#34 PC infiziert (vorher) + Win32/Obfuscator.XZ Zitat:
Zitat von
fragit Danke für die Hilfe und ich bekomme Combofix nicht zum laufen....
frst.txt
FRST Logfile:
FRST Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Thomas (administrator) on THOMAS-PC on 28-10-2014 15:32:24
Running from C:\Users\Thomas\Downloads
Loaded Profile: Thomas (Available profiles: Thomas & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2103912 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [594080 2010-07-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [377504 2010-07-29] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [ComodoFSChrome] => "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM-x32\...\Run: [PrivDogService] => C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe [525480 2013-11-15] (AdTrustMedia)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2119575983-2608725883-14680105-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Safebox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Safebox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Safebox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Safebox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBFEE4C803BE5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CFDA3C9A-2C18-4133-B0C8-7A9B8C0950ED}: [NameServer] 156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{D4A2266A-E4DC-4D7E-BEDF-E36AFC17ABEC}: [NameServer] 156.154.70.25,156.154.71.25
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-22]
Chrome:
=======
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-07-30&gen=cnet&ent=hp&u=12E7AFCBB799CC338DDE6F53D8293CD5
CHR StartupUrls: Default -> "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-07-30&gen=cnet&ent=hp&u=12E7AFCBB799CC338DDE6F53D8293CD5"
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-19]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (WOT) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-25]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-19]
CHR Extension: (Google-Suche) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-19]
CHR Extension: (ScriptBlock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2014-09-29]
CHR Extension: (Lavasoft SecureSearch) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjjgoniibiigbcfeipbhfcconfgmgmkc [2014-07-30]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR Extension: (Google Mail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-10-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-07-29] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-08-04] (SurfRight B.V.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-03-03] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SafeBox; C:\Program Files\Bitdefender\Safebox\SafeBoxService.exe [75384 2012-04-02] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [444416 2009-11-09] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-26] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-15] (Disc Soft Ltd)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-08-04] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 15:32 - 2014-10-28 15:32 - 02113024 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-10-28 14:25 - 2014-10-28 14:26 - 05591695 ____R (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe
2014-10-28 14:14 - 2014-10-28 14:14 - 00000000 ____D () C:\Users\Thomas\AppData\OICE_15_974FA576_32C1D314_174F
2014-10-27 13:23 - 2014-10-27 13:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-10-27 13:22 - 2014-10-27 13:22 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Intel
2014-10-26 18:07 - 2014-10-26 18:07 - 00000000 ____D () C:\ProgramData\GZ
2014-10-25 17:10 - 2014-10-25 17:10 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\ATI
2014-10-25 17:10 - 2014-10-25 17:10 - 00000000 ____D () C:\Users\Gast\AppData\Local\ATI
2014-10-25 17:09 - 2014-10-25 18:48 - 00000000 ____D () C:\Users\Gast\AppData\Local\adawarebp
2014-10-25 17:09 - 2014-10-25 17:09 - 00117544 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-25 17:09 - 2014-10-25 17:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Intel Corporation
2014-10-25 17:08 - 2014-10-25 17:08 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-25 17:08 - 2014-10-25 17:08 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Bitdefender
2014-10-25 17:08 - 2014-10-25 17:08 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2014-10-25 17:08 - 2014-10-25 17:08 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2014-10-25 17:08 - 2014-10-25 17:08 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-10-25 17:05 - 2014-10-25 17:08 - 00000000 ____D () C:\Users\Gast
2014-10-25 17:05 - 2014-10-25 17:05 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Vorlagen
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten
2014-10-25 17:05 - 2014-10-25 17:05 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten
2014-10-25 17:05 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-25 17:05 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-24 20:21 - 2014-10-24 20:21 - 03453979 _____ () C:\Users\Thomas\Downloads\Acer_Camera_Suyin_v.5.2.5.3_Win7x86x64 (2).zip
2014-10-24 20:21 - 2014-10-24 20:21 - 03453979 _____ () C:\Users\Thomas\Downloads\Acer_Camera_Suyin_v.5.2.5.3_Win7x86x64 (1).zip
2014-10-24 20:21 - 2009-05-27 09:54 - 01654784 _____ (SuYin) C:\Windows\Acer Crystal Eye webcam.EXE
2014-10-24 20:21 - 2009-05-27 09:48 - 00008362 _____ () C:\Windows\Suyin.reg
2014-10-24 20:21 - 2009-05-11 16:39 - 00000323 _____ () C:\Windows\PidList.ini
