Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Rechner hat Virenbefall. Avira meldet services.exe bei jedem Start! (https://www.trojaner-board.de/142409-windows-7-rechner-hat-virenbefall-avira-meldet-services-exe-start.html)

aileron 02.10.2013 10:06
Windows 7: Rechner hat Virenbefall. Avira meldet services.exe bei jedem Start!
 
Bei fast jedem Start von Windows erhalte ich von Avira eine Virenmeldung mit services.exe. Das Entfernen der Datei mt Avira erfolgt ohne Probleme, jedoch erscheint, wie bereits erwähnt, bei fast jedem Start wieder die gleiche Meldung. Somit scheint das Löschen der Viren nicht zu funktionieren. Bitte um Hilfe.

Hier die Logs:

FRST.txt:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by dhushan (administrator) on ZULU on 02-10-2013 10:13:57
Running from C:\Users\dhushan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() C:\Windows\system32\services.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() D:\Programme\phonostar-Player\phonostarTimer.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(COMPANYVERS_NAME) C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [548936 2013-09-14] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-13] (Google Inc.)
HKCU\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe [39936 2010-04-01] ()
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [40960 2011-06-20] ()
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {9f30dee6-244a-11df-9fc9-00016c6fa9f5} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-29] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2780432 2009-05-08] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe [44784 2013-09-14] (MindSpark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2013-09-14] (VER_COMPANY_NAME)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=AU&apn_dtid=YYYYYYYYDE&apn_uid=C2A619C6-40B6-4F55-AE90-3612902B5ACB&apn_sauid=B8DC1356-5D95-4991-8C74-E50827BC7CED
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
BHO-x32: Auslogics Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Auslogics Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S3 Microsoft Office Groove Audit Service; D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 VideoDownloadConverter_4zService; C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [42504 2013-09-14] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:12 - 2013-10-02 10:12 - 01953880 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 11:56 - 2013-10-02 10:05 - 00001478 _____ C:\Windows\PFRO.log
2013-09-30 11:56 - 2013-10-02 10:05 - 00000280 _____ C:\Windows\setupact.log
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 12:22 - 2013-09-16 18:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-14 17:42 - 2013-09-14 17:42 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I
2013-09-06 10:40 - 2013-09-06 10:40 - 96304236 _____ C:\Windows\SysWOW64\Ẋ電轜”

==================== One Month Modified Files and Folders =======

2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:13 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 10:13 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 10:12 - 2013-10-02 10:12 - 01953880 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:11 - 2010-02-14 14:24 - 00000000 ____D C:\Users\dhushan
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 10:06 - 2010-03-02 19:22 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 10:05 - 2013-09-30 11:56 - 00001478 _____ C:\Windows\PFRO.log
2013-10-02 10:05 - 2013-09-30 11:56 - 00000280 _____ C:\Windows\setupact.log
2013-10-02 10:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 09:54 - 2010-03-02 19:22 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 09:42 - 2013-02-25 11:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 09:33 - 2010-02-26 13:41 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\UseNeXT
2013-10-02 09:30 - 2010-07-19 10:49 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 19:03 - 2010-11-05 17:46 - 00000000 ____D C:\Users\dhushan\Documents\UseNeXT
2013-10-01 18:49 - 2009-12-16 12:40 - 00643628 _____ C:\Windows\system32\perfh007.dat
2013-10-01 18:49 - 2009-12-16 12:40 - 00126188 _____ C:\Windows\system32\perfc007.dat
2013-10-01 18:49 - 2009-07-14 07:13 - 01471828 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 14:52 - 2010-11-21 16:32 - 00000236 _____ C:\Users\dhushan\AppData\Roaming\default.rss
2013-09-30 14:52 - 2010-06-24 13:20 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-09-30 14:28 - 2010-02-26 16:06 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\vlc
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:42 - 2013-02-25 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 14:42 - 2013-02-25 11:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 14:42 - 2011-08-29 11:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 18:22 - 2013-09-16 12:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-14 17:42 - 2013-09-14 17:42 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I
2013-09-06 10:40 - 2013-09-06 10:40 - 96304236 _____ C:\Windows\SysWOW64\Ẋ電轜”
2013-09-04 13:40 - 2013-05-06 13:22 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 13:40 - 2013-03-30 15:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 13:40 - 2013-03-30 15:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

ZeroAccess:
C:\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}
C:\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\@
C:\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\00000001.@
C:\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\00000002.@
C:\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\80000000.@
C:\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\80000001.@
C:\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\800000cb.@

ZeroAccess:
C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}
C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\@

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____N () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-10-14 15:09

