:55 - 00050477 _____ C:\Users\Tim Weber\Desktop\Defogger.exe
2013-07-27 12:23 - 2013-07-27 12:23 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 17:06 - 2013-07-26 17:06 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\XMedia Recode
2013-07-26 16:54 - 2013-07-26 16:55 - 05099868 _____ (XMedia Recode                                               ) C:\Users\Tim Weber\Downloads\XMediaRecode3148_setup.exe
2013-07-23 11:23 - 2013-07-31 07:40 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-23 11:23 - 2013-07-23 11:23 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-23 11:23 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-23 11:23 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-23 11:23 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-23 11:23 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-23 11:23 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-23 11:23 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-23 11:23 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-23 11:22 - 2013-07-23 11:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-23 11:22 - 2013-07-23 11:22 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-23 11:00 - 2013-07-23 11:12 - 117478104 _____ C:\Users\Tim Weber\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_15.198156.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.724129.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.412111.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_13.010031.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_10.463885.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00000000 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_16.736244.dmp
2013-07-03 17:14 - 2013-07-03 17:13 - 00484992 _____ C:\Users\Tim Weber\Desktop\Minecraft(1).exe
2013-07-02 19:05 - 2013-07-02 19:05 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-01 21:34 - 2013-07-01 21:34 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\Craften_Dev_Team
2013-07-01 21:34 - 2013-07-01 21:34 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Minecraft Version Changer