2014-10-24 20:21 - 2008-12-30 12:42 - 00626688 _____ () C:\Windows\Image.dll
2014-10-24 20:21 - 2008-07-29 18:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-10-24 20:21 - 2008-06-25 13:22 - 00020480 _____ () C:\Windows\USB_VIDEO_REG.exe
2014-10-24 20:18 - 2014-10-24 20:18 - 00003296 _____ () C:\Windows\System32\Tasks\{B3E4E637-F148-4A08-AFB5-03D5CACDC735}
2014-10-24 20:10 - 2014-10-24 20:10 - 00003250 _____ () C:\Windows\System32\Tasks\{273CB360-4B24-428F-8B8D-A354CD66B079}
2014-10-24 20:09 - 2014-10-24 20:09 - 03472338 _____ () C:\Users\Thomas\Downloads\Camera_Suyin_5.2.11.2_W7x86W7x64_A.zip
2014-10-24 20:08 - 2014-10-24 20:08 - 03669812 _____ () C:\Users\Thomas\Downloads\Camera_Chicony_1.1.143.1229_W7x86W7x64_A.zip
2014-10-21 10:06 - 2014-10-24 20:24 - 00005964 _____ () C:\Windows\PFRO.log
2014-10-21 00:49 - 2014-10-21 00:49 - 00055076 _____ () C:\Users\Thomas\Desktop\dataxutest.pcapng
2014-10-20 19:07 - 2014-10-28 13:50 - 00001344 _____ () C:\Windows\setupact.log
2014-10-20 19:07 - 2014-10-20 19:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-18 17:05 - 2014-10-19 23:17 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Notepad++
2014-10-18 17:05 - 2014-10-18 17:05 - 00001059 _____ () C:\Users\Thomas\Desktop\Notepad++.lnk
2014-10-18 17:05 - 2014-10-18 17:05 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-10-18 17:05 - 2014-10-18 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-10-18 17:05 - 2014-10-18 17:05 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-18 15:49 - 2014-10-19 22:31 - 00000809 _____ () C:\Users\Thomas\Desktop\index.html
2014-10-18 15:49 - 2014-10-18 15:49 - 07945210 _____ () C:\Users\Thomas\Downloads\npp.6.6.9.Installer.exe
2014-10-15 23:31 - 2014-10-15 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-10-15 23:31 - 2014-10-15 23:34 - 00000000 ____D () C:\Program Files (x86)\Hex-Editor MX
2014-10-15 23:31 - 2014-10-15 23:31 - 00860736 _____ () C:\Users\Thomas\Downloads\hexedit602.zip
2014-10-15 23:28 - 2014-10-15 23:28 - 01125200 _____ () C:\Users\Thomas\Downloads\Hex Editor MX - CHIP-Installer.exe
2014-10-15 20:09 - 2014-10-15 20:09 - 00000330 _____ () C:\Start_.cmd
2014-10-15 20:09 - 2014-10-15 20:09 - 00000000 ____D () C:\ComboFix
2014-10-15 20:08 - 2014-10-28 14:27 - 00000000 ___SD () C:\32788R22FWJFW
2014-10-15 13:45 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:45 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 13:45 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 13:45 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 13:45 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:45 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 13:45 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 13:45 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:45 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:45 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:45 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:45 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 13:45 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 13:45 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:45 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:45 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:45 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:45 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:45 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:45 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:45 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:45 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:45 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:45 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:45 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:45 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:45 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 13:45 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 13:45 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 13:45 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 13:45 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 13:45 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 13:45 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 13:45 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 13:45 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 13:45 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:45 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:45 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 13:45 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:45 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:45 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:45 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:45 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:45 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:44 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:44 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:44 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:44 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:44 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 13:44 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:44 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:44 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:44 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:44 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:44 