==================== End Of Log ============================
Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by dhushan at 2013-10-02 10:14:41
Running from C:\Users\dhushan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 4.65 (x32)
Acer Arcade Deluxe (x32 Version: 3.2.6929)
Acer Backup Manager (x32 Version: 2.0.2.19)
Acer eRecovery Management (x32 Version: 4.05.3005)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.1.0812)
Acer Updater (x32 Version: 1.01.3017)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Reader 9.5.5 MUI (x32 Version: 9.5.5)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Advertising Center (x32 Version: 0.0.0.2)
AMD DnD V1.0.19 (x32 Version: 1.0.19)
Apple Application Support (x32 Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.9.1.0)
ATI Catalyst Install Manager (Version: 3.0.745.0)
Audials (x32 Version: 8.0.54900.0)
Audials TV (x32 Version: 1.3.10803.300)
Auslogics Registry Cleaner (x32 Version: version 2.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Backup Manager Advance (x32 Version: 2.0.2.19)
Bonjour (Version: 2.0.2.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Light (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center InstallProxy (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Localization All (x32 Version: 2009.0925.1707.28889)
CCC Help Chinese Standard (x32 Version: 2009.0925.1706.28889)
CCC Help Chinese Traditional (x32 Version: 2009.0925.1706.28889)
CCC Help Czech (x32 Version: 2009.0925.1706.28889)
CCC Help Danish (x32 Version: 2009.0925.1706.28889)
CCC Help Dutch (x32 Version: 2009.0925.1706.28889)
CCC Help English (x32 Version: 2009.0925.1706.28889)
CCC Help Finnish (x32 Version: 2009.0925.1706.28889)
CCC Help French (x32 Version: 2009.0925.1706.28889)
CCC Help German (x32 Version: 2009.0925.1706.28889)
CCC Help Greek (x32 Version: 2009.0925.1706.28889)
CCC Help Hungarian (x32 Version: 2009.0925.1706.28889)
CCC Help Italian (x32 Version: 2009.0925.1706.28889)
CCC Help Japanese (x32 Version: 2009.0925.1706.28889)
CCC Help Korean (x32 Version: 2009.0925.1706.28889)
CCC Help Norwegian (x32 Version: 2009.0925.1706.28889)
CCC Help Polish (x32 Version: 2009.0925.1706.28889)
CCC Help Portuguese (x32 Version: 2009.0925.1706.28889)
CCC Help Russian (x32 Version: 2009.0925.1706.28889)
CCC Help Spanish (x32 Version: 2009.0925.1706.28889)
CCC Help Swedish (x32 Version: 2009.0925.1706.28889)
CCC Help Thai (x32 Version: 2009.0925.1706.28889)
CCC Help Turkish (x32 Version: 2009.0925.1706.28889)
ccc-core-static (x32 Version: 2009.0925.1707.28889)
ccc-utility64 (Version: 2009.0925.1707.28889)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Connect (x32 Version: 1.0.0.1)
DB Screensaver 02 (x32)
DolbyFiles (x32 Version: 2.0)
dradio-Recorder Version 3.02.2 (x32)
eSobi v2 (x32 Version: 2.0.4.000274)
Free Audio CD Burner version 1.3 (x32)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
Free YouTube to MP3 Converter version 3.5 (x32)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Hotkey Utility (x32 Version: 1.00.3004)
Identity Card (x32 Version: 1.00.3002)
ImagXpress (x32 Version: 7.0.74.0)
Intel® Matrix Storage Manager
IrfanView (remove only) (x32)
iTunes (Version: 10.0.0.68)
Java(TM) 6 Update 15 (x32 Version: 6.0.150)
JDownloader (x32 Version: 0.89)
JMicron JMB36X Driver (x32 Version: 1.00.0000)
Junk Mail filter update (x32 Version: 14.0.8089.726)
kuler (x32 Version: 2.0)
Logitech Vid HD (x32 Version: 7.2 (7230))
Logitech Webcam Software (Version: 12.00.1280)
Logitech Webcam Software-Treiberpaket (Version: 12.0.1278)
Malwarebytes Anti-Malware Version 1.62.0.1300 (x32 Version: 1.62.0.1300)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.4 (x32 Version: 2.0.3008.0)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0)
Mozilla Firefox 19.0 (x86 de) (x32 Version: 19.0)
Mozilla Maintenance Service (x32 Version: 19.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.76.0)
Nero 9 Trial (x32)
Nero BurnRights (x32 Version: 3.4.13.100)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero CoverDesigner (x32 Version: 4.4.12.100)
Nero Disc Copy Gadget (x32 Version: 2.4.34.0)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero PhotoSnap (x32 Version: 2.4.28.0)
Nero Recode (x32 Version: 4.4.38.1)
Nero Rescue Agent (x32 Version: 2.4.14.100)
Nero ShowTime (x32 Version: 5.4.21.100)
Nero StartSmart (x32 Version: 9.4.19.100)
Nero Vision (x32 Version: 6.4.16.100)
Nero WaveEditor (x32 Version: 5.4.37.1)
NeroBurningROM (x32 Version: 9.4.26.100)
NeroExpress (x32 Version: 9.4.26.100)
neroxml (x32 Version: 1.0.0)
Nikon Message Center (x32 Version: 0.92.000)
Nikon RAW Codec (x32 Version: 1.00.0000)
Nikon Transfer (x32 Version: 1.1.1)
NVIDIA Drivers (Version: 1.7)
PDF Settings CS4 (x32 Version: 9.0)
phonostar-Player Version 3.01.7 (x32)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Picture Control Utility (x32 Version: 1.1.2)
QuickTime (x32 Version: 7.67.75.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5874)
SmartCopy (x32)
SmartLauncher (x32)
SoundTrax (x32 Version: 4.4.37.1)
Suite Shared Configuration CS4 (x32 Version: 1.0)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
UseNeXT by Tangysoft (x32)
VideoDownloadConverter Internet Explorer Toolbar (x32)
ViewNX (x32 Version: 1.1.1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
VLC media player 1.0.5 (x32 Version: 1.0.5)
Welcome Center (x32 Version: 1.00.3008)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3146.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
YTD Video Downloader 3.9.6 (x32 Version: 3.9.6)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2010-09-15 12:03 - 00002180 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1      activate.adobe.com
127.0.0.1      practivate.adobe.com
127.0.0.1      adobeereg.com
127.0.0.1      hxxp://www.adobeereg.com
127.0.0.1      activate.adobe.com
127.0.0.1      activate-sea.adobe.com
127.0.0.1      activate-sjc0.adobe.com
127.0.0.1      wwis-dubc1-vip60.adobe.com
127.0.0.1      192.150.18.108
127.0.0.1      activate.adobe.com:443
127.0.0.1      3dns-3.adobe.com
127.0.0.1      3dns-2.adobe.com
127.0.0.1      adobeereg.com
127.0.0.1      www.adobeereg.com
127.0.0.1      activate.adobe.com
127.0.0.1      activate-sea.adobe.com
127.0.0.1      activate-sjc0.adobe.com
127.0.0.1      wwis-dubc1-vip60.adobe.com
127.0.0.1      192.150.18.108
127.0.0.1      adobeereg.com
127.0.0.1      www.adobeereg.com
127.0.0.1      activate.adobe.com
127.0.0.1      activate-sea.adobe.com
127.0.0.1      activate-sjc0.adobe.com
127.0.0.1      wwis-dubc1-vip60.adobe.com
127.0.0.1      192.150.18.108
127.0.0.1      adobe-dns.adobe.com
127.0.0.1      adobe-dns-2.adobe.com

