Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: einer/mehrere trojaner services.exe/system 32

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.09.2013, 11:04   #1
Eselzüchter
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Hallo Community!

Vermutlich hat es meinen PC mit ordentlich Viren vollgeballert. Erstmal hab ich nichts gemerkt, bis vor ein paar Tagen mal ein Brief von der Telekom kam, in dem stand, dass mein PC nen Virus drauf habe und mein e-Mail Verkehr evtl. eingeschränkt wird.

Jetzt habe ich mal Avira durchlaufen lassen und schnell gemerkt, dass das nichts bringt. Es erkennt immer wieder den Virus Services.exe bzw System 32 - die Datei löschen kann ich leider nicht.
Hab jetzt Avira mal deinstalliert und Avast runtergeladen, der schon mehr Viren gefunden hat...
Auf anraten anderer hab ich auch schon Malwarebytes drüber laufen lassen, welches auch 38 Dateien gefunden hat und einige davon löschen konnte...

Avast springt nun zurzeit dauernd an und zeigt mir wieder das gleiche: Services.exe und System32...außerdem kommt dauernd die Meldung "Bösartige Website blockiert". Mir wurde auch schon geraten das Betriebssystem komplett neu drauf zu ziehen, sollte ich? und wie sieht's jetzt mit der Datensicherung aus? Ich hoffe ihr könnt mir helfen....___.

P.s.: bitte kein übler Fachjargon, ich kenn mich nich soo damit aus...

danke schonmal im vorraus

Alt 08.09.2013, 11:21   #2
DerJazzer
/// Malwareteam
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Hallo und

Ich bin Christoph alias DerJazzer. Ich werde dich durch die Bereinigung begleiten und bin währenddessen dein Ansprechpartner für dieses Thema.

Je nach Art der vorliegenden Infektion kann viel Arbeit und ein großer Zeiteinsatz auf dich (und auf mich) zukommen. Ein Neuaufsetzen ist damit meist als der schnellere, aber immer als der sicherere Weg zu betrachten.

Für den Erfolg der Bereinigung gilt:
Ich kann dir zu keinem Zeitpunkt garantieren, dass der PC nach der Bereinigung auch wirklich frei von Malware ist!


Wenn du das akzeptierst, bitte ich dich, hier so lange mitzuarbeiten, bis ich dir sage, dass der PC aus meiner Sicht malwarefrei ist.

Um die Bereinigung so effektiv und nervenschonend wie möglich zu gestalten, bitte ich dich, folgende Punkte ebenfalls zu beachten:
  • Bitte arbeite alle Schritte in der von mir genannten Reihenfolge nacheinander ab.
  • Bitte lies dir meine Anleitungen einmal kurz durch, bevor du beginnst. Solltest du Fragen haben, stelle sie bitte hier im Thema.
  • Sollten während des Abarbeitens der Anleitungen und des Einsaztes der geforderten Tools Probleme auftauchen, stoppe bitte bei dem betreffenden Schritt und beschreibe dein Problem so genau wie möglich.
  • Bitte setze keine Tools auf eigene Faust ein, sondern benutze nur von mir ausdrücklich geforderte Tools. Ebenso bitte ich dich, während der Bereinigung keine neuen Programme ohne meine Aufforderung zu installieren.
  • Im Interesse der Höflichkeit (auch im "anonymen" Internet!) appelliere ich an dich, sog. Crossposting (Posten deines Problems in mehreren Foren) auch aus Wertschätzung meiner Arbeit zu unterlassen.

Um mir das Auswerten deiner Logs (Berichte der verwendeten Programme) zu erleichtern, bitte ich dich, diese zwischen Code-Tags zu posten. Dazu drückst du einfach den #-Button im Antwortfenster und fügst dort zwischen den eckigen Klammern dein Log ein. Das sieht dann so aus: [CODE] eingefügtes Log [/CODE]

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Bitte poste mir alle Logs von Malwarebytes.

Schritt 2

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Schritt 3

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Bitte poste in deiner nächsten Antwort
  • Malwarebytes-Logs/Berichte
  • TDSSKiller-Log
  • aswMBR-Log
__________________

__________________

Alt 08.09.2013, 13:11   #3
Eselzüchter
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



So, erstmal vielen Dank für die schnelle Antwort!

Hier ist der Malwarebytes log:

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 493871
Laufzeit: 1 Stunde(n), 8 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Keine Aktion durchgeführt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=485F0018E778AF21&affID=119357&tsp=4999) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 8
C:\Users\Steffen\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 32
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserProtect.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP9AVL3J\pack[1].7z (PUP.Optional.BrowserProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP9AVL3J\Setup[1].exe (PUP.Optional.WebConnect.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\ImageEditorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.
C:\WINDOWS\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\GUninstaller.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\Loading.html (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.

(Ende)