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:44 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:44 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:44 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:44 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:44 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:44 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:44 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:44 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:44 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:44 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:44 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:44 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:44 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:44 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:44 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:44 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:44 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:44 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:44 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:44 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 13:44 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:44 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:44 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 13:44 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:44 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 13:44 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 13:44 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:44 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 13:44 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:44 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:44 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:44 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 13:44 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:44 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 13:44 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 13:44 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:44 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:44 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:44 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 13:44 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:44 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 13:44 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:44 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 13:44 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:44 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:44 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:44 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:44 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 13:43 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:43 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:43 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:43 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:43 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 13:43 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:43 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:43 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:43 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:43 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:43 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:43 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:43 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:43 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:43 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:43 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:42 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:42 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 13:42 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:42 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 21:42 - 2014-10-14 21:42 - 00000000 ____D () C:\Users\Thomas\Documents\ProcAlyzer Dumps
2014-10-14 21:01 - 2014-10-14 21:01 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-14 21:00 - 2014-10-14 23:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-14 21:00 - 2014-10-14 21:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-14 21:00 - 2014-10-14 21:00 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-14 21:00 - 2014-10-14 21:00 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-14 21:00 - 2014-10-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-14 21:00 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-14 20:55 - 2014-10-14 20:56 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Thomas\Downloads\spybot-2.4.exe
2014-10-14 19:45 - 2014-10-15 13:42 - 00014336 _____ () C:\Users\Thomas\Documents\nstprodata-demo.db3
2014-10-14 19:45 - 2014-10-14 19:45 - 00002099 _____ () C:\Users\Public\Desktop\NetScanTools Pro Demo.lnk
2014-10-14 19:45 - 2014-10-14 19:45 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\NWPS
2014-10-14 19:45 - 2014-10-14 19:45 - 00000000 ____D () C:\ProgramData\NWPS
2014-10-14 19:45 - 2014-10-14 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetScanTools Pro Demo
2014-10-14 19:45 - 2014-10-14 19:45 - 00000000 ____D () C:\Program Files (x86)\nwps
2014-10-14 19:42 - 2014-10-14 19:43 - 38385024 _____ () C:\Users\Thomas\Downloads\nstp11demo.zip
2014-10-13 14:45 - 2014-10-13 14:45 - 11416224 _____ () C:\Users\Thomas\Desktop\wire.pcapng