There are 7 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {35919146-8C24-4373-923D-8C8F8E3DE3AA} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] ()
Task: {8B4BC667-277B-4527-948C-F259CF0A694A} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: {A7245A6A-E61A-4397-BDC7-FD20028FB644} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B39BE0B3-1183-486E-8813-F6675AECF6F3} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B5EB542B-744A-4920-8B0B-5E7F979FB64F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23] (Google Inc.)
Task: {CDF5EA1D-46EF-4D7B-ACEA-6A5FFA9E20D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23] (Google Inc.)
Task: {D9590F43-DD52-425E-BAA6-EF5DB67C82C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 17:42 - 2013-09-14 17:42 - 00292424 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll
2013-09-14 17:42 - 2013-09-14 17:42 - 00442952 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\HPG64.DLL
2009-08-14 11:55 - 2009-08-14 11:55 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-12-17 13:17 - 2009-12-17 13:17 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-03 18:10 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-03-01 18:39 - 2009-08-13 12:54 - 02013184 _____ () D:\Programme\phonostar-Player\QtCore4.dll
2010-03-01 18:39 - 2009-06-20 07:51 - 07464448 _____ () D:\Programme\phonostar-Player\QtGui4.dll
2010-03-01 18:39 - 2009-06-20 07:51 - 00179712 _____ () D:\Programme\phonostar-Player\QtSql4.dll
2010-03-01 18:39 - 2009-06-20 08:55 - 00344576 _____ () D:\Programme\phonostar-Player\plugins\sqldrivers\qsqlite4.dll
2011-09-18 11:40 - 2011-06-15 14:07 - 02293248 _____ () C:\Program Files (x86)\dradio-Recorder\QtCore4.dll
2011-09-18 11:40 - 2011-03-30 08:16 - 08173568 _____ () C:\Program Files (x86)\dradio-Recorder\QtGui4.dll
2011-09-18 11:40 - 2011-03-30 07:59 - 00191488 _____ () C:\Program Files (x86)\dradio-Recorder\QtSql4.dll
2011-09-18 11:40 - 2011-03-30 11:46 - 00416256 _____ () C:\Program Files (x86)\dradio-Recorder\plugins\sqldrivers\qsqlite4.dll
2009-08-18 09:31 - 2009-08-18 09:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-08 18:03 - 2013-04-08 18:03 - 03067288 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2013 00:06:49 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "N:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/30/2013 00:03:01 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7ac

Startzeit: 01cebdc361641530

Endzeit: 16942

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 6743b1af-29b7-11e3-a60c-00016c6fa9f5

Error: (09/30/2013 11:57:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/29/2013 06:17:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: kmddsp.tsp, Version: 6.1.7600.16385, Zeitstempel: 0x523f154e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000003c1f
ID des fehlerhaften Prozesses: 0x15e0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (09/29/2013 01:17:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (09/29/2013 01:17:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000

Error: (09/29/2013 01:17:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2013 01:17:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001

Error: (09/29/2013 01:17:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9001

Error: (09/29/2013 01:17:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/02/2013 10:06:11 AM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (10/02/2013 10:06:03 AM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (10/02/2013 10:06:03 AM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (10/02/2013 10:06:01 AM) (Source: Service Control Manager) (User: )
Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891

Error: (10/02/2013 09:25:30 AM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (10/02/2013 09:25:24 AM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (10/02/2013 09:25:23 AM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (10/02/2013 09:25:21 AM) (Source: Service Control Manager) (User: )
Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891

Error: (10/01/2013 06:37:10 PM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (10/01/2013 06:37:02 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE


Microsoft Office Sessions:
=========================
Error: (06/22/2013 07:08:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 11:37:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 11:36:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 142 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 11:34:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 11:33:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2385 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 10:53:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 10:51:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 10:51:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3373 seconds with 3180 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 8183.08 MB
Available physical RAM: 6351.1 MB
Total Pagefile: 16364.35 MB
Available Pagefile: 14341.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:97.65 GB) (Free:24.55 GB) NTFS
Drive d: (DATA) (Fixed) (Total:97.65 GB) (Free:94.42 GB) NTFS
Drive e: (STORE) (Fixed) (Total:97.65 GB) (Free:83.94 GB) NTFS
Drive f: (BACKUP) (Fixed) (Total:623.45 GB) (Free:620.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EA9780B0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=819 GB) - (Type=05)

==================== End Of Log ============================

Gmer.txt

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-02 10:39:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC44 931,51GB
Running: 9h2u4ps3.exe; Driver: C:\Users\dhushan\AppData\Local\Temp\ugldypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075041465 2 bytes [04, 75]
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000750414bb 2 bytes [04, 75]
.text  ...                                                                                                                                            * 2
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075041465 2 bytes [04, 75]
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000750414bb 2 bytes [04, 75]
.text  ...                                                                                                                                            * 2
.text  C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000075041465 2 bytes [04, 75]
.text  C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000750414bb 2 bytes [04, 75]
.text  ...                                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\services.exe [592:3432]                                                                                                    00000000001a1c68

---- EOF - GMER 2.1 ----

aharonov 02.10.2013 10:09
Hi,

ja du hast dir den unschönen ZeroAccess eingefangen..

Aber ich hab bei der ersten schnelle Durchsicht der Logs gesehen, dass du unsaubere Software nutzt (Adobe CS). Das unterstützen wir nicht: http://www.trojaner-board.de/95394-c...-software.html

Wenn ich dir helfen soll, dann deinstalliere und entferne jetzt zuerst restlos alle illegale Software (Cracks, Keygens, etc.). Sobald alles weg ist, können wir loslegen. Sollte ich im weiteren Verlauf aber trotz dieser Warnung nochmals sowas sehen, ist Schluss.

Gib mir Bescheid, sobald alles weg ist und es hier weiter geht.

aileron 02.10.2013 10:36
Habe den Rechner vor einem Jahr vom Kollegen übernommen. Daß Adobe CS installiert ist, wußte ich nicht, interessiert mich auch nicht. Habe es deinstalliert und hosts auch gereinigt. Wenn mir nichts entgangen ist, müßte der Rechner jetzt komplett sauber sein.

Kann es jetzt weitergehen?

aharonov 02.10.2013 10:40
Ok.