Hier der TDSSKiller log

12:45:51.0133 4796 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:45:51.0391 4796 ============================================================
12:45:51.0391 4796 Current date / time: 2013/09/08 12:45:51.0391
12:45:51.0391 4796 SystemInfo:
12:45:51.0391 4796
12:45:51.0392 4796 OS Version: 6.1.7600 ServicePack: 0.0
12:45:51.0392 4796 Product type: Workstation
12:45:51.0392 4796 ComputerName: STEFFEN-PC
12:45:51.0392 4796 UserName: Steffen
12:45:51.0392 4796 Windows directory: C:\Windows
12:45:51.0392 4796 System windows directory: C:\Windows
12:45:51.0392 4796 Running under WOW64
12:45:51.0392 4796 Processor architecture: Intel x64
12:45:51.0392 4796 Number of processors: 4
12:45:51.0392 4796 Page size: 0x1000
12:45:51.0392 4796 Boot type: Normal boot
12:45:51.0392 4796 ============================================================
12:45:54.0946 4796 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:54.0972 4796 ============================================================
12:45:54.0972 4796 \Device\Harddisk0\DR0:
12:45:54.0976 4796 MBR partitions:
12:45:54.0976 4796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B000, BlocksNum 0x16E3000
12:45:54.0976 4796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x171E000, BlocksNum 0x72FE8000
12:45:54.0976 4796 ============================================================
12:45:55.0068 4796 C: <-> \Device\Harddisk0\DR0\Partition2
12:45:55.0069 4796 ============================================================
12:45:55.0069 4796 Initialize success
12:45:55.0069 4796 ============================================================
12:46:41.0236 4388 ============================================================
12:46:41.0236 4388 Scan started
12:46:41.0236 4388 Mode: Manual; SigCheck; TDLFS;
12:46:41.0236 4388 ============================================================
12:46:46.0577 4388 ================ Scan system memory ========================
12:46:46.0577 4388 System memory - ok
12:46:46.0579 4388 ================ Scan services =============================
12:46:46.0706 4388 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:46:46.0889 4388 1394ohci - ok
12:46:46.0906 4388 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
12:46:46.0924 4388 ACPI - ok
12:46:46.0938 4388 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
12:46:46.0965 4388 AcpiPmi - ok
12:46:47.0079 4388 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:46:47.0107 4388 AdobeFlashPlayerUpdateSvc - ok
12:46:47.0118 4388 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:46:47.0137 4388 adp94xx - ok
12:46:47.0149 4388 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:46:47.0166 4388 adpahci - ok
12:46:47.0171 4388 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:46:47.0185 4388 adpu320 - ok
12:46:47.0207 4388 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:46:47.0274 4388 AeLookupSvc - ok
12:46:47.0348 4388 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
12:46:47.0427 4388 AFD - ok
12:46:47.0446 4388 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
12:46:47.0457 4388 agp440 - ok
12:46:47.0466 4388 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:46:47.0522 4388 ALG - ok
12:46:47.0551 4388 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
12:46:47.0572 4388 aliide - ok
12:46:47.0595 4388 [ 96C414816088D308D2E4C2BE069F4D51 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:46:47.0637 4388 AMD External Events Utility - ok
12:46:47.0641 4388 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
12:46:47.0652 4388 amdide - ok
12:46:47.0669 4388 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:46:47.0732 4388 AmdK8 - ok
12:46:47.0987 4388 [ 947F7DA98008A1DEDD944AEA2880E86D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:46:48.0210 4388 amdkmdag - ok
12:46:48.0238 4388 [ BB2A3789B7F0830665105A8ECE674AC8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:46:48.0310 4388 amdkmdap - ok
12:46:48.0335 4388 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:46:48.0412 4388 AmdPPM - ok
12:46:48.0451 4388 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:46:48.0478 4388 amdsata - ok
12:46:48.0500 4388 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:46:48.0514 4388 amdsbs - ok
12:46:48.0521 4388 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:46:48.0532 4388 amdxata - ok
12:46:48.0543 4388 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
12:46:48.0561 4388 AppID - ok
12:46:48.0570 4388 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:46:48.0605 4388 AppIDSvc - ok
12:46:48.0620 4388 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
12:46:48.0634 4388 Appinfo - ok
12:46:48.0648 4388 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:46:48.0661 4388 arc - ok
12:46:48.0669 4388 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:46:48.0682 4388 arcsas - ok
12:46:48.0713 4388 aspnet_state - ok
12:46:48.0752 4388 [ A83C9C15680BB9E270ACF7172068E287 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:46:48.0774 4388 aswFsBlk - ok
12:46:48.0828 4388 [ 5C40B8D77EBEE1DE0E7A8CDD0CD75773 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:46:48.0848 4388 aswMonFlt - ok
12:46:48.0870 4388 [ 997F6977294B9ACB7F400431DF8E3A4A ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
12:46:48.0880 4388 aswRdr - ok
12:46:48.0906 4388 [ 286193DC28CFB4CEB8D378E20A0850A9 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
12:46:48.0916 4388 aswRvrt - ok
12:46:48.0941 4388 [ 58B93BA20D4693D0800D2B0A62B8059D ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:46:48.0966 4388 aswSnx - ok
12:46:48.0990 4388 [ EC7148DB4D126C81426A67602822E62C ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:46:49.0006 4388 aswSP - ok
12:46:49.0027 4388 [ 0E422E9CB7CD9C0AA6D4DFEAFA086EAA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:46:49.0046 4388 aswTdi - ok
12:46:49.0083 4388 [ 9FE455C916C656144B004E3EB48507CE ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
12:46:49.0113 4388 aswVmm - ok
12:46:49.0134 4388 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:46:49.0193 4388 AsyncMac - ok
12:46:49.0237 4388 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
12:46:49.0263 4388 atapi - ok
12:46:49.0298 4388 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:46:49.0308 4388 AtiHdmiService - ok
12:46:49.0331 4388 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:46:49.0395 4388 AudioEndpointBuilder - ok
12:46:49.0532 4388 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:46:49.0576 4388 AudioSrv - ok
12:46:49.0733 4388 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:46:49.0752 4388 avast! Antivirus - ok
12:46:49.0785 4388 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:46:49.0856 4388 AxInstSV - ok
12:46:49.0884 4388 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:46:49.0916 4388 b06bdrv - ok
12:46:49.0946 4388 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:46:50.0008 4388 b57nd60a - ok
12:46:50.0033 4388 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:46:50.0049 4388 BDESVC - ok
12:46:50.0055 4388 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:46:50.0145 4388 Beep - ok
12:46:50.0197 4388 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
12:46:50.0261 4388 BITS - ok
12:46:50.0271 4388 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:46:50.0293 4388 blbdrive - ok
12:46:50.0328 4388 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:46:50.0352 4388 bowser - ok
12:46:50.0358 4388 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:46:50.0412 4388 BrFiltLo - ok
12:46:50.0433 4388 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:46:50.0466 4388 BrFiltUp - ok
12:46:50.0479 4388 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
12:46:50.0529 4388 Browser - ok
12:46:50.0565 4388 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:46:50.0606 4388 Brserid - ok
12:46:50.0619 4388 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:46:50.0648 4388 BrSerWdm - ok
12:46:50.0650 4388 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:46:50.0697 4388 BrUsbMdm - ok
12:46:50.0719 4388 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:46:50.0747 4388 BrUsbSer - ok
12:46:50.0762 4388 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:46:50.0779 4388 BTHMODEM - ok
12:46:50.0788 4388 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:46:50.0825 4388 bthserv - ok
12:46:50.0837 4388 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:46:50.0873 4388 cdfs - ok
12:46:50.0898 4388 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:46:50.0914 4388 cdrom - ok
12:46:50.0936 4388 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
12:46:50.0976 4388 CertPropSvc - ok
12:46:50.0996 4388 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:46:51.0013 4388 circlass - ok
12:46:51.0035 4388 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:46:51.0053 4388 CLFS - ok
12:46:51.0075 4388 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:46:51.0119 4388 clr_optimization_v2.0.50727_32 - ok
12:46:51.0259 4388 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:46:51.0282 4388 clr_optimization_v2.0.50727_64 - ok
12:46:51.0362 4388 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:46:51.0415 4388 clr_optimization_v4.0.30319_32 - ok
12:46:51.0456 4388 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:46:51.0479 4388 clr_optimization_v4.0.30319_64 - ok
12:46:51.0484 4388 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:46:51.0518 4388 CmBatt - ok
12:46:51.0521 4388 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
12:46:51.0533 4388 cmdide - ok
12:46:51.0572 4388 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
12:46:51.0613 4388 CNG - ok
12:46:51.0624 4388 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:46:51.0635 4388 Compbatt - ok
12:46:51.0658 4388 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:46:51.0688 4388 CompositeBus - ok
12:46:51.0691 4388 COMSysApp - ok
12:46:51.0695 4388 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:46:51.0707 4388 crcdisk - ok
12:46:51.0751 4388 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:46:51.0800 4388 CryptSvc - ok
12:46:51.0981 4388 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:46:52.0010 4388 cvhsvc - ok
12:46:52.0054 4388 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:46:52.0111 4388 DcomLaunch - ok
12:46:52.0116 4388 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:46:52.0155 4388 defragsvc - ok
12:46:52.0185 4388 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:46:52.0212 4388 DfsC - ok
12:46:52.0236 4388 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
12:46:52.0293 4388 Dhcp - ok
12:46:52.0297 4388 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:46:52.0370 4388 discache - ok
12:46:52.0373 4388 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:46:52.0385 4388 Disk - ok
12:46:52.0452 4388 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:46:52.0496 4388 Dnscache - ok
12:46:52.0561 4388 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
12:46:52.0575 4388 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
12:46:52.0575 4388 DockLoginService - detected UnsignedFile.Multi.Generic (1)
12:46:52.0596 4388 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
12:46:52.0649 4388 dot3svc - ok
12:46:52.0666 4388 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
12:46:52.0731 4388 DPS - ok
12:46:52.0768 4388 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:46:52.0796 4388 drmkaud - ok
12:46:52.0869 4388 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:46:52.0906 4388 DXGKrnl - ok
12:46:52.0945 4388 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:46:53.0004 4388 EapHost - ok
12:46:53.0067 4388 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:46:53.0186 4388 ebdrv - ok
12:46:53.0221 4388 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
12:46:53.0290 4388 EFS - ok
12:46:53.0414 4388 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:46:53.0453 4388 ehRecvr - ok
12:46:53.0470 4388 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:46:53.0484 4388 ehSched - ok
12:46:53.0525 4388 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
12:46:53.0547 4388 ElbyCDIO - ok
12:46:53.0563 4388 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:46:53.0584 4388 elxstor - ok
12:46:53.0707 4388 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
12:46:53.0718 4388 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
12:46:53.0718 4388 EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
12:46:53.0733 4388 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
12:46:53.0739 4388 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
12:46:53.0739 4388 EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
12:46:53.0750 4388 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
12:46:53.0775 4388 ErrDev - ok
12:46:53.0811 4388 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:46:53.0856 4388 EventSystem - ok
12:46:53.0874 4388 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:46:53.0925 4388 exfat - ok
12:46:53.0961 4388 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:46:54.0026 4388 fastfat - ok
12:46:54.0058 4388 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
12:46:54.0100 4388 Fax - ok
12:46:54.0113 4388 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:46:54.0126 4388 fdc - ok
12:46:54.0136 4388 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:46:54.0185 4388 fdPHost - ok
12:46:54.0210 4388 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:46:54.0257 4388 FDResPub - ok
12:46:54.0274 4388 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:46:54.0286 4388 FileInfo - ok
12:46:54.0292 4388 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:46:54.0338 4388 Filetrace - ok
12:46:54.0350 4388 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:46:54.0403 4388 flpydisk - ok
12:46:54.0417 4388 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:46:54.0435 4388 FltMgr - ok
12:46:54.0497 4388 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
12:46:54.0556 4388 FontCache - ok
12:46:54.0605 4388 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:46:54.0626 4388 FontCache3.0.0.0 - ok
12:46:54.0648 4388 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:46:54.0661 4388 FsDepends - ok
12:46:54.0675 4388 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:46:54.0686 4388 Fs_Rec - ok
12:46:54.0722 4388 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:46:54.0756 4388 fvevol - ok
12:46:54.0767 4388 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:46:54.0782 4388 gagp30kx - ok
12:46:54.0798 4388 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
12:46:54.0828 4388 gpsvc - ok
12:46:54.0875 4388 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:46:54.0896 4388 gupdate - ok
12:46:54.0909 4388 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:46:54.0919 4388 gupdatem - ok
12:46:54.0940 4388 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:46:54.0953 4388 hcw85cir - ok
12:46:54.0979 4388 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:46:54.0996 4388 HDAudBus - ok
12:46:55.0017 4388 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:46:55.0028 4388 HECIx64 - ok
12:46:55.0032 4388 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:46:55.0048 4388 HidBatt - ok
12:46:55.0070 4388 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:46:55.0087 4388 HidBth - ok
12:46:55.0097 4388 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:46:55.0114 4388 HidIr - ok
12:46:55.0117 4388 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:46:55.0194 4388 hidserv - ok
12:46:55.0239 4388 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:46:55.0278 4388 HidUsb - ok
12:46:55.0304 4388 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:46:55.0368 4388 hkmsvc - ok
12:46:55.0389 4388 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:46:55.0407 4388 HomeGroupListener - ok
12:46:55.0499 4388 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:46:55.0539 4388 HomeGroupProvider - ok
12:46:55.0550 4388 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
12:46:55.0562 4388 HpSAMD - ok
12:46:55.0589 4388 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:46:55.0648 4388 HTCAND64 - ok
12:46:55.0692 4388 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
12:46:55.0702 4388 htcnprot - ok
12:46:55.0720 4388 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:46:55.0769 4388 HTTP - ok
12:46:55.0778 4388 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:46:55.0788 4388 hwpolicy - ok
12:46:55.0819 4388 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:46:55.0833 4388 i8042prt - ok
12:46:55.0878 4388 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:46:55.0927 4388 iaStorV - ok
12:46:55.0994 4388 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:46:56.0009 4388 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:46:56.0009 4388 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:46:56.0099 4388 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:46:56.0141 4388 idsvc - ok
12:46:56.0144 4388 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:46:56.0187 4388 iirsp - ok
12:46:56.0233 4388 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
12:46:56.0290 4388 IKEEXT - ok
12:46:56.0335 4388 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
12:46:56.0354 4388 Impcd - ok
12:46:56.0437 4388 [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:46:56.0479 4388 IntcAzAudAddService - ok
12:46:56.0501 4388 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:46:56.0526 4388 IntcDAud - ok
12:46:56.0549 4388 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
12:46:56.0593 4388 intelide - ok
12:46:56.0634 4388 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:46:56.0688 4388 intelppm - ok
12:46:56.0701 4388 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:46:56.0745 4388 IPBusEnum - ok
12:46:56.0764 4388 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:56.0808 4388 IpFilterDriver - ok
12:46:56.0833 4388 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:46:56.0847 4388 IPMIDRV - ok
12:46:56.0859 4388 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:46:56.0905 4388 IPNAT - ok
12:46:56.0927 4388 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:46:56.0943 4388 IRENUM - ok
12:46:56.0962 4388 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
12:46:56.0984 4388 isapnp - ok
12:46:57.0002 4388 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:46:57.0016 4388 iScsiPrt - ok
12:46:57.0035 4388 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
12:46:57.0048 4388 k57nd60a - ok
12:46:57.0058 4388 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:46:57.0068 4388 kbdclass - ok
12:46:57.0085 4388 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:46:57.0097 4388 kbdhid - ok
12:46:57.0112 4388 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
12:46:57.0124 4388 KeyIso - ok
12:46:57.0156 4388 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:46:57.0194 4388 KSecDD - ok
12:46:57.0217 4388 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:46:57.0246 4388 KSecPkg - ok
12:46:57.0250 4388 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:46:57.0300 4388 ksthunk - ok
12:46:57.0340 4388 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:46:57.0392 4388 KtmRm - ok
12:46:57.0433 4388 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:46:57.0487 4388 LanmanServer - ok
12:46:57.0521 4388 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:46:57.0574 4388 LanmanWorkstation - ok
12:46:57.0611 4388 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:46:57.0678 4388 lltdio - ok
12:46:57.0729 4388 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:46:57.0804 4388 lltdsvc - ok
12:46:57.0817 4388 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:46:57.0867 4388 lmhosts - ok
12:46:57.0893 4388 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:46:57.0905 4388 LSI_FC - ok
12:46:57.0916 4388 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:46:57.0929 4388 LSI_SAS - ok
12:46:57.0942 4388 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:46:57.0954 4388 LSI_SAS2 - ok
12:46:57.0969 4388 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:46:57.0982 4388 LSI_SCSI - ok
12:46:57.0996 4388 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:46:58.0033 4388 luafv - ok
12:46:58.0077 4388 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:46:58.0093 4388 MBAMProtector - ok
12:46:58.0137 4388 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:46:58.0163 4388 MBAMScheduler - ok
12:46:58.0185 4388 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:46:58.0206 4388 MBAMService - ok
12:46:58.0222 4388 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:46:58.0238 4388 Mcx2Svc - ok
12:46:58.0247 4388 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:46:58.0259 4388 megasas - ok
12:46:58.0272 4388 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:46:58.0289 4388 MegaSR - ok
12:46:58.0297 4388 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:46:58.0372 4388 MMCSS - ok
12:46:58.0398 4388 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:46:58.0470 4388 Modem - ok
12:46:58.0486 4388 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:46:58.0501 4388 monitor - ok
12:46:58.0511 4388 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:46:58.0522 4388 mouclass - ok
12:46:58.0537 4388 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:46:58.0559 4388 mouhid - ok
12:46:58.0571 4388 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:46:58.0583 4388 mountmgr - ok
12:46:58.0617 4388 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:46:58.0629 4388 MozillaMaintenance - ok
12:46:58.0643 4388 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
12:46:58.0657 4388 mpio - ok
12:46:58.0671 4388 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:46:58.0707 4388 mpsdrv - ok
12:46:58.0735 4388 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:46:58.0777 4388 MRxDAV - ok
12:46:58.0814 4388 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:58.0842 4388 mrxsmb - ok
12:46:58.0882 4388 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:58.0902 4388 mrxsmb10 - ok
12:46:58.0909 4388 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:58.0946 4388 mrxsmb20 - ok
12:46:58.0969 4388 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
12:46:58.0982 4388 msahci - ok
12:46:58.0997 4388 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
12:46:59.0027 4388 msdsm - ok
12:46:59.0043 4388 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:46:59.0067 4388 MSDTC - ok
12:46:59.0088 4388 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:46:59.0123 4388 Msfs - ok
12:46:59.0136 4388 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:46:59.0171 4388 mshidkmdf - ok
12:46:59.0180 4388 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
12:46:59.0190 4388 msisadrv - ok
12:46:59.0215 4388 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:46:59.0290 4388 MSiSCSI - ok
12:46:59.0295 4388 msiserver - ok
12:46:59.0324 4388 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:46:59.0386 4388 MSKSSRV - ok
12:46:59.0412 4388 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:59.0484 4388 MSPCLOCK - ok
12:46:59.0503 4388 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:46:59.0572 4388 MSPQM - ok
12:46:59.0693 4388 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:46:59.0719 4388 MsRPC - ok
12:46:59.0743 4388 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:46:59.0754 4388 mssmbios - ok
12:46:59.0783 4388 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:46:59.0850 4388 MSTEE - ok
12:46:59.0864 4388 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:46:59.0877 4388 MTConfig - ok
12:46:59.0895 4388 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:46:59.0906 4388 Mup - ok
12:46:59.0929 4388 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
12:46:59.0990 4388 napagent - ok
12:47:00.0028 4388 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:47:00.0064 4388 NativeWifiP - ok
12:47:00.0131 4388 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:47:00.0169 4388 NDIS - ok
12:47:00.0176 4388 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:47:00.0211 4388 NdisCap - ok
12:47:00.0223 4388 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:00.0257 4388 NdisTapi - ok
12:47:00.0276 4388 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:00.0311 4388 Ndisuio - ok
12:47:00.0327 4388 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:00.0361 4388 NdisWan - ok
12:47:00.0369 4388 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:47:00.0404 4388 NDProxy - ok
12:47:00.0416 4388 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:47:00.0450 4388 NetBIOS - ok
12:47:00.0480 4388 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:47:00.0538 4388 NetBT - ok
12:47:00.0571 4388 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
12:47:00.0594 4388 Netlogon - ok
12:47:00.0641 4388 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:47:00.0703 4388 Netman - ok
12:47:00.0735 4388 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:47:00.0778 4388 netprofm - ok
12:47:00.0826 4388 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:47:00.0862 4388 NetTcpPortSharing - ok
12:47:00.0869 4388 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:47:00.0883 4388 nfrd960 - ok
12:47:00.0914 4388 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:47:00.0984 4388 NlaSvc - ok
12:47:01.0003 4388 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:47:01.0038 4388 Npfs - ok
12:47:01.0049 4388 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:47:01.0086 4388 nsi - ok
12:47:01.0095 4388 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:47:01.0129 4388 nsiproxy - ok
12:47:01.0190 4388 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:47:01.0234 4388 Ntfs - ok
12:47:01.0253 4388 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:47:01.0288 4388 Null - ok
12:47:01.0307 4388 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:47:01.0321 4388 nvraid - ok
12:47:01.0332 4388 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:47:01.0345 4388 nvstor - ok
12:47:01.0372 4388 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
12:47:01.0385 4388 nv_agp - ok
12:47:01.0399 4388 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:47:01.0415 4388 ohci1394 - ok
12:47:01.0449 4388 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:47:01.0475 4388 ose - ok
12:47:01.0720 4388 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:47:01.0861 4388 osppsvc - ok
12:47:01.0972 4388 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:47:02.0031 4388 p2pimsvc - ok
12:47:02.0050 4388 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:47:02.0070 4388 p2psvc - ok
12:47:02.0076 4388 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:47:02.0090 4388 Parport - ok
12:47:02.0122 4388 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:47:02.0135 4388 partmgr - ok
12:47:02.0184 4388 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
12:47:02.0203 4388 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
12:47:02.0203 4388 PassThru Service - detected UnsignedFile.Multi.Generic (1)
12:47:02.0220 4388 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:47:02.0264 4388 PcaSvc - ok
12:47:02.0282 4388 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
12:47:02.0296 4388 pci - ok
12:47:02.0308 4388 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:47:02.0319 4388 pciide - ok
12:47:02.0328 4388 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:47:02.0343 4388 pcmcia - ok
12:47:02.0357 4388 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:47:02.0368 4388 pcw - ok
12:47:02.0388 4388 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:47:02.0480 4388 PEAUTH - ok
12:47:02.0534 4388 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:47:02.0583 4388 PerfHost - ok
12:47:02.0935 4388 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
12:47:02.0996 4388 pla - ok
12:47:03.0035 4388 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:47:03.0069 4388 PlugPlay - ok
12:47:03.0077 4388 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:47:03.0109 4388 PNRPAutoReg - ok
12:47:03.0138 4388 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:47:03.0155 4388 PNRPsvc - ok
12:47:03.0174 4388 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:47:03.0227 4388 PolicyAgent - ok
12:47:03.0246 4388 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:47:03.0293 4388 Power - ok
12:47:03.0319 4388 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:47:03.0355 4388 PptpMiniport - ok
12:47:03.0367 4388 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:47:03.0390 4388 Processor - ok
12:47:03.0419 4388 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
12:47:03.0448 4388 ProfSvc - ok
12:47:03.0462 4388 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:47:03.0475 4388 ProtectedStorage - ok
12:47:03.0485 4388 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:47:03.0532 4388 Psched - ok
12:47:03.0556 4388 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:47:03.0566 4388 PxHlpa64 - ok
12:47:03.0605 4388 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:47:03.0675 4388 ql2300 - ok
12:47:03.0681 4388 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:47:03.0694 4388 ql40xx - ok
12:47:03.0714 4388 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:47:03.0737 4388 QWAVE - ok
12:47:03.0740 4388 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:47:03.0776 4388 QWAVEdrv - ok
12:47:03.0797 4388 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:47:03.0863 4388 RasAcd - ok
12:47:03.0887 4388 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:03.0922 4388 RasAgileVpn - ok
12:47:03.0929 4388 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:47:03.0965 4388 RasAuto - ok
12:47:03.0974 4388 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:04.0020 4388 Rasl2tp - ok
12:47:04.0050 4388 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
12:47:04.0128 4388 RasMan - ok
12:47:04.0140 4388 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:04.0177 4388 RasPppoe - ok
12:47:04.0200 4388 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:47:04.0245 4388 RasSstp - ok
12:47:04.0258 4388 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:47:04.0307 4388 rdbss - ok
12:47:04.0317 4388 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:47:04.0333 4388 rdpbus - ok
12:47:04.0341 4388 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:04.0375 4388 RDPCDD - ok
12:47:04.0380 4388 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:47:04.0424 4388 RDPENCDD - ok
12:47:04.0428 4388 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:47:04.0464 4388 RDPREFMP - ok
12:47:04.0492 4388 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:47:04.0507 4388 RDPWD - ok
12:47:04.0514 4388 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:47:04.0529 4388 rdyboost - ok
12:47:04.0547 4388 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:47:04.0611 4388 RemoteAccess - ok
12:47:04.0623 4388 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:47:04.0661 4388 RemoteRegistry - ok
12:47:04.0671 4388 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:47:04.0709 4388 RpcEptMapper - ok
12:47:04.0727 4388 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:47:04.0757 4388 RpcLocator - ok
12:47:04.0778 4388 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
12:47:04.0817 4388 RpcSs - ok
12:47:04.0825 4388 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:47:04.0877 4388 rspndr - ok
12:47:04.0918 4388 [ 9269EF78A780A3161087DF1BEC117DC8 ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys
12:47:04.0954 4388 RTL85n64 - ok
12:47:04.0962 4388 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
12:47:04.0974 4388 SamSs - ok
12:47:04.0986 4388 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
12:47:04.0998 4388 sbp2port - ok
12:47:05.0013 4388 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:47:05.0090 4388 SCardSvr - ok
12:47:05.0113 4388 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:47:05.0183 4388 scfilter - ok
12:47:05.0234 4388 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
12:47:05.0300 4388 Schedule - ok
12:47:05.0336 4388 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:47:05.0376 4388 SCPolicySvc - ok
12:47:05.0395 4388 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:47:05.0411 4388 SDRSVC - ok
12:47:05.0422 4388 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:47:05.0457 4388 secdrv - ok
12:47:05.0469 4388 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
12:47:05.0513 4388 seclogon - ok
12:47:05.0529 4388 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:47:05.0576 4388 SENS - ok
12:47:05.0585 4388 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:47:05.0608 4388 SensrSvc - ok
12:47:05.0617 4388 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:47:05.0628 4388 Serenum - ok
12:47:05.0641 4388 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:47:05.0654 4388 Serial - ok
12:47:05.0667 4388 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:47:05.0678 4388 sermouse - ok
12:47:05.0692 4388 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
12:47:05.0727 4388 SessionEnv - ok
12:47:05.0735 4388 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:47:05.0758 4388 sffdisk - ok
12:47:05.0774 4388 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:47:05.0799 4388 sffp_mmc - ok
12:47:05.0813 4388 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:47:05.0826 4388 sffp_sd - ok
12:47:05.0836 4388 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:47:05.0869 4388 sfloppy - ok
12:47:05.0941 4388 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
12:47:05.0978 4388 Sftfs - ok
12:47:06.0033 4388 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:47:06.0067 4388 sftlist - ok
12:47:06.0084 4388 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:47:06.0096 4388 Sftplay - ok
12:47:06.0112 4388 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:47:06.0121 4388 Sftredir - ok
12:47:06.0179 4388 [ CF53DCCE55E500F51089774E851E7363 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:47:06.0216 4388 SftService - ok
12:47:06.0219 4388 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
12:47:06.0229 4388 Sftvol - ok
12:47:06.0236 4388 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:47:06.0249 4388 sftvsa - ok
12:47:06.0263 4388 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:47:06.0287 4388 ShellHWDetection - ok
12:47:06.0295 4388 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:06.0308 4388 SiSRaid2 - ok
12:47:06.0317 4388 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:47:06.0329 4388 SiSRaid4 - ok
12:47:06.0369 4388 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:47:06.0392 4388 SkypeUpdate - ok
12:47:06.0406 4388 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:47:06.0454 4388 Smb - ok
12:47:06.0523 4388 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:47:06.0600 4388 SNMPTRAP - ok
12:47:06.0626 4388 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:47:06.0637 4388 spldr - ok
12:47:06.0703 4388 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
12:47:06.0752 4388 Spooler - ok
12:47:06.0964 4388 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
12:47:07.0070 4388 sppsvc - ok
12:47:07.0086 4388 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:47:07.0139 4388 sppuinotify - ok
12:47:07.0226 4388 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
12:47:07.0249 4388 sprtsvc_DellSupportCenter - ok
12:47:07.0310 4388 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:47:07.0375 4388 srv - ok
12:47:07.0402 4388 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:47:07.0423 4388 srv2 - ok
12:47:07.0477 4388 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:47:07.0514 4388 srvnet - ok
12:47:07.0561 4388 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:47:07.0628 4388 SSDPSRV - ok
12:47:07.0644 4388 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:47:07.0732 4388 SstpSvc - ok
12:47:07.0761 4388 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:47:07.0772 4388 stexstor - ok
12:47:07.0801 4388 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
12:47:07.0829 4388 stisvc - ok
12:47:07.0850 4388 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:47:07.0862 4388 swenum - ok
12:47:07.0877 4388 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:47:07.0922 4388 swprv - ok
12:47:07.0988 4388 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
12:47:08.0076 4388 SysMain - ok
12:47:08.0105 4388 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:47:08.0135 4388 TabletInputService - ok
12:47:08.0152 4388 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
12:47:08.0212 4388 TapiSrv - ok
12:47:08.0234 4388 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:47:08.0272 4388 TBS - ok
12:47:08.0335 4388 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:47:08.0426 4388 Tcpip - ok
12:47:08.0518 4388 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:47:08.0557 4388 TCPIP6 - ok
12:47:08.0579 4388 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:47:08.0627 4388 tcpipreg - ok
12:47:08.0646 4388 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:47:08.0673 4388 TDPIPE - ok
12:47:08.0700 4388 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:47:08.0738 4388 TDTCP - ok
12:47:08.0755 4388 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:47:08.0794 4388 tdx - ok
12:47:08.0914 4388 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
12:47:08.0953 4388 TeamViewer6 - ok
12:47:08.0969 4388 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:47:08.0980 4388 TermDD - ok
12:47:09.0146 4388 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
12:47:09.0211 4388 TermService - ok
12:47:09.0228 4388 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:47:09.0248 4388 Themes - ok
12:47:09.0251 4388 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:47:09.0287 4388 THREADORDER - ok
12:47:09.0304 4388 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:47:09.0351 4388 TrkWks - ok
12:47:09.0384 4388 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:47:09.0417 4388 TrustedInstaller - ok
12:47:09.0435 4388 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:09.0484 4388 tssecsrv - ok
12:47:09.0519 4388 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:47:09.0592 4388 tunnel - ok
12:47:09.0595 4388 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:47:09.0608 4388 uagp35 - ok
12:47:09.0633 4388 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:47:09.0665 4388 udfs - ok
12:47:09.0678 4388 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:47:09.0708 4388 UI0Detect - ok
12:47:09.0736 4388 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
12:47:09.0749 4388 uliagpkx - ok
12:47:09.0757 4388 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:47:09.0783 4388 umbus - ok
12:47:09.0792 4388 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:47:09.0814 4388 UmPass - ok
12:47:09.0833 4388 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:47:09.0876 4388 upnphost - ok
12:47:09.0924 4388 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:47:09.0951 4388 usbaudio - ok
12:47:09.0985 4388 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:10.0000 4388 usbccgp - ok
12:47:10.0015 4388 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:47:10.0047 4388 usbcir - ok
12:47:10.0057 4388 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:47:10.0072 4388 usbehci - ok
12:47:10.0088 4388 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:47:10.0106 4388 usbhub - ok
12:47:10.0138 4388 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:47:10.0162 4388 usbohci - ok
12:47:10.0183 4388 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:47:10.0199 4388 usbprint - ok
12:47:10.0212 4388 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:10.0258 4388 USBSTOR - ok
12:47:10.0284 4388 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:47:10.0298 4388 usbuhci - ok
12:47:10.0317 4388 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:47:10.0346 4388 usb_rndisx - ok
12:47:10.0362 4388 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:47:10.0402 4388 UxSms - ok
12:47:10.0412 4388 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
12:47:10.0426 4388 VaultSvc - ok
12:47:10.0460 4388 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
12:47:10.0479 4388 VClone - ok
12:47:10.0507 4388 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
12:47:10.0520 4388 vdrvroot - ok
12:47:10.0551 4388 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
12:47:10.0586 4388 vds - ok
12:47:10.0594 4388 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:10.0609 4388 vga - ok
12:47:10.0612 4388 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:47:10.0659 4388 VgaSave - ok
12:47:10.0674 4388 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
12:47:10.0689 4388 vhdmp - ok
12:47:10.0697 4388 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
12:47:10.0709 4388 viaide - ok
12:47:10.0712 4388 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
12:47:10.0724 4388 volmgr - ok
12:47:10.0735 4388 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:47:10.0752 4388 volmgrx - ok
12:47:10.0767 4388 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
12:47:10.0783 4388 volsnap - ok
12:47:10.0791 4388 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:10.0804 4388 vsmraid - ok
12:47:10.0833 4388 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
12:47:10.0880 4388 VSS - ok
12:47:10.0888 4388 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:47:10.0904 4388 vwifibus - ok
12:47:10.0928 4388 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:47:10.0970 4388 W32Time - ok
12:47:10.0981 4388 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:47:10.0994 4388 WacomPen - ok
12:47:11.0002 4388 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:47:11.0044 4388 WANARP - ok
12:47:11.0056 4388 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:47:11.0090 4388 Wanarpv6 - ok
12:47:11.0119 4388 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
12:47:11.0206 4388 wbengine - ok
12:47:11.0230 4388 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:47:11.0252 4388 WbioSrvc - ok
12:47:11.0286 4388 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:47:11.0328 4388 wcncsvc - ok
12:47:11.0340 4388 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:47:11.0355 4388 WcsPlugInService - ok
12:47:11.0365 4388 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:47:11.0377 4388 Wd - ok
12:47:11.0390 4388 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:47:11.0414 4388 Wdf01000 - ok
12:47:11.0417 4388 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:47:11.0461 4388 WdiServiceHost - ok
12:47:11.0465 4388 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:47:11.0485 4388 WdiSystemHost - ok
12:47:11.0520 4388 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
12:47:11.0566 4388 WebClient - ok
12:47:11.0590 4388 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:47:11.0629 4388 Wecsvc - ok
12:47:11.0640 4388 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:47:11.0684 4388 wercplsupport - ok
12:47:11.0702 4388 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:47:11.0782 4388 WerSvc - ok
12:47:11.0825 4388 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:11.0874 4388 WfpLwf - ok
12:47:11.0907 4388 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
12:47:11.0930 4388 WimFltr - ok
12:47:11.0942 4388 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:47:11.0954 4388 WIMMount - ok
12:47:11.0958 4388 WinHttpAutoProxySvc - ok
12:47:12.0005 4388 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:47:12.0057 4388 Winmgmt - ok
12:47:12.0105 4388 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
12:47:12.0206 4388 WinRM - ok
12:47:12.0276 4388 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:47:12.0310 4388 WinUsb - ok
12:47:12.0334 4388 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:47:12.0367 4388 Wlansvc - ok
12:47:12.0378 4388 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:47:12.0392 4388 WmiAcpi - ok
12:47:12.0410 4388 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:47:12.0435 4388 wmiApSrv - ok
12:47:12.0471 4388 WMPNetworkSvc - ok
12:47:12.0484 4388 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:47:12.0503 4388 WPCSvc - ok
12:47:12.0514 4388 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:47:12.0553 4388 WPDBusEnum - ok
12:47:12.0571 4388 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:47:12.0608 4388 ws2ifsl - ok
12:47:12.0612 4388 WSearch - ok
12:47:12.0686 4388 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:47:12.0787 4388 wuauserv - ok
12:47:12.0815 4388 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:47:12.0856 4388 WudfPf - ok
12:47:12.0879 4388 [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:12.0892 4388 WUDFRd - ok
12:47:12.0899 4388 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:47:12.0913 4388 wudfsvc - ok
12:47:12.0927 4388 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:47:12.0949 4388 WwanSvc - ok
12:47:12.0998 4388 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
12:47:13.0042 4388 xusb21 - ok
12:47:13.0050 4388 ================ Scan global ===============================
12:47:13.0084 4388 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:47:13.0116 4388 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:47:13.0130 4388 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:47:13.0157 4388 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:47:13.0197 4388 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
12:47:13.0206 4388 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
12:47:13.0206 4388 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
12:47:13.0207 4388 ================ Scan MBR ==================================
12:47:13.0216 4388 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:47:14.0923 4388 \Device\Harddisk0\DR0 - ok
12:47:14.0924 4388 ================ Scan VBR ==================================
12:47:14.0950 4388 [ BEA00DCBF8006F3636FAED8AE734EC9C ] \Device\Harddisk0\DR0\Partition1
12:47:14.0953 4388 \Device\Harddisk0\DR0\Partition1 - ok
12:47:14.0970 4388 [ C5607FC1FF18FD489ABB42F0AB937B58 ] \Device\Harddisk0\DR0\Partition2
12:47:14.0972 4388 \Device\Harddisk0\DR0\Partition2 - ok
12:47:14.0976 4388 ============================================================
12:47:14.0976 4388 Scan finished
12:47:14.0976 4388 ============================================================
12:47:14.0990 3644 Detected object count: 6
12:47:14.0990 3644 Actual detected object count: 6
12:47:45.0210 3644 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:45.0210 3644 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:45.0210 3644 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:45.0210 3644 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:45.0220 3644 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:45.0220 3644 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:45.0220 3644 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:45.0220 3644 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:45.0220 3644 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:45.0220 3644 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:45.0220 3644 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
12:47:45.0220 3644 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip


Und hier der aswMBR log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-08 12:53:36
-----------------------------
12:53:36.090 OS Version: Windows x64 6.1.7600
12:53:36.090 Number of processors: 4 586 0x2502
12:53:36.090 ComputerName: STEFFEN-PC UserName: Steffen
12:53:37.150 Initialize success
12:53:37.240 AVAST engine defs: 13090800
12:53:48.980 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:53:48.980 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
12:53:49.080 Disk 0 MBR read successfully
12:53:49.090 Disk 0 MBR scan
12:53:49.090 Disk 0 Windows 7 default MBR code
12:53:49.100 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 117 MB offset 63
12:53:49.110 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11718 MB offset 241664
12:53:49.110 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942032 MB offset 24240128
12:53:49.120 Disk 0 scanning C:\Windows\system32\drivers
12:53:56.730 Service scanning
12:54:08.070 Modules scanning
12:54:08.080 Disk 0 trace - called modules:
12:54:08.100 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:54:08.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b90060]
12:54:08.110 3 CLASSPNP.SYS[fffff8800190f43f] -> nt!IofCallDriver -> [0xfffffa8003aece40]
12:54:08.110 5 ACPI.sys[fffff88000ed8781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048f1060]
12:54:09.560 AVAST engine scan C:\Windows
12:54:13.120 AVAST engine scan C:\Windows\system32
12:55:00.298 File: C:\Windows\system32\services.exe **INFECTED** Win32:Patched-AKC [Trj]
12:55:56.102 AVAST engine scan C:\Windows\system32\drivers
12:56:05.002 AVAST engine scan C:\Users\Steffen
12:59:05.212 Disk 0 MBR has been saved successfully to "C:\Users\Steffen\Desktop\MBR.dat"
12:59:05.222 The log file has been saved successfully to "C:\Users\Steffen\Desktop\aswMBR.txt"
__________________

Alt 08.09.2013, 13:17   #4
DerJazzer
/// Malwareteam
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Ok, weiter gehts:

Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 2

Ein neues TDSSKiller-Log bitte.

Bitte poste in deiner nächsten Antwort
  • Combofix.txt
  • neues TDSSKiller-Log
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 08.09.2013, 15:44   #5
Eselzüchter
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Erstmal vielen Dank !

Leider finde ich keine Deaktivierungseinstellung bei Avast - sollte ich es deinstallieren? und wie siehts mit den gerade gedownloadeten programmen aus?

So, ich hab jetzt mal avast deaktiviert (Symbol in der taskleiste) und doch stand dran, dass der noch aktiv ist - ich hab jetzt trotzdem mal combofix laufen lassen...

Combofix log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-09-06.01 - Steffen 08.09.2013  16:23:22.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3959.2126 [GMT 2:00]
ausgeführt von:: c:\users\Steffen\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\0tbpw.pad
c:\users\Public\AlexaNSISPlugin.9708.dll
c:\users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Steffen\AppData\Roaming\AcroIEHelpe.txt
c:\users\Steffen\AppData\Roaming\Help\coredb\storage
c:\users\Steffen\AppData\Roaming\srvblck2.tmp
c:\users\Steffen\ia_remove.sh0555.tmp
c:\windows\Installer\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}\@
c:\windows\Installer\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}\U\00000001.@
c:\windows\Installer\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}\U\00000002.@
c:\windows\Installer\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}\U\80000000.@
c:\windows\Installer\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}\U\800000cb.@
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-08 bis 2013-09-08  ))))))))))))))))))))))))))))))
.
.
2013-09-08 14:28 . 2013-09-08 14:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-08 10:42 . 2013-09-08 10:42	--------	d-----w-	c:\users\Steffen\AppData\Local\avgchrome
2013-09-08 10:36 . 2013-09-08 10:36	--------	d-----w-	c:\program files (x86)\Delta
2013-09-08 10:36 . 2013-09-08 10:36	--------	d-----w-	c:\users\Steffen\AppData\Roaming\BabSolution
2013-09-08 10:35 . 2013-09-08 10:35	--------	d-----w-	c:\users\Steffen\AppData\Roaming\DSite
2013-09-08 10:35 . 2013-09-08 10:35	--------	d-----w-	c:\users\Steffen\AppData\Roaming\Babylon
2013-09-08 10:35 . 2013-09-08 10:35	--------	d-----w-	c:\program files (x86)\Image Converter
2013-09-08 08:09 . 2013-09-08 08:09	--------	d-----w-	c:\users\Steffen\AppData\Roaming\Malwarebytes
2013-09-08 08:09 . 2013-09-08 08:09	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-08 08:09 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-08 08:09 . 2013-09-08 08:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-08 08:09 . 2013-09-08 08:09	--------	d-----w-	c:\users\Steffen\AppData\Local\Programs
2013-09-07 14:15 . 2013-09-07 14:15	--------	d-----w-	c:\windows\system32\WDI
2013-09-07 13:46 . 2013-09-07 13:48	--------	d-----w-	c:\program files (x86)\Google
2013-09-07 13:46 . 2013-08-30 07:48	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-09-07 13:46 . 2013-08-30 07:48	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-09-07 13:46 . 2013-08-30 07:48	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-09-07 13:46 . 2013-08-30 07:48	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-09-07 13:46 . 2013-08-30 07:48	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-09-07 13:46 . 2013-08-30 07:48	204880	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-09-07 13:46 . 2013-08-30 07:48	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-09-07 13:46 . 2013-08-30 07:48	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-09-07 13:46 . 2013-08-30 07:47	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-09-07 13:45 . 2013-08-30 07:47	41664	----a-w-	c:\windows\avastSS.scr
2013-09-07 13:45 . 2013-09-07 13:45	--------	d-----w-	c:\program files\AVAST Software
2013-09-07 13:44 . 2013-09-07 13:45	--------	d-----w-	c:\programdata\AVAST Software
2013-09-05 20:45 . 2013-09-05 20:46	--------	d-----w-	c:\users\Steffen\AppData\Roaming\Origin
2013-09-05 20:45 . 2013-09-05 20:46	--------	d-----w-	c:\users\Steffen\AppData\Local\Origin
2013-09-05 20:32 . 2013-09-05 20:45	--------	d-----w-	c:\programdata\Origin
2013-09-05 20:32 . 2013-09-05 20:32	--------	d-----w-	c:\programdata\Electronic Arts
2013-09-05 20:32 . 2013-09-05 21:25	--------	d-----w-	c:\program files (x86)\Origin
2013-08-30 12:41 . 2013-09-02 20:07	--------	d-----w-	c:\users\Steffen\AppData\Roaming\TS3Client
2013-08-30 12:40 . 2013-08-30 12:40	--------	d-----w-	c:\users\Steffen\AppData\Local\TeamSpeak 3 Client
2013-08-22 14:53 . 2013-08-22 14:53	--------	d-----w-	c:\programdata\APN
2013-08-22 14:52 . 2013-09-07 13:42	--------	d-----w-	c:\programdata\Avira
2013-08-09 20:22 . 2013-08-09 20:22	--------	d-----w-	c:\program files (x86)\SilentMusicBand
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 14:14 . 2013-03-07 18:29	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-22 14:14 . 2011-12-07 13:19	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49	281760	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2013-03-27 1262328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-03-31 273544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-07 13:48	1177552	----a-w-	c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-07 14:14]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07 13:46]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07 13:46]
.
2013-09-08 c:\windows\Tasks\ReclaimerUpdateFiles_Steffen.job
- c:\users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 16:56]
.
2013-09-08 c:\windows\Tasks\ReclaimerUpdateXML_Steffen.job
- c:\users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 16:56]
.
2013-09-08 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Steffen.job
- c:\users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 16:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49	342176	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=485F0018E778AF21&affID=119357&tsp=4999
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=2&q=
FF - ExtSQL: 2013-09-07 15:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2013-02-01 17:28; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=485fba6f0000000000000018e778af21&q=
FF - user.js: extensions.BabylonToolbar.id - 485fba6f0000000000000018e778af21
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15721
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.214:20
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110231&tt=0313_2
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 485fba6f0000000000000018e778af21
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15956
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.612:36
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=4999
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-UpgradeHelper - c:\users\Steffen\AppData\Roaming\Google Inc.\{3A3CCEFE-B22F-4A59-82E8-57176D824BAF}\UpgradeHelper.exe
Toolbar-Locked - (no file)
WebBrowser-{A51A36E6-31E7-4838-9FF7-76298B527EC0} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-cmgpon - c:\users\Steffen\AppData\Roaming\cmgpon.dll
AddRemove-Amazon Browser Bar - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe
AddRemove-PokerStars.eu - c:\program files (x86)\PokerStars.EU\PokerStarsUninstall.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-08  16:30:04
ComboFix-quarantined-files.txt  2013-09-08 14:30
.
Vor Suchlauf: 16 Verzeichnis(se), 842.274.693.120 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 841.916.502.016 Bytes frei
.
- - End Of File - - 8F7C20EBC224339C4BDB30169E4FCF0C
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/CODE]

Hier der TDSSKiller log:

Code:
ATTFilter
16:43:18.0604 4828  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:43:19.0151 4828  ============================================================
16:43:19.0151 4828  Current date / time: 2013/09/08 16:43:19.0151
16:43:19.0151 4828  SystemInfo:
16:43:19.0151 4828  
16:43:19.0151 4828  OS Version: 6.1.7600 ServicePack: 0.0
16:43:19.0151 4828  Product type: Workstation
16:43:19.0152 4828  ComputerName: STEFFEN-PC
16:43:19.0152 4828  UserName: Steffen
16:43:19.0152 4828  Windows directory: C:\Windows
16:43:19.0152 4828  System windows directory: C:\Windows
16:43:19.0152 4828  Running under WOW64
16:43:19.0152 4828  Processor architecture: Intel x64
16:43:19.0152 4828  Number of processors: 4
16:43:19.0152 4828  Page size: 0x1000
16:43:19.0152 4828  Boot type: Normal boot
16:43:19.0152 4828  ============================================================
16:43:19.0974 4828  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:43:19.0995 4828  ============================================================
16:43:19.0995 4828  \Device\Harddisk0\DR0:
16:43:19.0996 4828  MBR partitions:
16:43:19.0996 4828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B000, BlocksNum 0x16E3000
16:43:19.0996 4828  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x171E000, BlocksNum 0x72FE8000
16:43:19.0996 4828  ============================================================
16:43:20.0013 4828  C: <-> \Device\Harddisk0\DR0\Partition2
16:43:20.0013 4828  ============================================================
16:43:20.0013 4828  Initialize success
16:43:20.0013 4828  ============================================================
16:43:25.0529 5252  ============================================================
16:43:25.0529 5252  Scan started
16:43:25.0529 5252  Mode: Manual; SigCheck; TDLFS; 
16:43:25.0529 5252  ============================================================
16:43:25.0940 5252  ================ Scan system memory ========================
16:43:25.0940 5252  System memory - ok
16:43:25.0941 5252  ================ Scan services =============================
16:43:26.0103 5252  [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:43:26.0159 5252  1394ohci - ok
16:43:26.0171 5252  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
16:43:26.0187 5252  ACPI - ok
16:43:26.0195 5252  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
16:43:26.0209 5252  AcpiPmi - ok
16:43:26.0277 5252  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:43:26.0295 5252  AdobeFlashPlayerUpdateSvc - ok
16:43:26.0316 5252  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:43:26.0335 5252  adp94xx - ok
16:43:26.0348 5252  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:43:26.0364 5252  adpahci - ok
16:43:26.0369 5252  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:43:26.0382 5252  adpu320 - ok
16:43:26.0405 5252  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:43:26.0441 5252  AeLookupSvc - ok
16:43:26.0488 5252  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
16:43:26.0526 5252  AFD - ok
16:43:26.0544 5252  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
16:43:26.0556 5252  agp440 - ok
16:43:26.0564 5252  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:43:26.0579 5252  ALG - ok
16:43:26.0590 5252  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
16:43:26.0600 5252  aliide - ok
16:43:26.0627 5252  [ 96C414816088D308D2E4C2BE069F4D51 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:43:26.0665 5252  AMD External Events Utility - ok
16:43:26.0668 5252  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
16:43:26.0678 5252  amdide - ok
16:43:26.0692 5252  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:43:26.0704 5252  AmdK8 - ok
16:43:26.0857 5252  [ 947F7DA98008A1DEDD944AEA2880E86D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:27.0075 5252  amdkmdag - ok
16:43:27.0095 5252  [ BB2A3789B7F0830665105A8ECE674AC8 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:43:27.0108 5252  amdkmdap - ok
16:43:27.0116 5252  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:43:27.0127 5252  AmdPPM - ok
16:43:27.0166 5252  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:43:27.0191 5252  amdsata - ok
16:43:27.0206 5252  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:43:27.0219 5252  amdsbs - ok
16:43:27.0228 5252  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:43:27.0238 5252  amdxata - ok
16:43:27.0249 5252  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
16:43:27.0265 5252  AppID - ok
16:43:27.0277 5252  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:43:27.0308 5252  AppIDSvc - ok
16:43:27.0312 5252  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
16:43:27.0327 5252  Appinfo - ok
16:43:27.0355 5252  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:43:27.0366 5252  arc - ok
16:43:27.0376 5252  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:43:27.0388 5252  arcsas - ok
16:43:27.0419 5252  aspnet_state - ok
16:43:27.0450 5252  [ A83C9C15680BB9E270ACF7172068E287 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
16:43:27.0470 5252  aswFsBlk - ok
16:43:27.0517 5252  [ 5C40B8D77EBEE1DE0E7A8CDD0CD75773 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:43:27.0530 5252  aswMonFlt - ok
16:43:27.0552 5252  [ 997F6977294B9ACB7F400431DF8E3A4A ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
16:43:27.0566 5252  aswRdr - ok
16:43:27.0588 5252  [ 286193DC28CFB4CEB8D378E20A0850A9 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
16:43:27.0601 5252  aswRvrt - ok
16:43:27.0643 5252  [ 58B93BA20D4693D0800D2B0A62B8059D ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:43:27.0673 5252  aswSnx - ok
16:43:27.0688 5252  [ EC7148DB4D126C81426A67602822E62C ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:43:27.0705 5252  aswSP - ok
16:43:27.0726 5252  [ 0E422E9CB7CD9C0AA6D4DFEAFA086EAA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
16:43:27.0737 5252  aswTdi - ok
16:43:27.0756 5252  [ 9FE455C916C656144B004E3EB48507CE ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
16:43:27.0771 5252  aswVmm - ok
16:43:27.0782 5252  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:27.0817 5252  AsyncMac - ok
16:43:27.0827 5252  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
16:43:27.0837 5252  atapi - ok
16:43:27.0863 5252  [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
16:43:27.0874 5252  AtiHdmiService - ok
16:43:27.0887 5252  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:43:27.0927 5252  AudioEndpointBuilder - ok
16:43:27.0938 5252  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:43:27.0976 5252  AudioSrv - ok
16:43:28.0040 5252  [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:43:28.0051 5252  avast! Antivirus - ok
16:43:28.0075 5252  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:43:28.0090 5252  AxInstSV - ok
16:43:28.0107 5252  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:43:28.0123 5252  b06bdrv - ok
16:43:28.0136 5252  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:43:28.0151 5252  b57nd60a - ok
16:43:28.0173 5252  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:43:28.0197 5252  BDESVC - ok
16:43:28.0211 5252  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:43:28.0244 5252  Beep - ok
16:43:28.0262 5252  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
16:43:28.0302 5252  BFE - ok
16:43:28.0341 5252  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
16:43:28.0397 5252  BITS - ok
16:43:28.0419 5252  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:43:28.0431 5252  blbdrive - ok
16:43:28.0501 5252  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:43:28.0542 5252  bowser - ok
16:43:28.0579 5252  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:43:28.0595 5252  BrFiltLo - ok
16:43:28.0606 5252  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:43:28.0628 5252  BrFiltUp - ok
16:43:28.0644 5252  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
16:43:28.0678 5252  BridgeMP - ok
16:43:28.0693 5252  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
16:43:28.0732 5252  Browser - ok
16:43:28.0745 5252  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:43:28.0759 5252  Brserid - ok
16:43:28.0767 5252  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:43:28.0781 5252  BrSerWdm - ok
16:43:28.0784 5252  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:43:28.0796 5252  BrUsbMdm - ok
16:43:28.0800 5252  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:43:28.0811 5252  BrUsbSer - ok
16:43:28.0818 5252  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:43:28.0832 5252  BTHMODEM - ok
16:43:28.0837 5252  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:43:28.0870 5252  bthserv - ok
16:43:28.0879 5252  catchme - ok
16:43:28.0893 5252  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:43:28.0929 5252  cdfs - ok
16:43:28.0938 5252  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:43:28.0951 5252  cdrom - ok
16:43:28.0968 5252  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:43:29.0002 5252  CertPropSvc - ok
16:43:29.0009 5252  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:43:29.0025 5252  circlass - ok
16:43:29.0042 5252  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:43:29.0057 5252  CLFS - ok
16:43:29.0082 5252  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:29.0095 5252  clr_optimization_v2.0.50727_32 - ok
16:43:29.0140 5252  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:43:29.0158 5252  clr_optimization_v2.0.50727_64 - ok
16:43:29.0227 5252  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:29.0248 5252  clr_optimization_v4.0.30319_32 - ok
16:43:29.0263 5252  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:43:29.0273 5252  clr_optimization_v4.0.30319_64 - ok
16:43:29.0276 5252  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:29.0288 5252  CmBatt - ok
16:43:29.0291 5252  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
16:43:29.0300 5252  cmdide - ok
16:43:29.0337 5252  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:43:29.0357 5252  CNG - ok
16:43:29.0361 5252  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:43:29.0371 5252  Compbatt - ok
16:43:29.0381 5252  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:43:29.0395 5252  CompositeBus - ok
16:43:29.0398 5252  COMSysApp - ok
16:43:29.0402 5252  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:43:29.0413 5252  crcdisk - ok
16:43:29.0449 5252  [ F02786B66375292E58C8777082D4396D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:43:29.0479 5252  CryptSvc - ok
16:43:29.0589 5252  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:43:29.0629 5252  cvhsvc - ok
16:43:29.0661 5252  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:43:29.0698 5252  DcomLaunch - ok
16:43:29.0704 5252  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:43:29.0739 5252  defragsvc - ok
16:43:29.0776 5252  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:43:29.0806 5252  DfsC - ok
16:43:29.0826 5252  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:43:29.0844 5252  Dhcp - ok
16:43:29.0847 5252  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:43:29.0881 5252  discache - ok
16:43:29.0885 5252  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:43:29.0895 5252  Disk - ok
16:43:29.0926 5252  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:43:29.0954 5252  Dnscache - ok
16:43:29.0992 5252  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:43:29.0997 5252  DockLoginService ( UnsignedFile.Multi.Generic ) - warning
16:43:29.0997 5252  DockLoginService - detected UnsignedFile.Multi.Generic (1)
16:43:30.0011 5252  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
16:43:30.0051 5252  dot3svc - ok
16:43:30.0063 5252  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
16:43:30.0103 5252  DPS - ok
16:43:30.0116 5252  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:43:30.0129 5252  drmkaud - ok
16:43:30.0179 5252  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:43:30.0209 5252  DXGKrnl - ok
16:43:30.0218 5252  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:43:30.0253 5252  EapHost - ok
16:43:30.0315 5252  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:43:30.0402 5252  ebdrv - ok
16:43:30.0436 5252  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
16:43:30.0464 5252  EFS - ok
16:43:30.0499 5252  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:43:30.0524 5252  ehRecvr - ok
16:43:30.0543 5252  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:43:30.0557 5252  ehSched - ok
16:43:30.0598 5252  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
16:43:30.0611 5252  ElbyCDIO - ok
16:43:30.0628 5252  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:43:30.0650 5252  elxstor - ok
16:43:30.0722 5252  [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
16:43:30.0732 5252  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
16:43:30.0732 5252  EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
16:43:30.0748 5252  [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
16:43:30.0758 5252  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
16:43:30.0758 5252  EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
16:43:30.0773 5252  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
16:43:30.0786 5252  ErrDev - ok
16:43:30.0801 5252  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:43:30.0840 5252  EventSystem - ok
16:43:30.0855 5252  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:43:30.0891 5252  exfat - ok
16:43:30.0896 5252  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:43:30.0928 5252  fastfat - ok
16:43:30.0948 5252  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
16:43:30.0972 5252  Fax - ok
16:43:30.0986 5252  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:43:30.0999 5252  fdc - ok
16:43:31.0009 5252  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:43:31.0043 5252  fdPHost - ok
16:43:31.0050 5252  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:43:31.0087 5252  FDResPub - ok
16:43:31.0097 5252  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:43:31.0109 5252  FileInfo - ok
16:43:31.0116 5252  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:43:31.0148 5252  Filetrace - ok
16:43:31.0157 5252  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:31.0168 5252  flpydisk - ok
16:43:31.0181 5252  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:43:31.0194 5252  FltMgr - ok
16:43:31.0215 5252  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
16:43:31.0247 5252  FontCache - ok
16:43:31.0263 5252  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:43:31.0271 5252  FontCache3.0.0.0 - ok
16:43:31.0280 5252  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:43:31.0290 5252  FsDepends - ok
16:43:31.0307 5252  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:43:31.0317 5252  Fs_Rec - ok
16:43:31.0354 5252  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:43:31.0370 5252  fvevol - ok
16:43:31.0382 5252  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:43:31.0394 5252  gagp30kx - ok
16:43:31.0413 5252  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
16:43:31.0438 5252  gpsvc - ok
16:43:31.0481 5252  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:43:31.0492 5252  gupdate - ok
16:43:31.0495 5252  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:43:31.0506 5252  gupdatem - ok
16:43:31.0522 5252  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:43:31.0535 5252  hcw85cir - ok
16:43:31.0561 5252  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:43:31.0578 5252  HDAudBus - ok
16:43:31.0599 5252  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:43:31.0609 5252  HECIx64 - ok
16:43:31.0612 5252  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:43:31.0626 5252  HidBatt - ok
16:43:31.0635 5252  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:43:31.0650 5252  HidBth - ok
16:43:31.0662 5252  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:43:31.0676 5252  HidIr - ok
16:43:31.0680 5252  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
16:43:31.0716 5252  hidserv - ok
16:43:31.0724 5252  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:43:31.0734 5252  HidUsb - ok
16:43:31.0747 5252  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:43:31.0780 5252  hkmsvc - ok
16:43:31.0796 5252  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:43:31.0816 5252  HomeGroupListener - ok
16:43:31.0828 5252  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:43:31.0843 5252  HomeGroupProvider - ok
16:43:31.0856 5252  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
16:43:31.0868 5252  HpSAMD - ok
16:43:31.0887 5252  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:43:31.0923 5252  HTCAND64 - ok
16:43:31.0957 5252  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
16:43:31.0975 5252  htcnprot - ok
16:43:32.0002 5252  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:43:32.0043 5252  HTTP - ok
16:43:32.0046 5252  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:43:32.0057 5252  hwpolicy - ok
16:43:32.0067 5252  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:43:32.0083 5252  i8042prt - ok
16:43:32.0117 5252  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:43:32.0134 5252  iaStorV - ok
16:43:32.0184 5252  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:43:32.0193 5252  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:43:32.0193 5252  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:43:32.0239 5252  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:43:32.0275 5252  idsvc - ok
16:43:32.0279 5252  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:43:32.0290 5252  iirsp - ok
16:43:32.0320 5252  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
16:43:32.0364 5252  IKEEXT - ok
16:43:32.0373 5252  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
16:43:32.0390 5252  Impcd - ok
16:43:32.0440 5252  [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:43:32.0506 5252  IntcAzAudAddService - ok
16:43:32.0532 5252  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:43:32.0555 5252  IntcDAud - ok
16:43:32.0564 5252  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
16:43:32.0574 5252  intelide - ok
16:43:32.0599 5252  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:43:32.0612 5252  intelppm - ok
16:43:32.0624 5252  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:43:32.0662 5252  IPBusEnum - ok
16:43:32.0671 5252  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:32.0708 5252  IpFilterDriver - ok
16:43:32.0755 5252  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:43:32.0805 5252  iphlpsvc - ok
16:43:32.0815 5252  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:43:32.0828 5252  IPMIDRV - ok
16:43:32.0841 5252  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:43:32.0874 5252  IPNAT - ok
16:43:32.0892 5252  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:43:32.0907 5252  IRENUM - ok
16:43:32.0919 5252  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
16:43:32.0929 5252  isapnp - ok
16:43:32.0942 5252  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:43:32.0956 5252  iScsiPrt - ok
16:43:32.0967 5252  [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
16:43:32.0982 5252  k57nd60a - ok
16:43:33.0006 5252  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:33.0018 5252  kbdclass - ok
16:43:33.0033 5252  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:43:33.0047 5252  kbdhid - ok
16:43:33.0061 5252  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
16:43:33.0074 5252  KeyIso - ok
16:43:33.0086 5252  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:43:33.0100 5252  KSecDD - ok
16:43:33.0123 5252  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:43:33.0135 5252  KSecPkg - ok
16:43:33.0140 5252  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:43:33.0172 5252  ksthunk - ok
16:43:33.0196 5252  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:43:33.0231 5252  KtmRm - ok
16:43:33.0264 5252  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:43:33.0288 5252  LanmanServer - ok
16:43:33.0311 5252  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:43:33.0351 5252  LanmanWorkstation - ok
16:43:33.0376 5252  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:43:33.0414 5252  lltdio - ok
16:43:33.0432 5252  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:43:33.0471 5252  lltdsvc - ok
16:43:33.0481 5252  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:43:33.0516 5252  lmhosts - ok
16:43:33.0530 5252  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:43:33.0542 5252  LSI_FC - ok
16:43:33.0555 5252  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:43:33.0568 5252  LSI_SAS - ok
16:43:33.0582 5252  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:43:33.0595 5252  LSI_SAS2 - ok
16:43:33.0605 5252  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:43:33.0617 5252  LSI_SCSI - ok
16:43:33.0627 5252  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:43:33.0662 5252  luafv - ok
16:43:33.0692 5252  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:43:33.0703 5252  MBAMProtector - ok
16:43:33.0725 5252  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:43:33.0738 5252  MBAMScheduler - ok
16:43:33.0774 5252  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:43:33.0792 5252  MBAMService - ok
16:43:33.0812 5252  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:43:33.0826 5252  Mcx2Svc - ok
16:43:33.0836 5252  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:43:33.0848 5252  megasas - ok
16:43:33.0861 5252  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:43:33.0877 5252  MegaSR - ok
16:43:33.0886 5252  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:43:33.0921 5252  MMCSS - ok
16:43:33.0937 5252  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:43:33.0971 5252  Modem - ok
16:43:33.0983 5252  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:43:33.0997 5252  monitor - ok
16:43:34.0008 5252  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:43:34.0019 5252  mouclass - ok
16:43:34.0035 5252  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:43:34.0046 5252  mouhid - ok
16:43:34.0060 5252  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:43:34.0071 5252  mountmgr - ok
16:43:34.0106 5252  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:43:34.0121 5252  MozillaMaintenance - ok
16:43:34.0133 5252  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
16:43:34.0148 5252  mpio - ok
16:43:34.0160 5252  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:43:34.0193 5252  mpsdrv - ok
16:43:34.0222 5252  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:43:34.0263 5252  MpsSvc - ok
16:43:34.0274 5252  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:43:34.0291 5252  MRxDAV - ok
16:43:34.0327 5252  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:34.0362 5252  mrxsmb - ok
16:43:34.0396 5252  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:34.0420 5252  mrxsmb10 - ok
16:43:34.0431 5252  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:34.0445 5252  mrxsmb20 - ok
16:43:34.0450 5252  [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
16:43:34.0461 5252  msahci - ok
16:43:34.0469 5252  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
16:43:34.0482 5252  msdsm - ok
16:43:34.0490 5252  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:43:34.0506 5252  MSDTC - ok
16:43:34.0527 5252  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:43:34.0562 5252  Msfs - ok
16:43:34.0575 5252  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:43:34.0610 5252  mshidkmdf - ok
16:43:34.0619 5252  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
16:43:34.0629 5252  msisadrv - ok
16:43:34.0654 5252  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:43:34.0694 5252  MSiSCSI - ok
16:43:34.0698 5252  msiserver - ok
16:43:34.0722 5252  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:43:34.0755 5252  MSKSSRV - ok
16:43:34.0767 5252  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:34.0800 5252  MSPCLOCK - ok
16:43:34.0804 5252  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:43:34.0837 5252  MSPQM - ok
16:43:34.0855 5252  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:43:34.0868 5252  MsRPC - ok
16:43:34.0882 5252  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:43:34.0891 5252  mssmbios - ok
16:43:34.0974 5252  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:43:35.0035 5252  MSTEE - ok