2014-10-13 02:02 - 2014-10-13 02:02 - 00003136 _____ () C:\Windows\System32\Tasks\{6AA8B2E6-DCAB-4E0E-8B14-598B4A3B6E0B}
2014-10-09 21:53 - 2014-10-09 21:53 - 00039623 _____ () C:\Users\Thomas\Desktop\processinfo 2014_10_09 22_53.html
2014-10-09 18:54 - 2014-10-09 18:54 - 00040046 _____ () C:\Users\Thomas\Desktop\processinfo 2014_10_09 19_54.html
2014-10-09 18:21 - 2014-10-09 18:21 - 00039010 _____ () C:\Users\Thomas\Downloads\Downloads.zip
2014-10-09 18:20 - 2014-10-09 18:20 - 00029708 _____ () C:\Users\Thomas\Downloads\FRST.zip
2014-10-09 18:20 - 2014-10-09 18:20 - 00009324 _____ () C:\Users\Thomas\Downloads\Addition.zip
2014-10-09 18:17 - 2014-10-09 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-09 18:17 - 2014-10-09 18:17 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-10-09 18:15 - 2014-10-09 18:15 - 01110476 _____ () C:\Users\Thomas\Downloads\7z920.exe
2014-10-09 12:14 - 2014-10-09 13:01 - 00000000 ____D () C:\Users\Thomas\AppData\OICE_15_974FA576_32C1D314_2939
2014-10-09 01:22 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-09 01:22 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-08 01:03 - 2014-10-08 01:04 - 00511633 _____ () C:\Users\Thomas\Downloads\Autoruns (1).zip
2014-10-08 00:59 - 2014-10-08 01:01 - 00042566 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-10-08 00:58 - 2014-10-28 15:32 - 00019955 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-10-08 00:36 - 2014-10-08 00:37 - 00001322 _____ () C:\Users\Thomas\Desktop\ESET.txt
2014-10-06 14:50 - 2014-09-15 02:37 - 120572672 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\msert.exe
2014-10-06 14:16 - 2014-10-06 14:16 - 00511633 _____ () C:\Users\Thomas\Downloads\Autoruns.zip
2014-10-06 08:29 - 2014-10-06 08:31 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Comodo
2014-10-05 15:22 - 2014-10-05 15:22 - 00002017 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-10-03 16:52 - 2014-10-03 16:52 - 00453496 _____ () C:\Users\Thomas\Desktop\dada.htm
2014-10-03 16:27 - 2014-10-10 03:14 - 01605100 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-10-03 16:27 - 2014-10-03 16:27 - 00000000 ___HD () C:\VTRoot
2014-10-03 16:24 - 2014-10-03 16:24 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-10-03 16:24 - 2014-10-03 16:24 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-10-03 16:04 - 2014-10-03 16:04 - 00000000 __SHD () C:\found.007
2014-10-03 14:43 - 2014-10-28 15:29 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-10-03 14:43 - 2014-10-08 23:14 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-10-03 14:43 - 2014-10-03 14:43 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-10-03 14:41 - 2014-10-03 14:43 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-10-03 14:40 - 2014-10-03 14:40 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-10-03 14:40 - 2014-10-03 14:40 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-03 14:40 - 2014-10-03 14:40 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-10-03 14:39 - 2014-10-03 14:39 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-10-03 14:39 - 2014-10-03 14:39 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-10-03 14:39 - 2014-10-03 14:39 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-10-03 14:38 - 2014-10-05 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-03 14:38 - 2014-10-03 14:40 - 00000000 ____D () C:\Program Files\COMODO
2014-10-03 14:38 - 2014-10-03 14:38 - 00001120 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-10-03 14:38 - 2014-10-03 14:38 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Comodo
2014-10-03 14:37 - 2014-10-03 14:37 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-10-03 14:37 - 2014-10-03 14:37 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-03 14:35 - 2014-10-08 23:06 - 00000000 ____D () C:\ProgramData\Comodo
2014-10-03 14:25 - 2014-10-03 14:31 - 230403216 _____ (COMODO) C:\Users\Thomas\Downloads\cispremium_installer.exe
2014-10-03 14:23 - 2014-10-03 14:23 - 00001107 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-10-03 14:22 - 2014-10-03 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-10-03 14:22 - 2014-10-03 14:23 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-10-03 14:22 - 2014-10-03 14:23 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-10-03 14:22 - 2014-10-03 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-10-03 14:21 - 2014-10-03 14:21 - 01674688 _____ () C:\Users\Thomas\Downloads\openvpn-install-2.3.4-I003-i686.exe
2014-10-03 13:50 - 2014-10-03 13:50 - 00240351 _____ () C:\Users\Thomas\Downloads\RemoveFake99Antivirus.exe
2014-10-03 13:44 - 2014-10-03 13:44 - 02573392 _____ (TrueCrypt Foundation) C:\Users\Thomas\Downloads\TrueCrypt-7.2.exe
2014-10-03 13:20 - 2014-10-03 13:20 - 00001268 _____ () C:\Users\Thomas\Desktop\Revo Uninstaller.lnk
2014-10-03 13:20 - 2014-10-03 13:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-03 13:19 - 2014-10-03 13:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas\Downloads\revosetup95.exe
2014-10-03 13:08 - 2014-10-03 13:08 - 00448512 _____ (OldTimer Tools) C:\Users\Thomas\Downloads\TFC (1).exe
2014-10-02 23:20 - 2014-10-02 23:20 - 00057843 _____ () C:\Users\Thomas\Downloads\fport.zip
2014-10-02 23:08 - 2014-10-02 23:08 - 00109604 _____ () C:\Users\Thomas\Downloads\netcat-win32-1.11.zip