==================== One Month Modified Files and Folders =======

2013-07-31 19:27 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 19:27 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 19:23 - 2012-06-01 22:26 - 01879306 _____ C:\Windows\WindowsUpdate.log
2013-07-31 19:22 - 2012-06-17 12:47 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Skype
2013-07-31 19:21 - 2012-09-06 18:43 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 19:21 - 2012-08-21 20:42 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFCC396F-5B23-4263-A720-8D4804449E98}
2013-07-31 19:21 - 2012-06-02 23:42 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\LogMeIn Hamachi
2013-07-31 19:20 - 2013-05-25 18:04 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-31 19:20 - 2012-09-21 18:32 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-31 19:20 - 2012-09-06 18:43 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 19:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 19:19 - 2009-07-14 06:51 - 00088891 _____ C:\Windows\setupact.log
2013-07-31 19:16 - 2012-06-10 18:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 18:23 - 2012-12-20 21:50 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\.minecraft
2013-07-31 17:27 - 2013-07-31 17:27 - 00102164 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-31 17:22 - 2012-06-02 08:42 - 00064024 _____ C:\Users\TIMWEB~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-31 16:46 - 2013-07-31 16:46 - 00891098 _____ C:\Users\Tim Weber\Desktop\SecurityCheck.exe
2013-07-31 16:45 - 2013-07-31 16:45 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-31 16:44 - 2011-03-15 23:23 - 00665340 _____ C:\Windows\system32\perfh007.dat
2013-07-31 16:44 - 2011-03-15 23:23 - 00133552 _____ C:\Windows\system32\perfc007.dat
2013-07-31 16:44 - 2009-07-14 07:13 - 01529092 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-31 16:42 - 2013-07-31 16:41 - 02347384 _____ (ESET) C:\Users\Tim Weber\Desktop\esetsmartinstaller_enu.exe
2013-07-31 12:26 - 2013-07-31 12:26 - 00004285 _____ C:\Users\Tim Weber\Desktop\JRT.txt
2013-07-31 12:17 - 2013-07-31 12:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 12:15 - 2013-07-31 12:15 - 00021041 _____ C:\Users\Tim Weber\Desktop\AdwCleaner[S1].txt
2013-07-31 12:11 - 2013-07-31 12:10 - 00021041 _____ C:\AdwCleaner[S1].txt
2013-07-31 12:11 - 2013-07-31 12:10 - 00000097 _____ C:\Windows\DeleteOnReboot.bat
2013-07-31 12:06 - 2013-07-30 20:31 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-07-31 12:05 - 2010-11-21 05:47 - 00283136 _____ C:\Windows\PFRO.log
2013-07-31 11:57 - 2013-07-31 11:57 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-31 11:57 - 2013-07-31 11:57 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Malwarebytes
2013-07-31 11:57 - 2013-07-31 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-31 11:57 - 2013-07-31 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 11:55 - 2013-07-31 11:55 - 00666633 _____ C:\Users\Tim Weber\Desktop\adwcleaner.exe
2013-07-31 11:55 - 2013-07-31 11:55 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Tim Weber\Desktop\JRT.exe
2013-07-31 11:55 - 2013-07-31 11:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim Weber\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-31 08:49 - 2012-06-20 18:51 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\TS3Client
2013-07-31 07:40 - 2013-07-31 07:40 - 00001429 _____ C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-31 07:40 - 2013-07-23 11:23 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-31 07:40 - 2012-06-01 22:31 - 00000000 ___RD C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-31 07:40 - 2012-06-01 22:31 - 00000000 ___RD C:\Users\Tim Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-30 21:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-30 20:34 - 2009-07-14 06:45 - 00294184 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-30 20:31 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-30 20:31 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-30 20:31 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-30 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-30 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-30 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-07-30 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-07-30 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-30 19:35 - 2013-07-30 19:24 - 00011841 _____ C:\Windows\IE10_main.log
2013-07-30 19:29 - 2013-07-30 19:29 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-30 19:29 - 2013-07-30 19:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-30 19:29 - 2013-07-30 19:29 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-30 19:29 - 2013-07-30 19:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-30 19:29 - 2013-07-30 19:29 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-30 19:29 - 2013-07-30 19:29 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-30 19:29 - 2013-07-30 19:29 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-30 19:29 - 2013-07-30 19:29 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-30 19:29 - 2013-07-30 19:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-30 19:29 - 2013-07-30 19:29 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-30 19:29 - 2013-07-30 19:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-30 19:29 - 2013-07-30 19:29 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-30 19:29 - 2013-07-30 19:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-30 19:26 - 2013-07-30 19:26 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-30 19:26 - 2013-07-30 19:26 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-30 19:04 - 2012-06-17 12:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-30 19:04 - 2012-06-17 12:47 - 00000000 ____D C:\ProgramData\Skype
2013-07-30 19:03 - 2013-07-30 19:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-30 19:03 - 2013-07-30 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-30 19:01 - 2013-07-30 19:01 - 00265196 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-30 17:28 - 2013-07-30 17:28 - 00027470 _____ C:\ComboFix.txt
2013-07-30 17:28 - 2013-07-30 11:09 - 00000000 ____D C:\Qoobox
2013-07-30 17:28 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-30 17:27 - 2013-07-30 11:06 - 00000000 ____D C:\Windows\erdnt
2013-07-30 17:26 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-30 11:04 - 2013-07-30 11:04 - 05095176 ____R (Swearware) C:\Users\Tim Weber\Desktop\ComboFix.exe
2013-07-30 11:02 - 2013-07-30 09:40 - 00000000 ____D C:\FRST
2013-07-30 09:43 - 2013-07-30 09:40 - 00018986 _____ C:\Users\Tim Weber\Desktop\Addition.txt
2013-07-30 09:24 - 2013-07-30 09:20 - 01781589 _____ (Farbar) C:\Users\Tim Weber\Desktop\FRST64.exe
2013-07-30 09:15 - 2009-07-14 01:19 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2013-07-30 09:12 - 2013-07-30 09:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-29 21:53 - 2013-07-29 21:53 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tim Weber\Desktop\tdsskiller.exe
2013-07-29 17:16 - 2013-07-29 17:16 - 943370334 _____ C:\Windows\MEMORY.DMP
2013-07-29 17:16 - 2013-07-29 17:16 - 00473280 _____ C:\Windows\Minidump\072913-23930-01.dmp
2013-07-29 17:16 - 2013-07-29 17:16 - 00000000 ____D C:\Windows\Minidump
2013-07-29 17:03 - 2013-07-29 17:03 - 00739586 _____ C:\Users\Tim Weber\Desktop\gmer.log
2013-07-29 16:10 - 2013-07-29 16:10 - 00047808 _____ C:\Users\Tim Weber\Desktop\Extras.Txt
2013-07-29 16:09 - 2013-07-29 16:09 - 00137584 _____ C:\Users\Tim Weber\Desktop\OTL.Txt
2013-07-29 16:00 - 2013-07-29 16:00 - 00377856 _____ C:\Users\Tim Weber\Desktop\gmer_2.1.19163.exe
2013-07-29 15:57 - 2013-07-29 15:57 - 00000480 _____ C:\Users\Tim Weber\Desktop\defogger_disable.log
2013-07-29 15:57 - 2013-07-29 15:57 - 00000000 _____ C:\Users\Tim Weber\defogger_reenable
2013-07-29 15:57 - 2012-06-01 22:27 - 00000000 ____D C:\Users\Tim Weber
2013-07-29 15:55 - 2013-07-29 15:55 - 00602112 _____ (OldTimer Tools) C:\Users\Tim Weber\Desktop\OTL.exe
2013-07-29 15:55 - 2013-07-29 15:55 - 00050477 _____ C:\Users\Tim Weber\Desktop\Defogger.exe
2013-07-27 12:23 - 2013-07-27 12:23 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-27 12:23 - 2012-09-06 18:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 17:06 - 2013-07-26 17:06 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\XMedia Recode
2013-07-26 16:55 - 2013-07-26 16:54 - 05099868 _____ (XMedia Recode                                               ) C:\Users\Tim Weber\Downloads\XMediaRecode3148_setup.exe
2013-07-23 12:54 - 2012-10-22 16:52 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Temimy
2013-07-23 11:25 - 2012-06-17 13:22 - 00000000 ____D C:\Users\Tim Weber\Downloads\Minecraft
2013-07-23 11:23 - 2013-07-23 11:23 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-23 11:23 - 2013-07-23 11:23 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-23 11:23 - 2013-07-23 11:23 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-23 11:22 - 2013-07-23 11:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-23 11:22 - 2013-07-23 11:22 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-23 11:12 - 2013-07-23 11:00 - 117478104 _____ C:\Users\Tim Weber\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-23 11:06 - 2012-11-05 17:35 - 00000000 ____D C:\Program Files (x86)\Minecraft Texturepack Editor
2013-07-23 11:05 - 2012-08-17 23:56 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_15.198156.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.724129.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_14.412111.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_13.010031.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00246389 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_10.463885.dmp
2013-07-22 10:07 - 2013-07-22 10:07 - 00000000 _____ C:\Users\Tim Weber\Documents\ts3_clientui-win64-1365064384-2013-07-22 10_07_16.736244.dmp
2013-07-15 15:07 - 2013-05-26 08:33 - 00000000 ____D C:\Users\Tim Weber\Documents\FIFA 13
2013-07-13 13:16 - 2012-09-06 18:43 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 13:16 - 2012-09-06 18:43 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-09 19:13 - 2012-07-24 12:53 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Uxcu
2013-07-03 17:13 - 2013-07-03 17:14 - 00484992 _____ C:\Users\Tim Weber\Desktop\Minecraft(1).exe
2013-07-02 19:05 - 2013-07-02 19:05 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-01 21:34 - 2013-07-01 21:34 - 00000000 ____D C:\Users\TIMWEB~1\AppData\Local\Craften_Dev_Team
2013-07-01 21:34 - 2013-07-01 21:34 - 00000000 ____D C:\Users\Tim Weber\AppData\Roaming\Minecraft Version Changer