16:43:35.0041 5252  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:43:35.0052 5252  MTConfig - ok
16:43:35.0134 5252  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:43:35.0145 5252  Mup - ok
16:43:35.0201 5252  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
16:43:35.0257 5252  napagent - ok
16:43:35.0276 5252  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:43:35.0295 5252  NativeWifiP - ok
16:43:35.0324 5252  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:43:35.0349 5252  NDIS - ok
16:43:35.0357 5252  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:43:35.0390 5252  NdisCap - ok
16:43:35.0404 5252  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:35.0438 5252  NdisTapi - ok
16:43:35.0457 5252  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:35.0491 5252  Ndisuio - ok
16:43:35.0516 5252  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:35.0551 5252  NdisWan - ok
16:43:35.0567 5252  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:43:35.0600 5252  NDProxy - ok
16:43:35.0614 5252  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:43:35.0647 5252  NetBIOS - ok
16:43:35.0661 5252  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:43:35.0696 5252  NetBT - ok
16:43:35.0700 5252  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
16:43:35.0713 5252  Netlogon - ok
16:43:35.0738 5252  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:43:35.0775 5252  Netman - ok
16:43:35.0791 5252  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:43:35.0830 5252  netprofm - ok
16:43:35.0856 5252  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:35.0867 5252  NetTcpPortSharing - ok
16:43:35.0870 5252  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:43:35.0882 5252  nfrd960 - ok
16:43:35.0895 5252  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:43:35.0932 5252  NlaSvc - ok
16:43:35.0942 5252  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:43:35.0974 5252  Npfs - ok
16:43:35.0978 5252  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:43:36.0011 5252  nsi - ok
16:43:36.0017 5252  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:43:36.0050 5252  nsiproxy - ok
16:43:36.0108 5252  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:43:36.0144 5252  Ntfs - ok
16:43:36.0147 5252  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:43:36.0178 5252  Null - ok
16:43:36.0188 5252  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:43:36.0200 5252  nvraid - ok
16:43:36.0230 5252  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:43:36.0257 5252  nvstor - ok
16:43:36.0270 5252  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
16:43:36.0282 5252  nv_agp - ok
16:43:36.0289 5252  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:43:36.0302 5252  ohci1394 - ok
16:43:36.0338 5252  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:36.0350 5252  ose - ok
16:43:36.0444 5252  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:43:36.0579 5252  osppsvc - ok
16:43:36.0594 5252  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:43:36.0608 5252  p2pimsvc - ok
16:43:36.0622 5252  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:43:36.0638 5252  p2psvc - ok
16:43:36.0648 5252  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:43:36.0663 5252  Parport - ok
16:43:36.0695 5252  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:43:36.0706 5252  partmgr - ok
16:43:36.0748 5252  [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
16:43:36.0754 5252  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
16:43:36.0754 5252  PassThru Service - detected UnsignedFile.Multi.Generic (1)
16:43:36.0767 5252  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:43:36.0785 5252  PcaSvc - ok
16:43:36.0796 5252  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
16:43:36.0808 5252  pci - ok
16:43:36.0823 5252  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
16:43:36.0833 5252  pciide - ok
16:43:36.0841 5252  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:43:36.0855 5252  pcmcia - ok
16:43:36.0863 5252  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:43:36.0873 5252  pcw - ok
16:43:36.0893 5252  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:43:36.0932 5252  PEAUTH - ok
16:43:36.0973 5252  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:43:36.0991 5252  PerfHost - ok
16:43:37.0027 5252  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
16:43:37.0075 5252  pla - ok
16:43:37.0116 5252  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:43:37.0147 5252  PlugPlay - ok
16:43:37.0158 5252  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:43:37.0172 5252  PNRPAutoReg - ok
16:43:37.0185 5252  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:43:37.0198 5252  PNRPsvc - ok
16:43:37.0222 5252  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:43:37.0258 5252  PolicyAgent - ok
16:43:37.0277 5252  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:43:37.0314 5252  Power - ok
16:43:37.0401 5252  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:43:37.0446 5252  PptpMiniport - ok
16:43:37.0465 5252  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:43:37.0478 5252  Processor - ok
16:43:37.0534 5252  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
16:43:37.0573 5252  ProfSvc - ok
16:43:37.0576 5252  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:43:37.0590 5252  ProtectedStorage - ok
16:43:37.0595 5252  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:43:37.0629 5252  Psched - ok
16:43:37.0654 5252  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:43:37.0664 5252  PxHlpa64 - ok
16:43:37.0694 5252  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:43:37.0742 5252  ql2300 - ok
16:43:37.0754 5252  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:43:37.0767 5252  ql40xx - ok
16:43:37.0774 5252  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:43:37.0791 5252  QWAVE - ok
16:43:37.0794 5252  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:43:37.0809 5252  QWAVEdrv - ok
16:43:37.0819 5252  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:43:37.0853 5252  RasAcd - ok
16:43:37.0868 5252  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:43:37.0901 5252  RasAgileVpn - ok
16:43:37.0910 5252  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:43:37.0944 5252  RasAuto - ok
16:43:37.0955 5252  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:37.0988 5252  Rasl2tp - ok
16:43:37.0997 5252  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
16:43:38.0038 5252  RasMan - ok
16:43:38.0046 5252  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:38.0079 5252  RasPppoe - ok
16:43:38.0098 5252  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:43:38.0136 5252  RasSstp - ok
16:43:38.0155 5252  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:43:38.0198 5252  rdbss - ok
16:43:38.0203 5252  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:43:38.0216 5252  rdpbus - ok
16:43:38.0222 5252  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:38.0253 5252  RDPCDD - ok
16:43:38.0271 5252  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:43:38.0303 5252  RDPENCDD - ok
16:43:38.0308 5252  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:43:38.0341 5252  RDPREFMP - ok
16:43:38.0374 5252  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:43:38.0415 5252  RDPWD - ok
16:43:38.0429 5252  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:43:38.0442 5252  rdyboost - ok
16:43:38.0461 5252  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:43:38.0496 5252  RemoteAccess - ok
16:43:38.0504 5252  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:43:38.0540 5252  RemoteRegistry - ok
16:43:38.0552 5252  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:43:38.0586 5252  RpcEptMapper - ok
16:43:38.0600 5252  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:43:38.0613 5252  RpcLocator - ok
16:43:38.0626 5252  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
16:43:38.0666 5252  RpcSs - ok
16:43:38.0673 5252  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:43:38.0708 5252  rspndr - ok
16:43:38.0735 5252  [ 9269EF78A780A3161087DF1BEC117DC8 ] RTL85n64        C:\Windows\system32\DRIVERS\RTL85n64.sys
16:43:38.0753 5252  RTL85n64 - ok
16:43:38.0756 5252  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
16:43:38.0770 5252  SamSs - ok
16:43:38.0783 5252  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
16:43:38.0796 5252  sbp2port - ok
16:43:38.0810 5252  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:43:38.0845 5252  SCardSvr - ok
16:43:38.0853 5252  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:43:38.0884 5252  scfilter - ok
16:43:38.0926 5252  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
16:43:38.0963 5252  Schedule - ok
16:43:38.0992 5252  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:43:39.0025 5252  SCPolicySvc - ok
16:43:39.0041 5252  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:43:39.0068 5252  SDRSVC - ok
16:43:39.0071 5252  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:43:39.0104 5252  secdrv - ok
16:43:39.0116 5252  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
16:43:39.0153 5252  seclogon - ok
16:43:39.0159 5252  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
16:43:39.0199 5252  SENS - ok
16:43:39.0207 5252  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:43:39.0231 5252  SensrSvc - ok
16:43:39.0239 5252  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:43:39.0250 5252  Serenum - ok
16:43:39.0263 5252  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:43:39.0277 5252  Serial - ok
16:43:39.0290 5252  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:43:39.0303 5252  sermouse - ok
16:43:39.0315 5252  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
16:43:39.0352 5252  SessionEnv - ok
16:43:39.0366 5252  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
16:43:39.0389 5252  sffdisk - ok
16:43:39.0405 5252  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:43:39.0417 5252  sffp_mmc - ok
16:43:39.0427 5252  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
16:43:39.0440 5252  sffp_sd - ok
16:43:39.0450 5252  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:43:39.0465 5252  sfloppy - ok
16:43:39.0539 5252  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
16:43:39.0570 5252  Sftfs - ok
16:43:39.0621 5252  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:43:39.0650 5252  sftlist - ok
16:43:39.0665 5252  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:43:39.0679 5252  Sftplay - ok
16:43:39.0693 5252  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:43:39.0703 5252  Sftredir - ok
16:43:39.0762 5252  [ CF53DCCE55E500F51089774E851E7363 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:43:39.0781 5252  SftService - ok
16:43:39.0785 5252  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
16:43:39.0794 5252  Sftvol - ok
16:43:39.0808 5252  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:43:39.0820 5252  sftvsa - ok
16:43:39.0849 5252  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:43:39.0890 5252  SharedAccess - ok
16:43:39.0903 5252  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:43:39.0925 5252  ShellHWDetection - ok
16:43:39.0935 5252  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:43:39.0945 5252  SiSRaid2 - ok
16:43:39.0956 5252  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:43:39.0968 5252  SiSRaid4 - ok
16:43:40.0008 5252  [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:43:40.0030 5252  SkypeUpdate - ok
16:43:40.0045 5252  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:43:40.0080 5252  Smb - ok
16:43:40.0112 5252  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:43:40.0126 5252  SNMPTRAP - ok
16:43:40.0140 5252  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:43:40.0151 5252  spldr - ok
16:43:40.0190 5252  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
16:43:40.0210 5252  Spooler - ok
16:43:40.0263 5252  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:43:40.0307 5252  sppsvc - ok
16:43:40.0317 5252  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:43:40.0353 5252  sppuinotify - ok
16:43:40.0381 5252  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
16:43:40.0392 5252  sprtsvc_DellSupportCenter - ok
16:43:40.0433 5252  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:43:40.0465 5252  srv - ok
16:43:40.0484 5252  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:43:40.0499 5252  srv2 - ok
16:43:40.0532 5252  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:43:40.0545 5252  srvnet - ok
16:43:40.0566 5252  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:43:40.0605 5252  SSDPSRV - ok
16:43:40.0616 5252  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:43:40.0653 5252  SstpSvc - ok
16:43:40.0667 5252  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:43:40.0678 5252  stexstor - ok
16:43:40.0716 5252  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
16:43:40.0738 5252  stisvc - ok
16:43:40.0743 5252  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:43:40.0755 5252  swenum - ok
16:43:40.0808 5252  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:43:40.0850 5252  swprv - ok
16:43:40.0891 5252  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
16:43:40.0923 5252  SysMain - ok
16:43:40.0935 5252  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:43:40.0952 5252  TabletInputService - ok
16:43:40.0966 5252  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:43:41.0009 5252  TapiSrv - ok
16:43:41.0023 5252  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:43:41.0061 5252  TBS - ok
16:43:41.0116 5252  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:43:41.0158 5252  Tcpip - ok
16:43:41.0192 5252  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:43:41.0231 5252  TCPIP6 - ok
16:43:41.0244 5252  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:43:41.0278 5252  tcpipreg - ok
16:43:41.0286 5252  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:43:41.0309 5252  TDPIPE - ok
16:43:41.0322 5252  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:43:41.0335 5252  TDTCP - ok
16:43:41.0354 5252  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:43:41.0392 5252  tdx - ok
16:43:41.0506 5252  [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
16:43:41.0546 5252  TeamViewer6 - ok
16:43:41.0560 5252  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:43:41.0571 5252  TermDD - ok
16:43:41.0591 5252  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
16:43:41.0637 5252  TermService - ok
16:43:41.0644 5252  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:43:41.0663 5252  Themes - ok
16:43:41.0666 5252  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:43:41.0701 5252  THREADORDER - ok
16:43:41.0720 5252  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:43:41.0753 5252  TrkWks - ok
16:43:41.0783 5252  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:43:41.0796 5252  TrustedInstaller - ok
16:43:41.0826 5252  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:43:41.0859 5252  tssecsrv - ok
16:43:41.0875 5252  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:43:41.0909 5252  tunnel - ok
16:43:41.0912 5252  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:43:41.0923 5252  uagp35 - ok
16:43:41.0932 5252  [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:43:41.0954 5252  udfs - ok
16:43:41.0977 5252  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:43:41.0992 5252  UI0Detect - ok
16:43:42.0002 5252  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
16:43:42.0014 5252  uliagpkx - ok
16:43:42.0017 5252  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:43:42.0030 5252  umbus - ok
16:43:42.0041 5252  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:43:42.0053 5252  UmPass - ok
16:43:42.0066 5252  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:43:42.0107 5252  upnphost - ok
16:43:42.0148 5252  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:43:42.0162 5252  usbaudio - ok
16:43:42.0192 5252  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:43:42.0208 5252  usbccgp - ok
16:43:42.0222 5252  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
16:43:42.0241 5252  usbcir - ok
16:43:42.0245 5252  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:43:42.0256 5252  usbehci - ok
16:43:42.0270 5252  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:43:42.0283 5252  usbhub - ok
16:43:42.0304 5252  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:43:42.0316 5252  usbohci - ok
16:43:42.0340 5252  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:43:42.0357 5252  usbprint - ok
16:43:42.0369 5252  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:43:42.0383 5252  USBSTOR - ok
16:43:42.0391 5252  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:43:42.0404 5252  usbuhci - ok
16:43:42.0425 5252  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
16:43:42.0441 5252  usb_rndisx - ok
16:43:42.0444 5252  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:43:42.0482 5252  UxSms - ok
16:43:42.0485 5252  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
16:43:42.0497 5252  VaultSvc - ok
16:43:42.0517 5252  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
16:43:42.0541 5252  VClone - ok
16:43:42.0556 5252  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
16:43:42.0568 5252  vdrvroot - ok
16:43:42.0592 5252  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
16:43:42.0611 5252  vds - ok
16:43:42.0617 5252  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:43:42.0632 5252  vga - ok
16:43:42.0636 5252  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:43:42.0669 5252  VgaSave - ok
16:43:42.0681 5252  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
16:43:42.0695 5252  vhdmp - ok
16:43:42.0705 5252  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
16:43:42.0714 5252  viaide - ok
16:43:42.0720 5252  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
16:43:42.0731 5252  volmgr - ok
16:43:42.0750 5252  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:43:42.0765 5252  volmgrx - ok
16:43:42.0770 5252  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
16:43:42.0784 5252  volsnap - ok
16:43:42.0798 5252  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:43:42.0813 5252  vsmraid - ok
16:43:42.0840 5252  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
16:43:42.0870 5252  VSS - ok
16:43:42.0878 5252  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:43:42.0893 5252  vwifibus - ok
16:43:42.0919 5252  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:43:42.0956 5252  W32Time - ok
16:43:42.0963 5252  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:43:42.0976 5252  WacomPen - ok
16:43:42.0984 5252  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:43:43.0019 5252  WANARP - ok
16:43:43.0022 5252  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:43:43.0055 5252  Wanarpv6 - ok
16:43:43.0084 5252  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
16:43:43.0118 5252  wbengine - ok
16:43:43.0137 5252  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:43:43.0157 5252  WbioSrvc - ok
16:43:43.0184 5252  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:43:43.0208 5252  wcncsvc - ok
16:43:43.0215 5252  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:43:43.0248 5252  WcsPlugInService - ok
16:43:43.0264 5252  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:43:43.0275 5252  Wd - ok
16:43:43.0289 5252  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:43:43.0307 5252  Wdf01000 - ok
16:43:43.0310 5252  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:43:43.0329 5252  WdiServiceHost - ok
16:43:43.0333 5252  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:43:43.0351 5252  WdiSystemHost - ok
16:43:43.0385 5252  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
16:43:43.0414 5252  WebClient - ok
16:43:43.0430 5252  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:43:43.0470 5252  Wecsvc - ok
16:43:43.0480 5252  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:43:43.0518 5252  wercplsupport - ok
16:43:43.0542 5252  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:43:43.0581 5252  WerSvc - ok
16:43:43.0590 5252  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:43:43.0625 5252  WfpLwf - ok
16:43:43.0643 5252  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
16:43:43.0656 5252  WimFltr - ok
16:43:43.0666 5252  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:43:43.0676 5252  WIMMount - ok
16:43:43.0684 5252  WinDefend - ok
16:43:43.0687 5252  WinHttpAutoProxySvc - ok
16:43:43.0720 5252  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:43:43.0774 5252  Winmgmt - ok
16:43:43.0814 5252  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:43:43.0878 5252  WinRM - ok
16:43:43.0941 5252  [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:43:43.0980 5252  WinUsb - ok
16:43:44.0008 5252  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:43:44.0036 5252  Wlansvc - ok
16:43:44.0044 5252  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:43:44.0058 5252  WmiAcpi - ok
16:43:44.0075 5252  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:43:44.0090 5252  wmiApSrv - ok
16:43:44.0112 5252  WMPNetworkSvc - ok
16:43:44.0124 5252  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:43:44.0172 5252  WPCSvc - ok
16:43:44.0188 5252  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:43:44.0206 5252  WPDBusEnum - ok
16:43:44.0220 5252  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:43:44.0264 5252  ws2ifsl - ok
16:43:44.0291 5252  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
16:43:44.0312 5252  wscsvc - ok
16:43:44.0314 5252  WSearch - ok
16:43:44.0384 5252  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:43:44.0427 5252  wuauserv - ok
16:43:44.0438 5252  [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:43:44.0451 5252  WudfPf - ok
16:43:44.0469 5252  [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:43:44.0482 5252  WUDFRd - ok
16:43:44.0489 5252  [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:43:44.0504 5252  wudfsvc - ok
16:43:44.0518 5252  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:43:44.0537 5252  WwanSvc - ok
16:43:44.0572 5252  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
16:43:44.0590 5252  xusb21 - ok
16:43:44.0596 5252  ================ Scan global ===============================
16:43:44.0616 5252  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:43:44.0648 5252  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:43:44.0656 5252  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:43:44.0681 5252  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:43:44.0721 5252  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:43:44.0729 5252  [Global] - ok
16:43:44.0730 5252  ================ Scan MBR ==================================
16:43:44.0749 5252  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:43:45.0014 5252  \Device\Harddisk0\DR0 - ok
16:43:45.0014 5252  ================ Scan VBR ==================================
16:43:45.0017 5252  [ BEA00DCBF8006F3636FAED8AE734EC9C ] \Device\Harddisk0\DR0\Partition1
16:43:45.0020 5252  \Device\Harddisk0\DR0\Partition1 - ok
16:43:45.0052 5252  [ C5607FC1FF18FD489ABB42F0AB937B58 ] \Device\Harddisk0\DR0\Partition2
16:43:45.0054 5252  \Device\Harddisk0\DR0\Partition2 - ok
16:43:45.0055 5252  ============================================================
16:43:45.0056 5252  Scan finished
16:43:45.0056 5252  ============================================================
16:43:45.0065 0940  Detected object count: 5
16:43:45.0065 0940  Actual detected object count: 5
16:43:48.0223 0940  DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:48.0223 0940  DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:43:48.0224 0940  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:48.0224 0940  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:43:48.0226 0940  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:48.0226 0940  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:43:48.0227 0940  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:48.0227 0940  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:43:48.0228 0940  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:48.0228 0940  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 09.09.2013, 17:10   #6
DerJazzer
/// Malwareteam
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Werden die Meldungen von Avast! noch angezeigt?

Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 3

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Bitte poste in deiner nächsten Antwort
  • adwCleaner-Log
  • JRT.txt
  • FRST.txt & Addition.txt
__________________
--> einer/mehrere trojaner services.exe/system 32

Alt 10.09.2013, 18:29   #7
Eselzüchter
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Also mir hats angezeigt, dass Avast! noch läuft, obwohl ich es deaktiviert hatte. Du hast ja gemeint, dass es gut vorkommen kann, da hab ich es mal laufen lassen...=o

Hab dir jetzt mal 3 logs in den Anhang gehängt und den letzten post ich einfach hier:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Steffen (administrator) on STEFFEN-PC on 10-09-2013 19:17:37
Running from C:\Users\Steffen\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Dropbox, Inc.) C:\Users\Steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [cmgpon] - rundll32.exe "C:\Users\Steffen\AppData\Roaming\cmgpon.dll",ADeviceStopPlay <===== ATTENTION
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1262328 2013-03-27] (Bogdan Sharkov)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-03-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {9E4A70D2-5A2D-49DB-B6E6-8F6888291E60} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3C7C971C-2BFD-4FAF-9008-28BC1A3E2755} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {A51A36E6-31E7-4838-9FF7-76298B527EC0} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default\searchplugins\amazon-distro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: abb - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default\Extensions\abb@amazon.com.xpi
FF Extension: No Name - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0
CHR Extension: (Skype Click to Call) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 19:17 - 2013-09-10 19:17 - 00000000 ____D C:\FRST
2013-09-10 18:39 - 2013-09-10 18:39 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 18:37 - 2013-09-10 18:37 - 01029490 _____ (Thisisu) C:\Users\Steffen\Desktop\JRT.exe
2013-09-10 18:35 - 2013-09-10 18:35 - 00034904 _____ C:\Users\Steffen\Desktop\AdwCleaner[S0].txt
2013-09-10 18:19 - 2013-09-10 18:31 - 00000000 ____D C:\AdwCleaner
2013-09-10 18:19 - 2013-09-10 18:19 - 01037278 _____ C:\Users\Steffen\Desktop\adwcleaner.exe
2013-09-10 17:15 - 2013-09-10 17:15 - 00001427 _____ C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-10 00:23 - 2013-09-10 00:23 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 00:23 - 2013-09-10 00:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 00:23 - 2013-09-10 00:23 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-10 00:23 - 2013-09-10 00:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-10 00:23 - 2013-09-10 00:23 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-10 00:23 - 2013-09-10 00:23 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-10 00:23 - 2013-09-10 00:23 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-10 00:23 - 2013-09-10 00:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-10 00:23 - 2013-09-10 00:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-10 00:23 - 2013-09-10 00:23 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-10 00:23 - 2013-09-10 00:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-10 00:22 - 2013-09-10 00:22 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-10 00:19 - 2013-09-10 00:28 - 00011789 _____ C:\Windows\IE10_main.log
2013-09-09 23:00 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-09 23:00 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-09 23:00 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-09 22:59 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 22:59 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-09 22:59 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 22:59 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-09 22:59 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 22:59 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 22:59 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 22:59 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 22:59 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 22:59 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-09 22:59 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-09 22:59 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-09 22:59 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-09 22:59 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-09 22:59 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-09 22:59 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-09-09 22:59 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-09 22:59 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-09 22:59 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-09 22:59 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-09 22:59 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-09 22:59 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-09 22:59 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-09 22:59 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-09 22:59 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-09-09 22:59 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-09 22:59 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-09-09 22:59 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-09-09 22:59 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-09 22:59 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-09-09 22:58 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 22:58 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-09 22:58 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-09-09 22:58 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-09 22:58 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-09-09 22:58 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-09-09 22:58 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-09-09 22:58 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-09 22:58 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-09-09 22:58 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-09-09 22:57 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 22:57 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 22:57 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-09 22:57 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-09 22:57 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-09-09 22:57 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-09-09 22:57 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-09 22:57 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-09-09 22:57 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-09 22:57 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-09-09 22:57 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-09 22:56 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-09-09 22:56 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-08 23:55 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-08 23:55 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-08 23:55 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-08 23:55 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-08 23:43 - 2013-09-08 23:43 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-08 23:42 - 2013-09-08 23:42 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-08 23:40 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-08 23:40 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-08 23:40 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-09-08 23:40 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-09-08 23:40 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-08 23:40 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-08 23:40 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-08 23:40 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-08 23:40 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-08 23:40 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-08 23:40 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-08 23:40 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-08 23:38 - 2013-09-08 23:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-08 23:38 - 2013-09-08 23:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-08 23:37 - 2013-09-08 23:37 - 00266464 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-08 16:30 - 2013-09-08 16:30 - 00025564 _____ C:\ComboFix.txt
2013-09-08 15:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-08 15:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-08 15:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-08 15:39 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-08 15:39 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-08 15:39 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-08 15:39 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-08 15:39 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-08 15:39 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-08 15:38 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-08 15:38 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-09-08 15:38 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-08 15:38 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-08 15:38 - 2013-01-04 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-08 15:38 - 2013-01-04 04:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-08 15:38 - 2013-01-04 04:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-08 15:38 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-08 15:38 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-09-08 15:38 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-08 15:38 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-09-08 15:38 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-08 15:38 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-09-08 15:38 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-09-08 15:38 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-09-08 15:38 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2013-09-08 15:38 - 2010-11-20 14:58 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2013-09-08 15:38 - 2010-11-20 13:57 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-09-08 15:37 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-08 15:37 - 2013-01-04 04:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-08 15:37 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-08 15:37 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-09-08 15:37 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-09-08 15:37 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-09-08 15:37 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-09-08 15:37 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-09-08 15:37 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-08 15:37 - 2012-11-30 07:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-08 15:37 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-08 15:37 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-08 15:37 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-08 15:37 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-08 15:37 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-08 15:37 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-08 15:37 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-09-08 15:37 - 2012-11-30 01:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-09-08 15:37 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-09-08 15:37 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-09-08 15:37 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-08 15:37 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-08 15:37 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-09-08 15:36 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-08 15:36 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-08 15:36 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-08 15:36 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-09-08 15:36 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-08 15:36 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-09-08 15:36 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-08 15:36 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-09-08 15:36 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-09-08 15:36 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-09-08 15:36 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-09-08 15:36 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-09-08 15:36 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-09-08 15:36 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-09-08 15:36 - 2010-11-20 15:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2013-09-08 15:35 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-08 15:35 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-08 15:35 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-08 15:35 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-08 15:35 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-09-08 15:35 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-09-08 15:20 - 2013-09-10 18:33 - 00003348 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3120661840-2489062267-4010830669-1001
2013-09-08 15:20 - 2013-09-10 18:33 - 00003218 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3120661840-2489062267-4010830669-1001
2013-09-08 14:23 - 2013-09-08 16:30 - 00000000 ____D C:\Qoobox
2013-09-08 14:23 - 2013-09-08 16:28 - 00000000 ____D C:\Windows\erdnt
2013-09-08 14:22 - 2013-09-08 14:22 - 05120615 ____R (Swearware) C:\Users\Steffen\Desktop\ComboFix.exe
2013-09-08 13:35 - 2013-09-08 13:35 - 00000052 _____ C:\Users\Steffen\AppData\Roaming\WB.CFG
2013-09-08 13:35 - 2013-09-08 13:35 - 00000005 _____ C:\Users\Steffen\AppData\Roaming\WBPU-TTL.DAT
2013-09-08 12:59 - 2013-09-08 12:59 - 00002044 _____ C:\Users\Steffen\Desktop\aswMBR.txt
2013-09-08 12:59 - 2013-09-08 12:59 - 00000512 _____ C:\Users\Steffen\Desktop\MBR.dat
2013-09-08 12:51 - 2013-09-08 12:51 - 04745728 _____ (AVAST Software) C:\Users\Steffen\Desktop\aswMBR.exe
2013-09-08 12:45 - 2013-09-08 12:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Steffen\Desktop\tdsskiller.exe
2013-09-08 12:42 - 2013-09-08 12:42 - 00000000 ____D C:\Users\Steffen\AppData\Local\avgchrome
2013-09-08 12:35 - 2013-09-08 12:35 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-08 12:33 - 2013-09-08 12:33 - 00714576 _____ C:\Users\Steffen\Downloads\ImageEditorSetup.exe
2013-09-08 11:09 - 2013-09-08 11:09 - 00000000 _____ C:\Windows\system32\atiicdxx.dat
2013-09-08 10:09 - 2013-09-08 10:09 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Malwarebytes
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 10:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-08 10:08 - 2013-09-08 10:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Steffen\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-07 15:48 - 2013-09-07 15:48 - 00002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 15:46 - 2013-09-10 18:56 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 15:46 - 2013-09-10 18:35 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-07 15:46 - 2013-09-10 18:33 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 15:46 - 2013-09-07 15:51 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 15:46 - 2013-09-07 15:51 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-07 15:46 - 2013-09-07 15:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 15:46 - 2013-09-07 15:46 - 00001924 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 15:46 - 2013-09-07 15:46 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-07 15:46 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-07 15:46 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-07 15:45 - 2013-09-07 15:45 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 15:45 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-07 15:44 - 2013-09-07 15:45 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 15:43 - 2013-09-07 15:44 - 131918888 _____ C:\Users\Steffen\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-05 22:45 - 2013-09-05 22:46 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Origin
2013-09-05 22:45 - 2013-09-05 22:46 - 00000000 ____D C:\Users\Steffen\AppData\Local\Origin
2013-09-05 22:32 - 2013-09-05 23:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-05 22:32 - 2013-09-05 22:45 - 00000000 ____D C:\ProgramData\Origin
2013-09-05 22:32 - 2013-09-05 22:32 - 00000945 _____ C:\Users\Public\Desktop\Origin.lnk
2013-09-05 22:32 - 2013-09-05 22:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-05 22:29 - 2013-09-05 22:30 - 16949160 _____ (Electronic Arts, Inc.) C:\Users\Steffen\Downloads\OriginThinSetup.exe
2013-09-04 23:23 - 2013-09-10 18:33 - 00000384 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Steffen.job
2013-09-04 23:23 - 2013-09-08 11:10 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Steffen.job
2013-09-04 23:23 - 2013-09-08 10:21 - 00002980 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Steffen
2013-09-04 23:23 - 2013-09-04 23:23 - 00003624 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Steffen
2013-09-04 23:23 - 2013-09-04 23:23 - 00002684 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Steffen
2013-09-04 23:22 - 2013-09-08 10:21 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Steffen
2013-09-04 23:22 - 2013-09-08 10:21 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Steffen.job
2013-08-30 14:41 - 2013-09-02 22:07 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\TS3Client
2013-08-30 14:40 - 2013-08-30 14:40 - 00001223 _____ C:\Users\Steffen\Desktop\TeamSpeak 3 Client.lnk
2013-08-30 14:40 - 2013-08-30 14:40 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-08-30 14:40 - 2013-08-30 14:40 - 00000000 ____D C:\Users\Steffen\AppData\Local\TeamSpeak 3 Client
2013-08-30 14:39 - 2013-08-30 14:39 - 33856880 _____ (TeamSpeak Systems GmbH) C:\Users\Steffen\Downloads\TeamSpeak3-Client-win32-3.0.11.1.exe
2013-08-22 16:52 - 2013-09-07 15:42 - 00000000 ____D C:\ProgramData\Avira
2013-08-22 16:50 - 2013-08-22 16:51 - 110344048 _____ C:\Users\Steffen\Downloads\avira_free4045_antivirus_de.exe
2013-08-18 16:27 - 2013-09-08 14:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-10 19:17 - 2013-09-10 19:17 - 01949196 _____ (Farbar) C:\Users\Steffen\Desktop\FRST64.exe
2013-09-10 19:17 - 2013-09-10 19:17 - 00000000 ____D C:\FRST
2013-09-10 18:56 - 2013-09-07 15:46 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 18:41 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 18:41 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 18:39 - 2013-09-10 18:39 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 18:39 - 2009-07-14 19:58 - 00665070 _____ C:\Windows\system32\perfh007.dat
2013-09-10 18:39 - 2009-07-14 19:58 - 00134980 _____ C:\Windows\system32\perfc007.dat
2013-09-10 18:39 - 2009-07-14 07:13 - 01529292 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 18:37 - 2013-09-10 18:37 - 01029490 _____ (Thisisu) C:\Users\Steffen\Desktop\JRT.exe
2013-09-10 18:37 - 2009-07-14 07:10 - 01184281 _____ C:\Windows\WindowsUpdate.log
2013-09-10 18:35 - 2013-09-10 18:35 - 00034904 _____ C:\Users\Steffen\Desktop\AdwCleaner[S0].txt
2013-09-10 18:35 - 2013-09-07 15:46 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-10 18:35 - 2012-06-26 23:11 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Dropbox
2013-09-10 18:34 - 2012-12-04 20:32 - 00000000 ___RD C:\Users\Steffen\Dropbox
2013-09-10 18:34 - 2011-01-08 22:52 - 00000000 ____D C:\Users\Steffen\AppData\Local\SoftThinks
2013-09-10 18:34 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-09-10 18:33 - 2013-09-08 15:20 - 00003348 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3120661840-2489062267-4010830669-1001
2013-09-10 18:33 - 2013-09-08 15:20 - 00003218 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3120661840-2489062267-4010830669-1001
2013-09-10 18:33 - 2013-09-07 15:46 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 18:33 - 2013-09-04 23:23 - 00000384 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Steffen.job
2013-09-10 18:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 18:32 - 2009-07-14 06:51 - 00076022 _____ C:\Windows\setupact.log
2013-09-10 18:31 - 2013-09-10 18:19 - 00000000 ____D C:\AdwCleaner
2013-09-10 18:29 - 2013-03-07 20:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 18:28 - 2011-02-23 22:36 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Skype
2013-09-10 18:19 - 2013-09-10 18:19 - 01037278 _____ C:\Users\Steffen\Desktop\adwcleaner.exe
2013-09-10 17:16 - 2011-01-08 22:56 - 00000000 ___RD C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-10 17:16 - 2011-01-08 22:52 - 00000000 ___RD C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-10 17:15 - 2013-09-10 17:15 - 00001427 _____ C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-10 16:44 - 2009-07-14 06:45 - 00297248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-10 16:38 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-10 16:38 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-10 16:38 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-10 00:28 - 2013-09-10 00:19 - 00011789 _____ C:\Windows\IE10_main.log
2013-09-10 00:23 - 2013-09-10 00:23 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 00:23 - 2013-09-10 00:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 00:23 - 2013-09-10 00:23 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-10 00:23 - 2013-09-10 00:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-10 00:23 - 2013-09-10 00:23 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-10 00:23 - 2013-09-10 00:23 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-10 00:23 - 2013-09-10 00:23 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-10 00:23 - 2013-09-10 00:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-10 00:23 - 2013-09-10 00:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-10 00:23 - 2013-09-10 00:23 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-10 00:23 - 2013-09-10 00:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-10 00:22 - 2013-09-10 00:22 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-09 22:40 - 2011-01-08 22:52 - 00065168 _____ C:\Users\Steffen\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-09 22:38 - 2010-09-17 10:04 - 00195518 _____ C:\Windows\PFRO.log
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sppui
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\manifeststore
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-09 22:26 - 2009-07-14 04:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2013-09-09 22:26 - 2009-07-14 04:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-09-08 23:43 - 2013-09-08 23:43 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-08 23:42 - 2013-09-08 23:42 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-08 23:39 - 2010-09-17 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-08 23:39 - 2010-09-17 10:27 - 00000000 ____D C:\ProgramData\Skype
2013-09-08 23:38 - 2013-09-08 23:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-08 23:38 - 2013-09-08 23:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-08 23:37 - 2013-09-08 23:37 - 00266464 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-08 16:30 - 2013-09-08 16:30 - 00025564 _____ C:\ComboFix.txt
2013-09-08 16:30 - 2013-09-08 14:23 - 00000000 ____D C:\Qoobox
2013-09-08 16:30 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-08 16:28 - 2013-09-08 14:23 - 00000000 ____D C:\Windows\erdnt
2013-09-08 16:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-08 16:08 - 2011-01-08 22:52 - 00000000 ____D C:\Users\Steffen
2013-09-08 15:19 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-08 14:35 - 2013-08-18 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-08 14:22 - 2013-09-08 14:22 - 05120615 ____R (Swearware) C:\Users\Steffen\Desktop\ComboFix.exe
2013-09-08 13:35 - 2013-09-08 13:35 - 00000052 _____ C:\Users\Steffen\AppData\Roaming\WB.CFG
2013-09-08 13:35 - 2013-09-08 13:35 - 00000005 _____ C:\Users\Steffen\AppData\Roaming\WBPU-TTL.DAT
2013-09-08 12:59 - 2013-09-08 12:59 - 00002044 _____ C:\Users\Steffen\Desktop\aswMBR.txt
2013-09-08 12:59 - 2013-09-08 12:59 - 00000512 _____ C:\Users\Steffen\Desktop\MBR.dat
2013-09-08 12:51 - 2013-09-08 12:51 - 04745728 _____ (AVAST Software) C:\Users\Steffen\Desktop\aswMBR.exe
2013-09-08 12:45 - 2013-09-08 12:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Steffen\Desktop\tdsskiller.exe
2013-09-08 12:42 - 2013-09-08 12:42 - 00000000 ____D C:\Users\Steffen\AppData\Local\avgchrome
2013-09-08 12:37 - 2010-09-17 10:12 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-09-08 12:35 - 2013-09-08 12:35 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-08 12:33 - 2013-09-08 12:33 - 00714576 _____ C:\Users\Steffen\Downloads\ImageEditorSetup.exe
2013-09-08 11:10 - 2013-09-04 23:23 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Steffen.job
2013-09-08 11:09 - 2013-09-08 11:09 - 00000000 _____ C:\Windows\system32\atiicdxx.dat
2013-09-08 10:21 - 2013-09-04 23:23 - 00002980 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Steffen
2013-09-08 10:21 - 2013-09-04 23:22 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Steffen
2013-09-08 10:21 - 2013-09-04 23:22 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Steffen.job
2013-09-08 10:09 - 2013-09-08 10:09 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Malwarebytes
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 10:08 - 2013-09-08 10:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Steffen\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-08 08:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-09-07 15:51 - 2013-09-07 15:46 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 15:51 - 2013-09-07 15:46 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-07 15:49 - 2011-02-23 22:37 - 00000000 ____D C:\Users\Steffen\AppData\Local\Google
2013-09-07 15:48 - 2013-09-07 15:48 - 00002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 15:48 - 2013-09-07 15:46 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 15:46 - 2013-09-07 15:46 - 00001924 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 15:46 - 2013-09-07 15:46 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-07 15:45 - 2013-09-07 15:45 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 15:45 - 2013-09-07 15:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 15:44 - 2013-09-07 15:43 - 131918888 _____ C:\Users\Steffen\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-07 15:42 - 2013-08-22 16:52 - 00000000 ____D C:\ProgramData\Avira
2013-09-05 23:25 - 2013-09-05 22:32 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-05 22:46 - 2013-09-05 22:45 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Origin
2013-09-05 22:46 - 2013-09-05 22:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\Origin
2013-09-05 22:45 - 2013-09-05 22:32 - 00000000 ____D C:\ProgramData\Origin
2013-09-05 22:32 - 2013-09-05 22:32 - 00000945 _____ C:\Users\Public\Desktop\Origin.lnk
2013-09-05 22:32 - 2013-09-05 22:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-05 22:30 - 2013-09-05 22:29 - 16949160 _____ (Electronic Arts, Inc.) C:\Users\Steffen\Downloads\OriginThinSetup.exe
2013-09-04 23:23 - 2013-09-04 23:23 - 00003624 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Steffen
2013-09-04 23:23 - 2013-09-04 23:23 - 00002684 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Steffen
2013-09-02 22:07 - 2013-08-30 14:41 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\TS3Client
2013-08-30 14:40 - 2013-08-30 14:40 - 00001223 _____ C:\Users\Steffen\Desktop\TeamSpeak 3 Client.lnk
2013-08-30 14:40 - 2013-08-30 14:40 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-08-30 14:40 - 2013-08-30 14:40 - 00000000 ____D C:\Users\Steffen\AppData\Local\TeamSpeak 3 Client
2013-08-30 14:39 - 2013-08-30 14:39 - 33856880 _____ (TeamSpeak Systems GmbH) C:\Users\Steffen\Downloads\TeamSpeak3-Client-win32-3.0.11.1.exe
2013-08-30 13:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-30 09:48 - 2013-09-07 15:46 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-07 15:46 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-07 15:45 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-28 12:57 - 2012-06-08 01:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-23 17:26 - 2012-08-29 18:48 - 00000024 _____ C:\Users\Steffen\random.dat
2013-08-23 17:04 - 2011-10-25 16:38 - 00000032 _____ C:\Users\Steffen\jagex_cl_runescape_LIVE.dat
2013-08-22 16:51 - 2013-08-22 16:50 - 110344048 _____ C:\Users\Steffen\Downloads\avira_free4045_antivirus_de.exe
2013-08-22 16:15 - 2013-03-07 20:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-22 16:14 - 2013-03-07 20:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-22 16:14 - 2011-12-07 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Users\Steffen\AppData\Local\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}
C:\Users\Steffen\AppData\Local\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}\@

Files to move or delete:
====================
C:\ProgramData\4r3wi8.dat
C:\Users\Steffen\cache.dat
C:\Users\Steffen\jagex_cl_oldschool_LIVE.dat
C:\Users\Steffen\jagex_cl_runescape_LIVE.dat
C:\Users\Steffen\jagex_cl_runescape_LIVE1.dat
C:\Users\Steffen\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Steffen\jagex_runescape_preferences.dat
C:\Users\Steffen\jagex_runescape_preferences2.dat
C:\Users\Steffen\random.dat
C:\Users\Steffen\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 13:47

==================== End Of Log ============================
         
--- --- ---

--- --- ---


So, ich hoffe es ist nicht zu unübersichtlich, vielen Dank schonmal
Angehängte Dateien
Dateityp: txt AdwCleaner[S0].txt (34,1 KB, 115x aufgerufen)
Dateityp: txt JRT_log.txt (2,3 KB, 117x aufgerufen)
Dateityp: txt Addition.txt (22,6 KB, 123x aufgerufen)

Alt 10.09.2013, 18:36   #8
DerJazzer
/// Malwareteam
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Zitat:
Avast springt nun zurzeit dauernd an und zeigt mir wieder das gleiche: Services.exe und System32...außerdem kommt dauernd die Meldung "Bösartige Website blockiert".
Ich meinte diese Meldung. Zeigt Avast! diese Meldung noch an?
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 10.09.2013, 18:43   #9
DerJazzer
/// Malwareteam
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Bitte keine Logs anhängen ohne meine Aufforderung, das erschwert mir die Auswertung erheblich.

Schritt 1

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 11.09.2013, 15:19   #10
Eselzüchter
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Bei den Programmen, die ich jetzt habe laufen lassen (wie du beschrieben hast: adwcleaner..etc) nein - die Nachricht kam nicht mehr.

So, habe jetzt 3x versucht mbar aufzumachen, leider jedesmal bluescreen :/

Also diese Meldung mit Website blockiert kommt nicht mehr, genauso wenig wie Avast! noch eine Meldung bezüglich Viren anzeigt.
Davor ist Avast! eben alle 5 Sekunden angesprungen weil es entweder einen Virus (System32/services.exe) gefunden hat, oder eben eine "Bösartige Website" blockiert hat. Jetzt ist beides davon nicht mehr der Fall...