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Logs von FRST

aileron 02.10.2013 11:23
AdwCleaner:

AdwCleaner Logfile:
Code:
# AdwCleaner v3.006 - Bericht erstellt am 02/10/2013 um 11:48:56
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : dhushan - ZULU
# Gestartet von : C:\Users\dhushan\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : VideoDownloadConverter_4zService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\dhushan\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\dhushan\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\dhushan\AppData\LocalLow\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Users\dhushan\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter Search Scope Monitor]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16446


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [13403 octets] - [02/10/2013 11:47:33]
AdwCleaner[S0].txt - [12947 octets] - [02/10/2013 11:48:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13008 octets] ##########
--- --- ---


2.

Combofix:

Hier gab es ein Problem. Der Rechner wurde von Combofix neu gestartet. Combofix hat weiter gearbeitet, aber sonderbarerweise zum Schluß keine Log-Datei generiert.

3.

Frst.txt:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by dhushan (administrator) on ZULU on 02-10-2013 12:11:41
Running from C:\Users\dhushan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() D:\Programme\phonostar-Player\phonostarTimer.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(FileHippo.com) D:\Programme\FileHippo.com\UpdateChecker.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-13] (Google Inc.)
HKCU\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe [39936 2010-04-01] ()
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [40960 2011-06-20] ()
HKCU\...\Run: [FileHippo.com] - D:\Programme\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
MountPoints2: {9f30dee6-244a-11df-9fc9-00016c6fa9f5} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-29] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2780432 2009-05-08] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S3 Microsoft Office Groove Audit Service; D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 11:55 - 2013-10-02 12:07 - 00000000 ___SD C:\32788R22FWJFW
2013-10-02 11:55 - 2013-10-02 12:01 - 00000000 ____D C:\Qoobox
2013-10-02 11:55 - 2013-10-02 11:58 - 00000000 ____D C:\Windows\erdnt
2013-10-02 11:53 - 2013-10-02 11:53 - 05132885 ____R (Swearware) C:\Users\dhushan\Desktop\ComboFix.exe
2013-10-02 11:47 - 2013-10-02 11:48 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:46 - 2013-10-02 11:46 - 01045226 _____ C:\Users\dhushan\Desktop\adwcleaner.exe
2013-10-02 11:45 - 2013-10-02 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\Desktop\Update Checker.lnk
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-02 11:23 - 2013-10-02 12:09 - 00015585 _____ C:\Windows\WindowsUpdate.log
2013-10-02 10:39 - 2013-10-02 10:39 - 00002145 _____ C:\Users\dhushan\Desktop\Gmer.txt
2013-10-02 10:31 - 2013-10-02 10:31 - 00377856 _____ C:\Users\dhushan\Desktop\9h2u4ps3.exe
2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:12 - 2013-10-02 10:12 - 01953880 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 11:56 - 2013-10-02 12:10 - 00002960 _____ C:\Windows\PFRO.log
2013-09-30 11:56 - 2013-10-02 12:10 - 00000560 _____ C:\Windows\setupact.log
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 12:22 - 2013-09-16 18:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I
2013-09-06 10:40 - 2013-09-06 10:40 - 96304236 _____ C:\Windows\SysWOW64\Ẋ電轜”

==================== One Month Modified Files and Folders =======

2013-10-02 12:10 - 2013-09-30 11:56 - 00002960 _____ C:\Windows\PFRO.log
2013-10-02 12:10 - 2013-09-30 11:56 - 00000560 _____ C:\Windows\setupact.log
2013-10-02 12:10 - 2010-03-02 19:22 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 12:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 12:09 - 2013-10-02 11:23 - 00015585 _____ C:\Windows\WindowsUpdate.log
2013-10-02 12:09 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 12:09 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 12:07 - 2013-10-02 11:55 - 00000000 ___SD C:\32788R22FWJFW
2013-10-02 12:01 - 2013-10-02 11:55 - 00000000 ____D C:\Qoobox
2013-10-02 11:58 - 2013-10-02 11:55 - 00000000 ____D C:\Windows\erdnt
2013-10-02 11:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 11:54 - 2010-03-02 19:22 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 11:53 - 2013-10-02 11:53 - 05132885 ____R (Swearware) C:\Users\dhushan\Desktop\ComboFix.exe
2013-10-02 11:49 - 2013-02-03 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-02 11:48 - 2013-10-02 11:47 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:46 - 2013-10-02 11:46 - 01045226 _____ C:\Users\dhushan\Desktop\adwcleaner.exe
2013-10-02 11:45 - 2013-10-02 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 11:45 - 2013-02-03 14:54 - 00000000 ____D C:\Users\dhushan\AppData\Local\Mozilla
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\Desktop\Update Checker.lnk
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-02 11:42 - 2013-02-25 11:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 11:27 - 2009-10-13 00:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-02 11:26 - 2010-09-15 11:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-02 11:26 - 2010-02-14 14:33 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\Adobe
2013-10-02 11:26 - 2009-10-13 00:51 - 00000000 ____D C:\ProgramData\Adobe
2013-10-02 10:39 - 2013-10-02 10:39 - 00002145 _____ C:\Users\dhushan\Desktop\Gmer.txt
2013-10-02 10:31 - 2013-10-02 10:31 - 00377856 _____ C:\Users\dhushan\Desktop\9h2u4ps3.exe
2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:12 - 2013-10-02 10:12 - 01953880 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:11 - 2010-02-14 14:24 - 00000000 ____D C:\Users\dhushan
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:33 - 2010-02-26 13:41 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\UseNeXT
2013-10-02 09:30 - 2010-07-19 10:49 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 19:03 - 2010-11-05 17:46 - 00000000 ____D C:\Users\dhushan\Documents\UseNeXT
2013-10-01 18:49 - 2009-12-16 12:40 - 00643628 _____ C:\Windows\system32\perfh007.dat
2013-10-01 18:49 - 2009-12-16 12:40 - 00126188 _____ C:\Windows\system32\perfc007.dat
2013-10-01 18:49 - 2009-07-14 07:13 - 01471828 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 14:52 - 2010-11-21 16:32 - 00000236 _____ C:\Users\dhushan\AppData\Roaming\default.rss
2013-09-30 14:52 - 2010-06-24 13:20 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-09-30 14:28 - 2010-02-26 16:06 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\vlc
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:42 - 2013-02-25 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 14:42 - 2013-02-25 11:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 14:42 - 2011-08-29 11:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 18:22 - 2013-09-16 12:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I
2013-09-06 10:40 - 2013-09-06 10:40 - 96304236 _____ C:\Windows\SysWOW64\Ẋ電轜”
2013-09-04 13:40 - 2013-05-06 13:22 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 13:40 - 2013-03-30 15:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 13:40 - 2013-03-30 15:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

ZeroAccess:
C:\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}

ZeroAccess:
C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}
C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\@

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


Some content of TEMP:
====================
C:\Users\dhushan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-10-14 15:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



4.