2014-10-01 14:53 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-01 14:53 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-01 14:53 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-01 14:53 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-01 14:53 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-01 14:53 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-01 14:53 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-01 14:53 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-01 14:53 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-01 14:53 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-01 14:53 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-01 14:53 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-01 00:57 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 00:57 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 05:19 - 2014-09-29 05:19 - 03736454 _____ () C:\Users\Thomas\Downloads\simple_port_tester_v2.1.5_setup.exe
2014-09-29 05:19 - 2014-09-29 05:19 - 03736454 _____ () C:\Users\Thomas\Downloads\simple_port_tester_v2.1.5_setup (1).exe
2014-09-29 05:19 - 2014-09-29 05:19 - 00000000 ____D () C:\Windows\Simple Port Tester
2014-09-29 05:19 - 2014-09-29 05:19 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Tester
2014-09-29 05:19 - 2014-09-29 05:19 - 00000000 ____D () C:\Program Files (x86)\Simple Port Tester
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 15:32 - 2014-09-15 16:16 - 00000000 ____D () C:\FRST
2014-10-28 15:12 - 2013-11-19 17:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 14:14 - 2014-08-04 18:00 - 00000000 ____D () C:\Windows\CryptoGuard
2014-10-28 13:59 - 2009-07-14 05:45 - 00022832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 13:59 - 2009-07-14 05:45 - 00022832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 13:58 - 2014-07-30 00:08 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-10-28 13:58 - 2013-11-19 17:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 13:58 - 2013-11-19 17:16 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-28 13:58 - 2009-07-14 18:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-10-28 13:58 - 2009-07-14 18:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-10-28 13:58 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 13:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 04:30 - 2013-11-19 12:54 - 01116864 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 00:17 - 2013-11-19 17:21 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-24 20:21 - 2013-11-19 14:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-21 17:07 - 2013-11-19 17:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 17:07 - 2013-11-19 17:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 00:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 23:58 - 2014-07-17 13:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 23:51 - 2013-12-04 13:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-20 15:25 - 2014-03-03 20:09 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-10-16 02:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 22:58 - 2014-02-03 11:41 - 00000000 ____D () C:\Windows\Minidump
2014-10-15 15:59 - 2009-07-14 05:45 - 00475560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 15:56 - 2014-07-09 20:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 15:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 15:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 15:33 - 2013-11-22 13:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 15:14 - 2013-11-22 13:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 19:46 - 2014-07-28 12:07 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-10-14 15:44 - 2014-08-04 19:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 23:15 - 2009-07-14 19:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-08 23:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-10-08 23:14 - 2014-07-30 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-10-08 23:14 - 2013-12-04 13:55 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-10-08 23:14 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-08 23:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-08 23:06 - 2013-11-22 12:23 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-10-08 23:04 - 2013-05-14 13:51 - 00000000 ____D () C:\found.003
2014-10-08 20:09 - 2013-11-19 13:27 - 00000000 ____D () C:\Users\Thomas
2014-10-08 00:52 - 2014-09-15 16:16 - 00219449 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-10-05 22:28 - 2014-09-25 22:10 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-10-01 15:07 - 2014-02-07 20:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-01 15:07 - 2013-11-19 12:48 - 00000000 ____D () C:\Windows\Panther
2014-10-01 14:22 - 2013-11-20 20:49 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Eclipse
2014-10-01 14:00 - 2014-09-15 15:19 - 00000000 ____D () C:\Users\Thomas\Desktop\log-file
2014-10-01 14:00 - 2013-11-21 00:31 - 00000000 ____D () C:\Users\Thomas\Desktop\Software
2014-10-01 13:53 - 2014-07-23 07:08 - 00000000 ____D () C:\Users\Thomas\Desktop\usb
2014-09-28 02:27 - 2014-09-25 21:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\WinPatrol
2014-09-28 00:20 - 2014-09-25 21:15 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-28 00:10 - 2013-11-19 13:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VirtualStore
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\hmpalert_update.exe
C:\Users\Thomas\AppData\Local\Temp\_is169F.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 00:48
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition.txt komischerweise nicht vorhanden!!!
28.10.2014, 15:42
Baum-Darstellung