Alt 11.09.2013, 15:43   #11
DerJazzer
/// Malwareteam
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Ok, dann machen wir so weiter:

Schritt 1

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Schritt 4

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Bitte poste in deiner nächsten Antwort
  • Malwarebytes-Log
  • Eset-Log
  • checkup.txt
  • FRST.txt & Addition.txt
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 11.09.2013, 19:39   #12
Eselzüchter
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Und hier kommen sie schon:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Steffen :: STEFFEN-PC [Administrator]

Schutz: Aktiviert

11.09.2013 17:51:47
mbam-log-2013-09-11 (17-51-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229169
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Steffen\Downloads\ImageEditorSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=adbb7cc5962b0c4d83777a2fb9b84898
# engine=15091
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-11 05:49:23
# local_time=2013-09-11 07:49:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 360184 155631635 0 0
# compatibility_mode=5893 16776574 100 94 97837 130551613 0 0
# scanned=301328
# found=0
# cleaned=0
# scan_time=5827
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.1    
 Java(TM) 6 Update 31  
 Java 7 Update 9  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (23.0.1) 
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Steffen (administrator) on STEFFEN-PC on 11-09-2013 20:34:48
Running from C:\Users\Steffen\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Dropbox, Inc.) C:\Users\Steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [cmgpon] - rundll32.exe "C:\Users\Steffen\AppData\Roaming\cmgpon.dll",ADeviceStopPlay <===== ATTENTION
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1262328 2013-03-27] (Bogdan Sharkov)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-03-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {9E4A70D2-5A2D-49DB-B6E6-8F6888291E60} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3C7C971C-2BFD-4FAF-9008-28BC1A3E2755} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {A51A36E6-31E7-4838-9FF7-76298B527EC0} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default\searchplugins\amazon-distro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: abb - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default\Extensions\abb@amazon.com.xpi
FF Extension: No Name - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\0lngqlop.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0
CHR Extension: (Skype Click to Call) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-09-10] (MalwareBytes)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-09-10] (MalwareBytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 20:26 - 2013-09-11 20:26 - 00891144 _____ C:\Users\Steffen\Desktop\SecurityCheck.exe
2013-09-11 18:10 - 2013-09-11 18:10 - 02347384 _____ (ESET) C:\Users\Steffen\Desktop\esetsmartinstaller_enu.exe
2013-09-11 18:01 - 2013-09-11 20:31 - 00003348 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3120661840-2489062267-4010830669-1001
2013-09-11 16:29 - 2013-09-11 16:29 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-10 20:36 - 2013-09-10 20:36 - 00274992 _____ C:\Windows\Minidump\091013-25521-01.dmp
2013-09-10 20:20 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 20:20 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 20:20 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 20:20 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 20:20 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 20:20 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 20:20 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 20:20 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 20:20 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 20:20 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 20:20 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 20:09 - 2013-09-11 20:31 - 00003218 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3120661840-2489062267-4010830669-1001
2013-09-10 20:08 - 2013-09-10 20:08 - 00274992 _____ C:\Windows\Minidump\091013-24258-01.dmp
2013-09-10 20:03 - 2013-09-10 20:04 - 00274992 _____ C:\Windows\Minidump\091013-24741-01.dmp
2013-09-10 19:57 - 2013-09-10 19:57 - 00274992 _____ C:\Windows\Minidump\091013-24492-01.dmp
2013-09-10 19:51 - 2013-09-10 19:51 - 00274992 _____ C:\Windows\Minidump\091013-24133-01.dmp
2013-09-10 19:49 - 2013-09-10 19:49 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-09-10 19:49 - 2013-09-10 19:49 - 00000000 ____D C:\Users\Steffen\Desktop\mbar
2013-09-10 19:48 - 2013-09-10 19:48 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Steffen\Desktop\mbar-1.07.0.1005.exe
2013-09-10 19:19 - 2013-09-10 19:19 - 00023131 _____ C:\Users\Steffen\Desktop\Addition.txt
2013-09-10 19:17 - 2013-09-10 19:17 - 00000000 ____D C:\FRST
2013-09-10 18:39 - 2013-09-10 18:39 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 18:37 - 2013-09-10 18:37 - 01029490 _____ (Thisisu) C:\Users\Steffen\Desktop\JRT.exe
2013-09-10 18:35 - 2013-09-10 18:35 - 00034904 _____ C:\Users\Steffen\Desktop\AdwCleaner[S0].txt
2013-09-10 18:19 - 2013-09-10 18:31 - 00000000 ____D C:\AdwCleaner
2013-09-10 18:19 - 2013-09-10 18:19 - 01037278 _____ C:\Users\Steffen\Desktop\adwcleaner.exe
2013-09-10 18:06 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-10 18:06 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-10 17:15 - 2013-09-10 17:15 - 00001427 _____ C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-10 16:53 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-10 16:53 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 00:23 - 2013-09-10 00:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 00:23 - 2013-09-10 00:23 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-10 00:23 - 2013-09-10 00:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-10 00:23 - 2013-09-10 00:23 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-10 00:23 - 2013-09-10 00:23 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-10 00:23 - 2013-09-10 00:23 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-10 00:23 - 2013-09-10 00:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-10 00:23 - 2013-09-10 00:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-10 00:23 - 2013-09-10 00:23 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-10 00:23 - 2013-09-10 00:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-10 00:22 - 2013-09-10 00:22 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-10 00:19 - 2013-09-10 00:28 - 00011789 _____ C:\Windows\IE10_main.log
2013-09-09 23:00 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-09 23:00 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-09 23:00 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-09 22:59 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 22:59 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-09 22:59 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 22:59 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-09 22:59 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 22:59 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 22:59 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 22:59 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 22:59 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 22:59 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-09 22:59 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-09 22:59 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-09 22:59 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-09 22:59 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-09 22:59 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-09 22:59 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-09-09 22:59 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-09 22:59 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-09 22:59 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-09 22:59 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-09 22:59 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-09 22:59 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-09 22:59 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-09 22:59 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-09 22:59 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-09-09 22:59 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-09 22:59 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-09-09 22:59 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-09-09 22:59 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-09 22:59 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-09-09 22:58 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 22:58 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-09 22:58 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-09-09 22:58 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-09-09 22:58 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-09 22:58 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-09-09 22:58 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-09-09 22:58 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-09-09 22:58 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-09 22:58 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-09-09 22:58 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-09-09 22:57 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 22:57 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 22:57 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-09 22:57 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-09 22:57 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-09-09 22:57 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-09-09 22:57 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-09 22:57 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-09-09 22:57 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-09 22:57 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-09-09 22:57 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-09 22:56 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-09-09 22:56 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-08 23:55 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-08 23:55 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-08 23:55 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-08 23:55 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-08 23:43 - 2013-09-08 23:43 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-08 23:42 - 2013-09-08 23:42 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-08 23:40 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-08 23:40 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-08 23:40 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-09-08 23:40 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-09-08 23:40 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-08 23:40 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-08 23:40 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-08 23:40 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-08 23:40 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-08 23:40 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-08 23:40 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-08 23:40 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-08 23:38 - 2013-09-08 23:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-08 23:38 - 2013-09-08 23:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-08 23:37 - 2013-09-08 23:37 - 00266464 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-08 16:30 - 2013-09-08 16:30 - 00025564 _____ C:\ComboFix.txt
2013-09-08 15:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-08 15:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-08 15:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-08 15:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-08 15:39 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-08 15:39 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-08 15:39 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-08 15:39 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-08 15:39 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-08 15:39 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-08 15:38 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-08 15:38 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-09-08 15:38 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-08 15:38 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-08 15:38 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-08 15:38 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-09-08 15:38 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-08 15:38 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-09-08 15:38 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-08 15:38 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-09-08 15:38 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-09-08 15:38 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-09-08 15:38 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2013-09-08 15:38 - 2010-11-20 14:58 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2013-09-08 15:38 - 2010-11-20 13:57 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-09-08 15:37 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-08 15:37 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-09-08 15:37 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-09-08 15:37 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-09-08 15:37 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-09-08 15:37 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-09-08 15:37 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-09-08 15:37 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-09-08 15:37 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-09-08 15:37 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-08 15:37 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-08 15:37 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-08 15:37 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-08 15:37 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-08 15:37 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-08 15:37 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-08 15:37 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-08 15:37 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-09-08 15:37 - 2012-11-30 01:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-09-08 15:37 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-09-08 15:37 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-09-08 15:37 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-08 15:37 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-08 15:37 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-09-08 15:36 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-09-08 15:36 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-08 15:36 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-08 15:36 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-09-08 15:36 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-08 15:36 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-09-08 15:36 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-09-08 15:36 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-09-08 15:36 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-09-08 15:36 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-09-08 15:36 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-09-08 15:36 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-09-08 15:36 - 2010-11-20 15:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2013-09-08 15:35 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-08 15:35 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-08 15:35 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-08 15:35 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-08 15:35 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-09-08 15:35 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-09-08 14:23 - 2013-09-08 16:30 - 00000000 ____D C:\Qoobox
2013-09-08 14:23 - 2013-09-08 16:28 - 00000000 ____D C:\Windows\erdnt
2013-09-08 14:22 - 2013-09-08 14:22 - 05120615 ____R (Swearware) C:\Users\Steffen\Desktop\ComboFix.exe
2013-09-08 13:35 - 2013-09-08 13:35 - 00000052 _____ C:\Users\Steffen\AppData\Roaming\WB.CFG
2013-09-08 13:35 - 2013-09-08 13:35 - 00000005 _____ C:\Users\Steffen\AppData\Roaming\WBPU-TTL.DAT
2013-09-08 12:51 - 2013-09-08 12:51 - 04745728 _____ (AVAST Software) C:\Users\Steffen\Desktop\aswMBR.exe
2013-09-08 12:45 - 2013-09-08 12:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Steffen\Desktop\tdsskiller.exe
2013-09-08 12:42 - 2013-09-08 12:42 - 00000000 ____D C:\Users\Steffen\AppData\Local\avgchrome
2013-09-08 12:35 - 2013-09-08 12:35 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-08 11:09 - 2013-09-08 11:09 - 00000000 _____ C:\Windows\system32\atiicdxx.dat
2013-09-08 10:09 - 2013-09-08 10:09 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Malwarebytes
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 10:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-08 10:08 - 2013-09-08 10:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Steffen\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-07 15:48 - 2013-09-07 15:48 - 00002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 15:46 - 2013-09-11 19:56 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 15:46 - 2013-09-11 18:01 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 15:46 - 2013-09-10 18:35 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-07 15:46 - 2013-09-07 15:51 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 15:46 - 2013-09-07 15:51 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-07 15:46 - 2013-09-07 15:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 15:46 - 2013-09-07 15:46 - 00001924 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 15:46 - 2013-09-07 15:46 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-07 15:46 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-07 15:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-07 15:46 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-07 15:45 - 2013-09-07 15:45 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 15:45 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-07 15:44 - 2013-09-07 15:45 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 15:43 - 2013-09-07 15:44 - 131918888 _____ C:\Users\Steffen\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-05 22:45 - 2013-09-05 22:46 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Origin
2013-09-05 22:45 - 2013-09-05 22:46 - 00000000 ____D C:\Users\Steffen\AppData\Local\Origin
2013-09-05 22:32 - 2013-09-05 23:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-05 22:32 - 2013-09-05 22:45 - 00000000 ____D C:\ProgramData\Origin
2013-09-05 22:32 - 2013-09-05 22:32 - 00000945 _____ C:\Users\Public\Desktop\Origin.lnk
2013-09-05 22:32 - 2013-09-05 22:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-05 22:29 - 2013-09-05 22:30 - 16949160 _____ (Electronic Arts, Inc.) C:\Users\Steffen\Downloads\OriginThinSetup.exe
2013-09-04 23:23 - 2013-09-11 18:01 - 00000384 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Steffen.job
2013-09-04 23:23 - 2013-09-08 11:10 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Steffen.job
2013-09-04 23:23 - 2013-09-08 10:21 - 00002980 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Steffen
2013-09-04 23:23 - 2013-09-04 23:23 - 00003624 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Steffen
2013-09-04 23:23 - 2013-09-04 23:23 - 00002684 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Steffen
2013-09-04 23:22 - 2013-09-08 10:21 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Steffen
2013-09-04 23:22 - 2013-09-08 10:21 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Steffen.job
2013-08-30 14:41 - 2013-09-02 22:07 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\TS3Client
2013-08-30 14:40 - 2013-08-30 14:40 - 00001223 _____ C:\Users\Steffen\Desktop\TeamSpeak 3 Client.lnk
2013-08-30 14:40 - 2013-08-30 14:40 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-08-30 14:40 - 2013-08-30 14:40 - 00000000 ____D C:\Users\Steffen\AppData\Local\TeamSpeak 3 Client
2013-08-30 14:39 - 2013-08-30 14:39 - 33856880 _____ (TeamSpeak Systems GmbH) C:\Users\Steffen\Downloads\TeamSpeak3-Client-win32-3.0.11.1.exe
2013-08-22 16:52 - 2013-09-07 15:42 - 00000000 ____D C:\ProgramData\Avira
2013-08-22 16:50 - 2013-08-22 16:51 - 110344048 _____ C:\Users\Steffen\Downloads\avira_free4045_antivirus_de.exe
2013-08-18 16:27 - 2013-09-08 14:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-11 20:31 - 2013-09-11 20:31 - 01949408 _____ (Farbar) C:\Users\Steffen\Desktop\FRST64.exe
2013-09-11 20:31 - 2013-09-11 18:01 - 00003348 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3120661840-2489062267-4010830669-1001
2013-09-11 20:31 - 2013-09-10 20:09 - 00003218 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3120661840-2489062267-4010830669-1001
2013-09-11 20:29 - 2013-03-07 20:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 20:26 - 2013-09-11 20:26 - 00891144 _____ C:\Users\Steffen\Desktop\SecurityCheck.exe
2013-09-11 19:56 - 2013-09-07 15:46 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 18:12 - 2009-07-14 19:58 - 00665070 _____ C:\Windows\system32\perfh007.dat
2013-09-11 18:12 - 2009-07-14 19:58 - 00134980 _____ C:\Windows\system32\perfc007.dat
2013-09-11 18:12 - 2009-07-14 07:13 - 01529292 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 18:10 - 2013-09-11 18:10 - 02347384 _____ (ESET) C:\Users\Steffen\Desktop\esetsmartinstaller_enu.exe
2013-09-11 18:05 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 18:05 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 18:02 - 2009-07-14 07:10 - 01849860 _____ C:\Windows\WindowsUpdate.log
2013-09-11 18:01 - 2013-09-07 15:46 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 18:01 - 2013-09-04 23:23 - 00000384 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Steffen.job
2013-09-11 18:01 - 2012-12-04 20:32 - 00000000 ___RD C:\Users\Steffen\Dropbox
2013-09-11 18:01 - 2012-06-26 23:11 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Dropbox
2013-09-11 18:01 - 2011-01-08 22:52 - 00000000 ____D C:\Users\Steffen\AppData\Local\SoftThinks
2013-09-11 17:58 - 2010-09-17 10:04 - 00195856 _____ C:\Windows\PFRO.log
2013-09-11 17:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 17:58 - 2009-07-14 06:51 - 00076414 _____ C:\Windows\setupact.log
2013-09-11 16:29 - 2013-09-11 16:29 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-11 16:29 - 2013-03-07 20:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 16:29 - 2013-03-07 20:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 16:29 - 2011-12-07 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-10 22:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-10 20:36 - 2013-09-10 20:36 - 00274992 _____ C:\Windows\Minidump\091013-25521-01.dmp
2013-09-10 20:36 - 2011-10-26 18:07 - 556133523 _____ C:\Windows\MEMORY.DMP
2013-09-10 20:36 - 2011-10-26 18:07 - 00000000 ____D C:\Windows\Minidump
2013-09-10 20:08 - 2013-09-10 20:08 - 00274992 _____ C:\Windows\Minidump\091013-24258-01.dmp
2013-09-10 20:04 - 2013-09-10 20:03 - 00274992 _____ C:\Windows\Minidump\091013-24741-01.dmp
2013-09-10 19:57 - 2013-09-10 19:57 - 00274992 _____ C:\Windows\Minidump\091013-24492-01.dmp
2013-09-10 19:51 - 2013-09-10 19:51 - 00274992 _____ C:\Windows\Minidump\091013-24133-01.dmp
2013-09-10 19:49 - 2013-09-10 19:49 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-09-10 19:49 - 2013-09-10 19:49 - 00000000 ____D C:\Users\Steffen\Desktop\mbar
2013-09-10 19:48 - 2013-09-10 19:48 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Steffen\Desktop\mbar-1.07.0.1005.exe
2013-09-10 19:19 - 2013-09-10 19:19 - 00023131 _____ C:\Users\Steffen\Desktop\Addition.txt
2013-09-10 19:17 - 2013-09-10 19:17 - 00000000 ____D C:\FRST
2013-09-10 18:39 - 2013-09-10 18:39 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 18:37 - 2013-09-10 18:37 - 01029490 _____ (Thisisu) C:\Users\Steffen\Desktop\JRT.exe
2013-09-10 18:35 - 2013-09-10 18:35 - 00034904 _____ C:\Users\Steffen\Desktop\AdwCleaner[S0].txt
2013-09-10 18:35 - 2013-09-07 15:46 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-10 18:34 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-09-10 18:31 - 2013-09-10 18:19 - 00000000 ____D C:\AdwCleaner
2013-09-10 18:28 - 2011-02-23 22:36 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Skype
2013-09-10 18:19 - 2013-09-10 18:19 - 01037278 _____ C:\Users\Steffen\Desktop\adwcleaner.exe
2013-09-10 17:16 - 2011-01-08 22:56 - 00000000 ___RD C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-10 17:16 - 2011-01-08 22:52 - 00000000 ___RD C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-10 17:15 - 2013-09-10 17:15 - 00001427 _____ C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-10 16:44 - 2009-07-14 06:45 - 00297248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-10 16:38 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-10 16:38 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-10 16:38 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-10 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-10 00:28 - 2013-09-10 00:19 - 00011789 _____ C:\Windows\IE10_main.log
2013-09-10 00:23 - 2013-09-10 00:23 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 00:23 - 2013-09-10 00:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 00:23 - 2013-09-10 00:23 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-10 00:23 - 2013-09-10 00:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-10 00:23 - 2013-09-10 00:23 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-10 00:23 - 2013-09-10 00:23 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-10 00:23 - 2013-09-10 00:23 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-10 00:23 - 2013-09-10 00:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-10 00:23 - 2013-09-10 00:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-10 00:23 - 2013-09-10 00:23 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-10 00:23 - 2013-09-10 00:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-10 00:23 - 2013-09-10 00:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-10 00:23 - 2013-09-10 00:23 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-10 00:22 - 2013-09-10 00:22 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-10 00:22 - 2013-09-10 00:22 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-09 22:40 - 2011-01-08 22:52 - 00065168 _____ C:\Users\Steffen\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-09-09 22:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sppui
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\manifeststore
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2013-09-09 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-09 22:26 - 2009-07-14 04:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2013-09-09 22:26 - 2009-07-14 04:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-09-08 23:43 - 2013-09-08 23:43 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-08 23:42 - 2013-09-08 23:42 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-08 23:39 - 2010-09-17 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-08 23:39 - 2010-09-17 10:27 - 00000000 ____D C:\ProgramData\Skype
2013-09-08 23:38 - 2013-09-08 23:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-08 23:38 - 2013-09-08 23:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-08 23:37 - 2013-09-08 23:37 - 00266464 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-08 16:30 - 2013-09-08 16:30 - 00025564 _____ C:\ComboFix.txt
2013-09-08 16:30 - 2013-09-08 14:23 - 00000000 ____D C:\Qoobox
2013-09-08 16:30 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-08 16:28 - 2013-09-08 14:23 - 00000000 ____D C:\Windows\erdnt
2013-09-08 16:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-08 16:08 - 2011-01-08 22:52 - 00000000 ____D C:\Users\Steffen
2013-09-08 15:19 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-08 14:35 - 2013-08-18 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-08 14:22 - 2013-09-08 14:22 - 05120615 ____R (Swearware) C:\Users\Steffen\Desktop\ComboFix.exe
2013-09-08 13:35 - 2013-09-08 13:35 - 00000052 _____ C:\Users\Steffen\AppData\Roaming\WB.CFG
2013-09-08 13:35 - 2013-09-08 13:35 - 00000005 _____ C:\Users\Steffen\AppData\Roaming\WBPU-TTL.DAT
2013-09-08 12:51 - 2013-09-08 12:51 - 04745728 _____ (AVAST Software) C:\Users\Steffen\Desktop\aswMBR.exe
2013-09-08 12:45 - 2013-09-08 12:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Steffen\Desktop\tdsskiller.exe
2013-09-08 12:42 - 2013-09-08 12:42 - 00000000 ____D C:\Users\Steffen\AppData\Local\avgchrome
2013-09-08 12:37 - 2010-09-17 10:12 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-09-08 12:35 - 2013-09-08 12:35 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-08 11:10 - 2013-09-04 23:23 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Steffen.job
2013-09-08 11:09 - 2013-09-08 11:09 - 00000000 _____ C:\Windows\system32\atiicdxx.dat
2013-09-08 10:21 - 2013-09-04 23:23 - 00002980 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Steffen
2013-09-08 10:21 - 2013-09-04 23:22 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Steffen
2013-09-08 10:21 - 2013-09-04 23:22 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Steffen.job
2013-09-08 10:09 - 2013-09-08 10:09 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Malwarebytes
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 10:09 - 2013-09-08 10:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 10:08 - 2013-09-08 10:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Steffen\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-08 08:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-09-07 15:51 - 2013-09-07 15:46 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 15:51 - 2013-09-07 15:46 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-07 15:49 - 2011-02-23 22:37 - 00000000 ____D C:\Users\Steffen\AppData\Local\Google
2013-09-07 15:48 - 2013-09-07 15:48 - 00002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 15:48 - 2013-09-07 15:46 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 15:46 - 2013-09-07 15:46 - 00001924 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 15:46 - 2013-09-07 15:46 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-07 15:45 - 2013-09-07 15:45 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 15:45 - 2013-09-07 15:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 15:44 - 2013-09-07 15:43 - 131918888 _____ C:\Users\Steffen\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-07 15:42 - 2013-08-22 16:52 - 00000000 ____D C:\ProgramData\Avira
2013-09-05 23:25 - 2013-09-05 22:32 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-05 22:46 - 2013-09-05 22:45 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Origin
2013-09-05 22:46 - 2013-09-05 22:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\Origin
2013-09-05 22:45 - 2013-09-05 22:32 - 00000000 ____D C:\ProgramData\Origin
2013-09-05 22:32 - 2013-09-05 22:32 - 00000945 _____ C:\Users\Public\Desktop\Origin.lnk
2013-09-05 22:32 - 2013-09-05 22:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-05 22:30 - 2013-09-05 22:29 - 16949160 _____ (Electronic Arts, Inc.) C:\Users\Steffen\Downloads\OriginThinSetup.exe
2013-09-04 23:23 - 2013-09-04 23:23 - 00003624 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Steffen
2013-09-04 23:23 - 2013-09-04 23:23 - 00002684 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Steffen
2013-09-02 22:07 - 2013-08-30 14:41 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\TS3Client
2013-08-30 14:40 - 2013-08-30 14:40 - 00001223 _____ C:\Users\Steffen\Desktop\TeamSpeak 3 Client.lnk
2013-08-30 14:40 - 2013-08-30 14:40 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-08-30 14:40 - 2013-08-30 14:40 - 00000000 ____D C:\Users\Steffen\AppData\Local\TeamSpeak 3 Client
2013-08-30 14:39 - 2013-08-30 14:39 - 33856880 _____ (TeamSpeak Systems GmbH) C:\Users\Steffen\Downloads\TeamSpeak3-Client-win32-3.0.11.1.exe
2013-08-30 13:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-30 09:48 - 2013-09-07 15:46 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-07 15:46 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-07 15:46 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-07 15:45 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-28 12:57 - 2012-06-08 01:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-23 17:26 - 2012-08-29 18:48 - 00000024 _____ C:\Users\Steffen\random.dat
2013-08-23 17:04 - 2011-10-25 16:38 - 00000032 _____ C:\Users\Steffen\jagex_cl_runescape_LIVE.dat
2013-08-22 16:51 - 2013-08-22 16:50 - 110344048 _____ C:\Users\Steffen\Downloads\avira_free4045_antivirus_de.exe