Addition.txt:

Code:
Welcome Center (x32 Version: 1.00.3008)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3146.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
YTD Video Downloader 3.9.6 (x32 Version: 3.9.6)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-10-02 11:29 - 00000851 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {35919146-8C24-4373-923D-8C8F8E3DE3AA} - \Scheduled Update for Ask Toolbar No Task File
Task: {8B4BC667-277B-4527-948C-F259CF0A694A} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: {A7245A6A-E61A-4397-BDC7-FD20028FB644} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B39BE0B3-1183-486E-8813-F6675AECF6F3} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B5EB542B-744A-4920-8B0B-5E7F979FB64F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23] (Google Inc.)
Task: {CDF5EA1D-46EF-4D7B-ACEA-6A5FFA9E20D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23] (Google Inc.)
Task: {D9590F43-DD52-425E-BAA6-EF5DB67C82C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-08-14 11:55 - 2009-08-14 11:55 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-12-17 13:17 - 2009-12-17 13:17 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-03 18:10 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-03-01 18:39 - 2009-08-13 12:54 - 02013184 _____ () D:\Programme\phonostar-Player\QtCore4.dll
2010-03-01 18:39 - 2009-06-20 07:51 - 07464448 _____ () D:\Programme\phonostar-Player\QtGui4.dll
2010-03-01 18:39 - 2009-06-20 07:51 - 00179712 _____ () D:\Programme\phonostar-Player\QtSql4.dll
2010-03-01 18:39 - 2009-06-20 08:55 - 00344576 _____ () D:\Programme\phonostar-Player\plugins\sqldrivers\qsqlite4.dll
2011-09-18 11:40 - 2011-06-15 14:07 - 02293248 _____ () C:\Program Files (x86)\dradio-Recorder\QtCore4.dll
2011-09-18 11:40 - 2011-03-30 08:16 - 08173568 _____ () C:\Program Files (x86)\dradio-Recorder\QtGui4.dll
2011-09-18 11:40 - 2011-03-30 07:59 - 00191488 _____ () C:\Program Files (x86)\dradio-Recorder\QtSql4.dll
2011-09-18 11:40 - 2011-03-30 11:46 - 00416256 _____ () C:\Program Files (x86)\dradio-Recorder\plugins\sqldrivers\qsqlite4.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2013 11:56:12 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/02/2013 11:45:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/02/2013 11:45:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/02/2013 11:45:08 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/02/2013 11:26:11 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/30/2013 00:06:49 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "N:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/30/2013 00:03:01 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7ac

Startzeit: 01cebdc361641530

Endzeit: 16942

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 6743b1af-29b7-11e3-a60c-00016c6fa9f5

Error: (09/30/2013 11:57:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/29/2013 06:17:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: kmddsp.tsp, Version: 6.1.7600.16385, Zeitstempel: 0x523f154e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000003c1f
ID des fehlerhaften Prozesses: 0x15e0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (09/29/2013 01:17:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000


System errors:
=============
Error: (10/02/2013 00:10:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (10/02/2013 00:10:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (10/02/2013 00:10:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (10/02/2013 00:03:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (10/02/2013 00:02:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (10/02/2013 00:02:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (10/02/2013 00:01:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147467243

Error: (10/02/2013 11:59:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (10/02/2013 11:58:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (10/02/2013 11:58:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (06/22/2013 07:08:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 11:37:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 11:36:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 142 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 11:34:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 11:33:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2385 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 10:53:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 10:51:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 10:51:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3373 seconds with 3180 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 8183.08 MB
Available physical RAM: 6496.93 MB
Total Pagefile: 16364.35 MB
Available Pagefile: 14524.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:97.65 GB) (Free:24.81 GB) NTFS
Drive d: (DATA) (Fixed) (Total:97.65 GB) (Free:95.41 GB) NTFS
Drive e: (STORE) (Fixed) (Total:97.65 GB) (Free:83.94 GB) NTFS
Drive f: (BACKUP) (Fixed) (Total:623.45 GB) (Free:620.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EA9780B0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=819 GB) - (Type=05)

==================== End Of Log ============================

Kleiner Statusbericht: Avira meldet keinen Virenbefall mehr beim Start

Frage: Muss Combofix erneut ausgeführt werden?

aharonov 02.10.2013 11:31
Ja führe bitte Combofix noch einmal aus und schau, ob dieses Mal ein Log erstellt wird.

aileron 02.10.2013 12:06
Die Log-Datei ist nun da.