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 16:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---


War es das jetzt schon?

Dann hätte ich noch ein paar Fragen:

-Welche Sicherheits-Software empfiehlt ihr?
-Kann ich alle Programme löschen und sollte ich ab und zu mal eines davon drüber laufen lassen?
-Welchen Browser empfiehlt ihr?


Vielen Dank nochmal!!

LG, Tim Weber

Alt 31.07.2013, 19:57   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Malware Trojaner in service.exe - Standard

Malware Trojaner in service.exe



Java und Adobe updaten.
Zitat:
Welche Sicherheits-Software empfiehlt ihr?
Emsisoft oder Avast


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Malware Trojaner in service.exe
80000000.@, 800000cb.@, anderen, anhänge, antivirus, antwort, avast, dokumente, eingefangen, fehler, fehlermeldung, gen, hängen, installer, installiert, malware, namens, programme, service.exe, sicherheitssoftware, system, system32, trojaner, versucht, warnmeldung, win32, windows



Ähnliche Themen: Malware Trojaner in service.exe


  1. Windows 7 - 64bit: PC sehr langsam, Vermutung Malware, Toshiba Service Station Problem
    Log-Analyse und Auswertung - 01.07.2015 (20)
  2. Malware-as-a-Service: Entwickler des Tox-Trojaners steigt aus
    Nachrichten - 05.06.2015 (0)
  3. Trojaner Driver Operating Service
    Log-Analyse und Auswertung - 08.11.2014 (1)
  4. Tausend Dank an Schrauber und sein Trojaner-Board für den tollen Service
    Lob, Kritik und Wünsche - 25.07.2014 (0)
  5. BKA Trojaner, Windows XP Home Edition Service Pack 3
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (19)
  6. Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)
    Log-Analyse und Auswertung - 22.01.2013 (19)
  7. GVU Trojaner auf 10 Jahre altem XP-Rechner (Service Pack 3)
    Log-Analyse und Auswertung - 13.01.2013 (21)
  8. Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS
    Log-Analyse und Auswertung - 11.11.2012 (13)
  9. Trojaner - Computerkriminalität des criminal intelligence service Einheit 5.2
    Log-Analyse und Auswertung - 26.10.2012 (44)
  10. service.exe trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (2)
  11. service.exe / svchost.exe Trojaner- und Virusmeldungen
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (3)
  12. winXP Service pack III Windows update Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.05.2012 (1)
  13. Google Weiterleitung, Trojaner & Generic Host Problem for Win 32 service
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (8)
  14. SERVICE.EXE = Trojaner (?)
    Log-Analyse und Auswertung - 19.03.2009 (1)
  15. GMER meldet versteckten Service, wahrscheinlich Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.02.2009 (20)
  16. windows essencials media codecs update service - ist das ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2009 (0)
  17. service.exe / Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 29.04.2006 (3)

Zum Thema Malware Trojaner in service.exe - Hallo Trojaner-Board! Leider habe ich mir einen Trojaner eingefangen, da ich Zeitweise keine Sicherheitssoftware installiert hatte. Ich habe mir also avast antivirus geholt und damit durchgescannt - mit Erfolg. Leider - Malware Trojaner in service.exe...
Archiv
Du betrachtest: Malware Trojaner in service.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.