ZeroAccess:
C:\Users\Steffen\AppData\Local\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}
C:\Users\Steffen\AppData\Local\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}\@

Files to move or delete:
====================
C:\ProgramData\4r3wi8.dat
C:\Users\Steffen\cache.dat
C:\Users\Steffen\jagex_cl_oldschool_LIVE.dat
C:\Users\Steffen\jagex_cl_runescape_LIVE.dat
C:\Users\Steffen\jagex_cl_runescape_LIVE1.dat
C:\Users\Steffen\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Steffen\jagex_runescape_preferences.dat
C:\Users\Steffen\jagex_runescape_preferences2.dat
C:\Users\Steffen\random.dat
C:\Users\Steffen\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 17:20

==================== End Of Log ============================
         
--- --- ---

Alt 11.09.2013, 19:40   #13
Eselzüchter
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Addition log:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Steffen at 2013-09-10 19:19:10
Running from C:\Users\Steffen\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader 9.1.2 - Deutsch (x32 Version: 9.1.2)
AGEIA PhysX v7.05.17 (x32 Version: 7.05.17)
AMD Catalyst Install Manager (Version: 3.0.847.0)
Assassin's Creed (x32 Version: 1.02)
ATI Catalyst Control Center (x32 Version: 2.010.0517.1741)
Audacity 2.0 (x32)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Battlefield 2(TM) (x32)
Battlefield 2142 (x32)
Camtasia Studio 7 (x32 Version: 7.0.1)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0517.1742.29870)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0517.1742.29870)
Catalyst Control Center InstallProxy (x32 Version: 2010.0517.1742.29870)
Catalyst Control Center InstallProxy (x32 Version: 2011.1016.2228.38487)
Catalyst Control Center Localization All (x32 Version: 2010.0517.1742.29870)
CCC Help Chinese Standard (x32 Version: 2010.0517.1741.29870)
CCC Help Chinese Traditional (x32 Version: 2010.0517.1741.29870)
CCC Help Czech (x32 Version: 2010.0517.1741.29870)
CCC Help Danish (x32 Version: 2010.0517.1741.29870)
CCC Help Dutch (x32 Version: 2010.0517.1741.29870)
CCC Help English (x32 Version: 2010.0517.1741.29870)
CCC Help Finnish (x32 Version: 2010.0517.1741.29870)
CCC Help French (x32 Version: 2010.0517.1741.29870)
CCC Help German (x32 Version: 2010.0517.1741.29870)
CCC Help Greek (x32 Version: 2010.0517.1741.29870)
CCC Help Hungarian (x32 Version: 2010.0517.1741.29870)
CCC Help Italian (x32 Version: 2010.0517.1741.29870)
CCC Help Japanese (x32 Version: 2010.0517.1741.29870)
CCC Help Korean (x32 Version: 2010.0517.1741.29870)
CCC Help Norwegian (x32 Version: 2010.0517.1741.29870)
CCC Help Polish (x32 Version: 2010.0517.1741.29870)
CCC Help Portuguese (x32 Version: 2010.0517.1741.29870)
CCC Help Russian (x32 Version: 2010.0517.1741.29870)
CCC Help Spanish (x32 Version: 2010.0517.1741.29870)
CCC Help Swedish (x32 Version: 2010.0517.1741.29870)
CCC Help Thai (x32 Version: 2010.0517.1741.29870)
CCC Help Turkish (x32 Version: 2010.0517.1741.29870)
ccc-core-static (x32 Version: 2010.0517.1742.29870)
ccc-utility64 (Version: 2010.0517.1742.29870)
ckerdeinstallation für EPSON S21 Series
Clownfish for Skype (x32)
Colin McRae Rally 2 (x32)
Crysis - Crypack Pre Patched & Cracked 1.1 Version 1.0.0.0 (x32 Version: 1.0.0.0)
Dell DataSafe Local Backup - Support Software (x32)
Dell DataSafe Local Backup (x32 Version: 9.4.40)
Dell DataSafe Online (x32 Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Dock (x32)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Support Center (Support Software) (x32 Version: 2.5.09100)
Dropbox (HKCU Version: 2.0.22)
FL Studio 10 (x32)
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128)
Full Tilt Poker (x32 Version: 4.39.11.WIN.FullTilt.COM)
GameSpy Arcade (x32)
GameSpy Comrade (x32 Version: 0.26.0.134)
Ghost Recon (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
Grand Theft Auto San Andreas (x32 Version: 1.00.00001)
Hellgate: London (Version: 1.10.180.3416)
Hitman: Contracts (x32)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.021)
HyperCam 2 (x32)
IL Download Manager (x32)
IL Shared Libraries (x32)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 14.0.8089.726)
League of Legends (x32 Version: 1.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Multimedia Card Reader (x32 Version: 1.6.915.87)
Musicshake (x32 Version: 1.2.258)
Need for Speed™ Most Wanted (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 9.3.2.2730)
PokerStars.eu (x32)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6043)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Roxio Burn (x32 Version: 1.01)
Silent Hunter II (x32)
Skins (x32 Version: 2010.0517.1742.29870)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 5.10 (x32 Version: 5.10.116)
SwiftKit (HKCU)
TeamSpeak 3 Client (HKCU Version: 3.0.11)
TeamViewer 6 (x32 Version: 6.0.10722)
Tom Clancy's Ghost Recon Advanced Warfighter® 2 (x32 Version: 1.05)
Tom Clancy's Rainbow Six Vegas 2 (x32 Version: 1.03)
TubeBox! (x32 Version: 3.4.6)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VirtualCloneDrive (x32)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinRAR 4.00 (32-Bit) (x32 Version: 4.00.0)

==================== Restore Points  =========================

08-09-2013 21:43:19 Windows 7 Service Pack 1
09-09-2013 21:58:49 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-08 16:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {08E513E1-F68B-4B97-BB45-B07C02201B26} - System32\Tasks\ReclaimerUpdateFiles_Steffen => C:\Users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04] (RealNetworks, Inc.)
Task: {25F8DF73-2B43-461E-944E-BA1351050CDC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3120661840-2489062267-4010830669-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {35CC42FA-1C9F-442B-BACA-B964FCDAD0B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {3CBF226E-18E5-446D-B123-E378805AC593} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22] (Adobe Systems Incorporated)
Task: {4DCBD34E-FE79-4348-8D7C-F566450DFD9F} - \EPUpdater No Task File
Task: {57228BD5-D2D9-45E6-9591-1A77FCFAFA57} - System32\Tasks\RNUpgradeHelperResumePrompt_Steffen => C:\Users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04] (RealNetworks, Inc.)
Task: {59AA70D6-9D07-4A46-8064-C9897134961A} - System32\Tasks\ReclaimerUpdateXML_Steffen => C:\Users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04] (RealNetworks, Inc.)
Task: {61C6CD75-B756-422A-803B-2C0762136F6A} - System32\Tasks\{AEB8ECBF-1436-45C5-8946-40EE731747FD} => C:\Program Files\Dell\DellDock\DellDock.exe [2009-12-16] (Stardock Corporation)
Task: {7B5D33B7-B840-45FE-AAD2-7AF8C75CF0B6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7C510242-BD64-453A-8FA6-2310FE9DE356} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {88E9393E-B593-48BB-94DF-A705FDA312EE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3120661840-2489062267-4010830669-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {9856AAAF-7D40-4F41-9ECD-ED241876CFA7} - System32\Tasks\RNUpgradeHelperLogonPrompt_Steffen => C:\Users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04] (RealNetworks, Inc.)
Task: {A03BF978-D901-4E1F-8404-9FB0D98C9E06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Steffen.job => C:\Users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Steffen.job => C:\Users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Steffen.job => C:\Users\Steffen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2010-05-17 17:39 - 2010-05-17 17:39 - 00106496 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2010-05-17 17:34 - 2010-05-17 17:34 - 00032768 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2010-05-17 17:35 - 2010-05-17 17:35 - 00036864 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2010-05-17 17:39 - 2010-05-17 17:39 - 00065536 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2010-05-17 17:35 - 2010-05-17 17:35 - 00005632 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2010-05-17 17:35 - 2010-05-17 17:35 - 00020480 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2010-05-17 17:39 - 2010-05-17 17:39 - 00032768 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2010-05-17 17:35 - 2010-05-17 17:35 - 00015360 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2010-05-17 17:35 - 2010-05-17 17:35 - 00380928 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2010-05-17 17:35 - 2010-05-17 17:35 - 00151552 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 13:51 - 2009-01-20 13:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2008-11-18 12:00 - 2008-11-18 12:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-17 17:39 - 2010-05-17 17:39 - 00065536 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Dashboard.dll
2010-05-17 17:40 - 2010-05-17 17:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2011-03-13 18:22 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-03-13 15:46 - 2009-12-14 19:16 - 00107688 _____ (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
2010-09-17 10:19 - 2010-05-21 11:58 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-09-17 10:19 - 2010-05-21 11:58 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-09-17 10:19 - 2010-05-21 11:59 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-09-17 10:19 - 2010-05-21 11:58 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-09-17 10:19 - 2010-05-21 11:58 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-09-17 10:19 - 2010-05-21 11:58 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-09-17 10:19 - 2010-05-21 11:58 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2011-06-23 11:37 - 2010-11-20 15:27 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Steffen\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Steffen\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Steffen\AppData\Roaming\Dropbox\bin\icudt.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00046400 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00365888 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00338240 _____ (TODO: <Company name>) C:\Program Files (x86)\Dell DataSafe Online\OlbEng.dll
2010-04-06 15:12 - 2010-04-06 15:12 - 01441792 _____ (SwapDrive, Inc.) C:\Program Files (x86)\Dell DataSafe Online\BuEng.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2009-06-23 12:46 - 2009-06-23 12:46 - 04233712 _____ (Sonic Solutions) C:\Program Files (x86)\Roxio\Roxio Burn\AS_Storage_w32.dll
2009-03-24 01:01 - 2009-03-24 01:01 - 00100848 _____ (Sonic Solutions) C:\Program Files (x86)\Common Files\PX Storage Engine\vxblock.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 00073728 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtmessage.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 00881960 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsched.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 00382248 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtevent.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 00402728 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtfod.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 01069056 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\LIBEAY32.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 00881960 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsync.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 00386344 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtui.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 00040848 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll
2009-05-21 08:59 - 2009-05-21 08:59 - 00024464 _____ (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll
2011-01-17 17:19 - 2011-02-21 22:08 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-08-18 16:27 - 2013-08-18 16:27 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Steffen\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2013-08-22 16:14 - 2013-08-22 16:14 - 16166280 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 07:11:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/10/2013 07:09:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/10/2013 07:11:29 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/10/2013 07:09:39 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2


CodeIntegrity Errors:
===================================
  Date: 2013-09-08 16:08:28.640
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-08 16:08:28.530
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3959.12 MB
Available physical RAM: 2253.07 MB
Total Pagefile: 7916.42 MB
Available Pagefile: 5934.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.95 GB) (Free:786.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=920 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 12.09.2013, 18:53   #14
DerJazzer
/// Malwareteam
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Hi,

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\4r3wi8.dat
C:\Users\Steffen\cache.dat
C:\Users\Steffen\random.dat
C:\Users\Steffen\AppData\Local\Temp\Quarantine.exe
ZeroAccess:
C:\Users\Steffen\AppData\Local\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}
C:\Users\Steffen\AppData\Local\{4b7ba9d7-ffde-c2e1-6b9c-d5f0bf0688c0}\@
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Choose File
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\Users\Steffen\AppData\Roaming\cmgpon.dll
             
  • und klicke auf Öffnen.
  • Klicke auf Scan It!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    This file was already analysed by VirusTotal...
    klicke auf Reanalyse.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Schritt 3

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Bitte poste in deiner nächsten Antwort
  • FRST-Fixlog
  • Link zur VirusTotal-Analyse
  • FRST.txt
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 12.09.2013, 19:16   #15
Eselzüchter
 
einer/mehrere trojaner services.exe/system 32 - Standard

einer/mehrere trojaner services.exe/system 32



Zu Schritt 2:

Wenn ich bei Virustotal auf Datei Öffnen geh und "C:\Users\Steffen\AppData\Roaming\cmgpon.dll" eingebe, erscheint einmal ein FRST log und einmal ein Combofixlog - ich frage lieber noch einmal nach, bevor ich was falsches machen . Aber, ist das richtig?

Antwort

Themen zu einer/mehrere trojaner services.exe/system 32
datensicherung, eingeschränkt, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.browsefox.a, pup.optional.browserdefender.a, pup.optional.browserprotect.a, pup.optional.datamngr, pup.optional.delta.a, pup.optional.installcore, pup.optional.installcore.a, pup.optional.optimizerpro.a, pup.optional.startpage, pup.optional.webconnect.a, services.exe



Ähnliche Themen: einer/mehrere trojaner services.exe/system 32


  1. HKLM\System\CCS\Services\Tcpip\... - Eintrag kommt immer wieder!
    Log-Analyse und Auswertung - 28.10.2015 (17)
  2. Trojan.SProtector HKLM\SYSTEM\CURRENCONTROLSET\SERVICES\E9F32388 kommt immer wieder
    Log-Analyse und Auswertung - 31.07.2014 (3)
  3. Trojaner auf meinem System Zugang zu einer Gefärlichen web seite wird Geblogt !
    Log-Analyse und Auswertung - 20.01.2014 (5)
  4. Yjdgwef und mehrere Fehler im System
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (1)
  5. mehrere Probleme u.a. hacken und trojaner oder rootkit im system
    Log-Analyse und Auswertung - 02.01.2012 (1)
  6. Mehrere Trojaner innerhalb einer Woche mit Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (21)
  7. Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (11)
  8. Mehrere Trojaner gefunden, System bereinigt, ist es jetzt sauber?
    Log-Analyse und Auswertung - 12.01.2010 (16)
  9. System Services löschen
    Plagegeister aller Art und deren Bekämpfung - 08.07.2009 (1)
  10. Trojaner sitzt in einer System Datei was soll ich machen
    Mülltonne - 17.12.2008 (0)
  11. Mehrere Trojaner im System
    Plagegeister aller Art und deren Bekämpfung - 13.10.2008 (2)
  12. Mehrere Trojaner beseitigt, aber ist das System nun wirklich sauber?!?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2008 (7)
  13. 1. schon wieder mehrere viren, 2. mailserver auf einer blacklist??
    Plagegeister aller Art und deren Bekämpfung - 05.01.2008 (7)
  14. Probleme mit HKLM\System\CCS\Services\Tcpip\
    Log-Analyse und Auswertung - 24.08.2006 (1)
  15. unbekannter Servereintrag unter HKLM\System\CCS\Services\Tcpip...
    Log-Analyse und Auswertung - 30.03.2006 (5)
  16. Hilfe, soll ich das fixen? HKLM\System\CCS\Services\Tcpip\..
    Log-Analyse und Auswertung - 20.01.2006 (1)
  17. Was ist das ??? HKLM\System\CCS\Services\Tcpip
    Log-Analyse und Auswertung - 21.01.2005 (2)

Zum Thema einer/mehrere trojaner services.exe/system 32 - Hallo Community! Vermutlich hat es meinen PC mit ordentlich Viren vollgeballert. Erstmal hab ich nichts gemerkt, bis vor ein paar Tagen mal ein Brief von der Telekom kam, in dem - einer/mehrere trojaner services.exe/system 32...
Archiv
Du betrachtest: einer/mehrere trojaner services.exe/system 32 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.