CoboFix.txt:

Code:
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\ism_0_llatsni.pad
c:\users\dhushan\AppData\Roaming\Chrome.exe
c:\users\dhushan\AppData\Roaming\dhushanlog.dat
c:\users\dhushan\AppData\Roaming\Log
c:\users\dhushan\AppData\Roaming\WinUpd65432.exe
c:\users\dhushan\Documents\Windows\miner.dll
c:\users\dhushan\Documents\Windows\phatk.cl
c:\users\dhushan\Documents\Windows\phatk.ptx
c:\users\dhushan\Documents\Windows\tmp.txt
c:\users\dhushan\Documents\Windows\usft_ext.dll
c:\windows\Install
c:\windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}
c:\windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\@
c:\windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\00000001.@
c:\windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\00000002.@
c:\windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\80000000.@
c:\windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\80000001.@
c:\windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\800000cb.@
c:\windows\wininit.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-02 bis 2013-10-02  ))))))))))))))))))))))))))))))
.
.
2013-10-02 10:53 . 2013-10-02 10:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-10-02 10:30 . 2013-10-02 10:30        --------        d-----w-        c:\users\dhushan\AppData\Local\Programs
2013-10-02 10:28 . 2013-10-02 10:28        --------        d-----w-        c:\users\dhushan\AppData\Local\Macromedia
2013-10-02 10:23 . 2013-09-15 22:50        9694160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7086FCD-52E0-4BFC-8B63-1E256330804D}\mpengine.dll
2013-10-02 10:05 . 2013-10-02 10:16        --------        d-----w-        c:\windows\Logs
2013-10-02 09:47 . 2013-10-02 09:48        --------        d-----w-        C:\AdwCleaner
2013-10-02 08:13 . 2013-10-02 08:13        --------        d-----w-        C:\FRST
2013-09-14 15:43 . 2013-09-14 15:43        --------        d-----w-        c:\program files (x86)\Video Download Converter
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-02 10:26 . 2013-02-25 09:20        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-02 10:26 . 2011-08-29 09:32        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-04 11:40 . 2013-05-06 11:22        81112        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-09-04 11:40 . 2013-03-30 13:17        132088        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-09-04 11:40 . 2013-03-30 13:17        105344        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-08-07 02:22 . 2010-02-24 20:04        278800        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-12 39408]
"phonostarTimer"="d:\programme\phonostar-Player\phonostarTimer.exe" [2010-04-01 39936]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2011-06-20 40960]
"FileHippo.com"="d:\programme\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-29 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-09-29 181480]
"GrooveMonitor"="d:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-04 347192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2009-12-17 319488]
SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2009-12-17 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 22:20]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 22:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7810&r=17360210qn06973154u15yh9l3cl3q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\dhushan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-VideoDownloadConverter Home Page Guard 64 bit - c:\progra~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
  9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
  d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
  27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
  2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cf,e9,
  98,0d,61,19,04,eb,fc,4e,6b,77,8d,c0,d5
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
  ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
  93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4b,a4,b7,3f,93,48,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,21,4d,18,bf,72,6a,49,9c,2a,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,21,4d,18,bf,72,6a,49,9c,2a,19,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-02  13:00:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-02 11:00
.
Vor Suchlauf: 12 Verzeichnis(se), 24.442.474.496 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 24.316.456.960 Bytes frei
.
- - End Of File - - 026838272D740EC93F35FE0D1FB9E757
A36C5E4F47E84449FF07ED3517B43A31

aharonov 02.10.2013 12:20
Ja da war schon einiges drauf..
Bevor wir weitermachen, bitte ein frisches FRST-Log:


Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

aileron 04.10.2013 09:11
FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by dhushan (administrator) on ZULU on 04-10-2013 10:05:58
Running from C:\Users\dhushan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() D:\Programme\phonostar-Player\phonostarTimer.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(FileHippo.com) D:\Programme\FileHippo.com\UpdateChecker.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-13] (Google Inc.)
HKCU\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe [39936 2010-04-01] ()
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [40960 2011-06-20] ()
HKCU\...\Run: [FileHippo.com] - D:\Programme\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-29] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2780432 2009-05-08] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S3 Microsoft Office Groove Audit Service; D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-04 10:04 - 2013-10-04 10:05 - 01954124 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-04 09:12 - 2013-10-04 09:12 - 99176917 _____ C:\Windows\SysWOW64\ﶖ轜
2013-10-02 19:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-02 19:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-02 16:10 - 2013-10-02 16:11 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 16:02 - 2013-10-02 16:02 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-02 16:00 - 2013-10-02 16:00 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-10-02 15:58 - 2013-10-02 16:05 - 00012966 _____ C:\Windows\IE10_main.log
2013-10-02 15:54 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-02 15:54 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-02 15:54 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-02 15:54 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-02 13:00 - 2013-10-02 13:00 - 00019845 _____ C:\ComboFix.txt
2013-10-02 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-02 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-02 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-10-02 12:28 - 2013-10-02 12:28 - 18070536 _____ (Adobe Systems Inc.) C:\Users\dhushan\Downloads\AdobeAIRInstaller.exe
2013-10-02 12:28 - 2013-10-02 12:28 - 00000000 ____D C:\Users\dhushan\AppData\Local\Macromedia
2013-10-02 12:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-10-02 12:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-10-02 12:26 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-02 12:26 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-02 12:26 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-10-02 12:26 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-10-02 12:26 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-10-02 12:26 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-10-02 12:26 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-10-02 12:26 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-10-02 12:26 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-02 12:25 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-02 12:25 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-10-02 12:25 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-02 12:25 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-10-02 12:25 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-02 12:25 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-02 12:25 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-02 12:25 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-02 12:25 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-02 12:25 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-02 12:25 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-02 12:25 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-10-02 12:25 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-10-02 12:25 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-10-02 12:25 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-10-02 12:25 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-10-02 12:25 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-10-02 12:25 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-10-02 12:25 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-10-02 12:25 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-10-02 12:25 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-10-02 12:25 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-10-02 12:25 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-10-02 12:25 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-10-02 12:25 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-10-02 12:25 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-10-02 12:25 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-10-02 12:25 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-10-02 12:25 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-10-02 12:25 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-10-02 12:25 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-10-02 12:25 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-10-02 12:25 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-10-02 12:25 - 2012-06-02 07:50 - 00458704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-10-02 12:25 - 2012-06-02 07:48 - 00151920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-10-02 12:25 - 2012-06-02 07:48 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-10-02 12:25 - 2012-06-02 07:45 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-10-02 12:25 - 2012-06-02 06:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-10-02 12:25 - 2012-06-02 06:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-10-02 12:25 - 2012-06-02 06:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-10-02 12:25 - 2010-06-26 05:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-10-02 12:25 - 2010-06-26 05:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-10-02 12:24 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-02 12:24 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-02 12:24 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-02 12:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-02 12:24 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-10-02 12:24 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-10-02 12:24 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-10-02 12:24 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-10-02 12:24 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-10-02 12:24 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-10-02 12:24 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-10-02 12:23 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-02 12:23 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-10-02 12:23 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-10-02 12:23 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-10-02 12:23 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-10-02 12:23 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-10-02 12:23 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-10-02 12:23 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-02 12:23 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-10-02 12:23 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-10-02 12:23 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-10-02 12:23 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-10-02 12:23 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-10-02 12:23 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-10-02 12:23 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-10-02 12:23 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-10-02 11:55 - 2013-10-02 13:00 - 00000000 ____D C:\Qoobox
2013-10-02 11:55 - 2013-10-02 12:59 - 00000000 ____D C:\Windows\erdnt
2013-10-02 11:53 - 2013-10-02 11:53 - 05132885 ____R (Swearware) C:\Users\dhushan\Desktop\ComboFix.exe
2013-10-02 11:47 - 2013-10-02 11:48 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:46 - 2013-10-02 11:46 - 01045226 _____ C:\Users\dhushan\Desktop\adwcleaner.exe
2013-10-02 11:45 - 2013-10-02 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\Desktop\Update Checker.lnk
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-02 11:23 - 2013-10-04 09:16 - 01377734 _____ C:\Windows\WindowsUpdate.log
2013-10-02 10:39 - 2013-10-02 10:39 - 00002145 _____ C:\Users\dhushan\Desktop\Gmer.txt
2013-10-02 10:31 - 2013-10-02 10:31 - 00377856 _____ C:\Users\dhushan\Desktop\9h2u4ps3.exe
2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 11:56 - 2013-10-04 09:11 - 00005404 _____ C:\Windows\PFRO.log
2013-09-30 11:56 - 2013-10-04 09:11 - 00000896 _____ C:\Windows\setupact.log
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 12:22 - 2013-09-16 18:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I
2013-09-06 10:40 - 2013-09-06 10:40 - 96304236 _____ C:\Windows\SysWOW64\Ẋ電轜”

==================== One Month Modified Files and Folders =======

2013-10-04 10:05 - 2013-10-04 10:04 - 01954124 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-04 09:58 - 2013-10-02 11:23 - 01377734 _____ C:\Windows\WindowsUpdate.log
2013-10-04 09:58 - 2010-03-02 19:22 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 09:19 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 09:19 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 09:17 - 2010-02-26 16:06 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\vlc
2013-10-04 09:16 - 2009-12-16 12:40 - 00643628 _____ C:\Windows\system32\perfh007.dat
2013-10-04 09:16 - 2009-12-16 12:40 - 00126188 _____ C:\Windows\system32\perfc007.dat
2013-10-04 09:16 - 2009-07-14 07:13 - 01471828 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-04 09:12 - 2013-10-04 09:12 - 99176917 _____ C:\Windows\SysWOW64\ﶖ轜
2013-10-04 09:11 - 2013-09-30 11:56 - 00005404 _____ C:\Windows\PFRO.log
2013-10-04 09:11 - 2013-09-30 11:56 - 00000896 _____ C:\Windows\setupact.log
2013-10-04 09:11 - 2010-03-02 19:22 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 09:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 17:47 - 2010-11-21 16:32 - 00000212 _____ C:\Users\dhushan\AppData\Roaming\default.rss
2013-10-03 17:47 - 2010-06-24 13:20 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-10-03 17:44 - 2010-02-26 13:41 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\UseNeXT
2013-10-02 19:24 - 2010-02-14 14:25 - 00001425 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-02 19:24 - 2010-02-14 14:25 - 00000000 ___RD C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-02 19:24 - 2010-02-14 14:25 - 00000000 ___RD C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-02 19:22 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 19:22 - 2009-07-14 06:45 - 03028512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-02 19:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-02 19:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-10-02 19:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-02 19:19 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-10-02 16:11 - 2013-10-02 16:10 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 16:11 - 2009-10-13 00:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-02 16:05 - 2013-10-02 15:58 - 00012966 _____ C:\Windows\IE10_main.log
2013-10-02 16:02 - 2013-10-02 16:02 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-02 16:00 - 2013-10-02 16:00 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-02 15:50 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-10-02 13:00 - 2013-10-02 13:00 - 00019845 _____ C:\ComboFix.txt
2013-10-02 13:00 - 2013-10-02 11:55 - 00000000 ____D C:\Qoobox
2013-10-02 13:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-02 12:59 - 2013-10-02 11:55 - 00000000 ____D C:\Windows\erdnt
2013-10-02 12:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-02 12:53 - 2013-01-29 17:31 - 00000000 ____D C:\Users\dhushan\Documents\Windows
2013-10-02 12:31 - 2012-06-13 10:24 - 00000740 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-10-02 12:29 - 2009-10-13 00:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-02 12:28 - 2013-10-02 12:28 - 18070536 _____ (Adobe Systems Inc.) C:\Users\dhushan\Downloads\AdobeAIRInstaller.exe
2013-10-02 12:28 - 2013-10-02 12:28 - 00000000 ____D C:\Users\dhushan\AppData\Local\Macromedia
2013-10-02 12:28 - 2010-02-25 00:59 - 00000000 ____D C:\Users\dhushan\AppData\Local\Adobe
2013-10-02 12:26 - 2013-02-25 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 12:26 - 2011-08-29 11:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-02 11:53 - 2013-10-02 11:53 - 05132885 ____R (Swearware) C:\Users\dhushan\Desktop\ComboFix.exe
2013-10-02 11:49 - 2013-02-03 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-02 11:48 - 2013-10-02 11:47 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:46 - 2013-10-02 11:46 - 01045226 _____ C:\Users\dhushan\Desktop\adwcleaner.exe
2013-10-02 11:45 - 2013-10-02 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 11:45 - 2013-02-03 14:54 - 00000000 ____D C:\Users\dhushan\AppData\Local\Mozilla
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\Desktop\Update Checker.lnk
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-02 11:26 - 2010-09-15 11:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-02 11:26 - 2010-02-14 14:33 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\Adobe
2013-10-02 11:26 - 2009-10-13 00:51 - 00000000 ____D C:\ProgramData\Adobe
2013-10-02 10:39 - 2013-10-02 10:39 - 00002145 _____ C:\Users\dhushan\Desktop\Gmer.txt
2013-10-02 10:31 - 2013-10-02 10:31 - 00377856 _____ C:\Users\dhushan\Desktop\9h2u4ps3.exe
2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:11 - 2010-02-14 14:24 - 00000000 ____D C:\Users\dhushan
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:30 - 2010-07-19 10:49 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 19:03 - 2010-11-05 17:46 - 00000000 ____D C:\Users\dhushan\Documents\UseNeXT
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 18:22 - 2013-09-16 12:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I
2013-09-06 10:40 - 2013-09-06 10:40 - 96304236 _____ C:\Windows\SysWOW64\Ẋ電轜”
2013-09-04 13:40 - 2013-05-06 13:22 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 13:40 - 2013-03-30 15:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 13:40 - 2013-03-30 15:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

ZeroAccess:
C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}
C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\@

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-10-14 15:09

==================== End Of Log ============================
--- --- ---

--- --- ---

aharonov 04.10.2013 11:12
Ok, wie läuft der Rechner jetzt?


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von MBAM
  • Log von ESET
  • Logs von FRST

aileron 04.10.2013 11:48
FRST.log:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by dhushan at 2013-10-04 12:40:02 Run:1
Running from C:\Users\dhushan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}
*****************

C:\Users\dhushan\AppData\Local\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728} => Moved successfully.

==== End of Fixlog ====

Malewarebytes:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
dhushan :: ZULU [Administrator]

04.10.2013 12:15:23
MBAM-log-2013-10-04 (12-23-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209155
Laufzeit: 7 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (PUP.Optional.AdvancedSystemProtector.A) -> 1876 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 6
C:\Program Files (x86)\Advanced System Protector\aspsys.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0X2O1C0R2R1R -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 9
C:\Program Files (x86)\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\clamunpack (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.10905 (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Users\dhushan\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Users\dhushan\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10905 (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 74
C:\Users\dhushan\AppData\Local\Temp\is1070216317\1441739_stp\wajam_validate.exe (PUP.Optional.Wajam) -> Keine Aktion durchgeführt.
C:\Users\dhushan\AppData\Local\Temp\is1070216317\1441962_stp\rcpsetup_adppi_adppi.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\loading_withWhiteBG.avi (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.config (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\AppResource.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\asp.ico (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\AspManager.exe (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\aspsys.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\categories.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Chinese_asp_ZH-CN.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Communication.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\danish_asp_DA.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\dutch_asp_NL.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\eng_asp_en.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Finnish_asp_FI.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\french_asp_FR.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\german_asp_DE.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Interop.IWshRuntimeLibrary.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\italian_asp_IT.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\japanese_asp_JA.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\norwegian_asp_NO.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\portuguese_asp_PT-BR.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\russian_asp_ru.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\scandll.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\spanish_asp_ES.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\swedish_asp_SV.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\System.Core.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\unins000.dat (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\unins000.exe (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\unins000.msg (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\unrar.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.Formats.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\clamunpack\libclamav.dll (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\clamunpack\readme.txt (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.com (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.exe (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\ASP-Troubleshooter.chm (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.lnk (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates\1524mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates\1525update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates\1526update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates\1527update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates\1528update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates\1529update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates\1530update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Systweak\Advanced System Protector\updates\914completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Users\dhushan\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Users\dhushan\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Users\dhushan\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.
C:\Users\dhushan\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10905\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Keine Aktion durchgeführt.

(Ende)

3. ESET ist am Laufen, aber es gibt ein neues Problem.

Seit gestern Abend erscheint bei jedem Start ein Pop-Up, das mich in radebrechendem Deutsch darauf hinweist, daß ein kostenloses PC Backup auf meinem Rechner durchgeführt werden kann und mich zu einem Klicken des OK-Buttons zum Durchführen dieser Aktion nötigen möchte.

aharonov 04.10.2013 11:50
Ok, brich ESET ab, mach zuerst den neuen FRST-Scan von Schritt 4 und poste diese Logs.

aileron 07.10.2013 09:39
Hatte das mit Eset abbrechen leider nicht mehr realisiert, deshalb auch noch das Eset-Log.


Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=465d36ee8db2e542a4a2f7c06edca978
# engine=15353
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-04 04:54:41
# local_time=2013-10-04 06:54:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 34935 246325371 27722 0
# compatibility_mode=5893 16776573 100 94 26989 132535531 0 0
# scanned=228831
# found=11
# cleaned=0
# scan_time=21646
sh=FD5BADD198061381B1DFB1A740E68480F3816138 ft=1 fh=396a26b902efb086 vn="Win64/Conedex.J trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\00000001.@.vir"
sh=31560009D8B91231C86733FB83C9D7A52207A437 ft=1 fh=5ef19a7eae9da3f2 vn="Win64/Conedex.K trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{b522f2dd-e2eb-b5e4-d4b7-50bbc394d728}\U\00000002.@.vir"
sh=BBE3D96AD00A79CC9D1A1D185B2AD900B81E877D ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.BI trojan" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\21b69119-35379519"
sh=048771939C10A5E3504D7C62F6C4F6CED8B4F31D ft=1 fh=4bf8bf28f64dd533 vn="a variant of Win32/Injector.ABYO trojan" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5020c369-3d40c776"
sh=8DC207E6E6F9EF709DBB792F34FB18478B3529DC ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5020c369-7171587a"
sh=2D97D95915F8FC7BFEA90A63651F70ECCE41B6B8 ft=1 fh=847267a99ff6261a vn="Win32/LockScreen.AHO trojan" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\66a6cbe9-4e1bc317"
sh=5F6ECB83BEEB4B194E727A0C8532C9E35DA3AEF3 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.CD trojan" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\28743c6f-1c67641a"
sh=35E7A12BA1DA3A1E070A8CBDABD763903B8B874B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7a69dcf0-5d165eeb"
sh=E68A06E8A95103F5F6B858AA2E26FE6FEAF7D224 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.CD trojan" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\74d31ab3-62314b4e"
sh=0CAEA40E89B28A4FBABD65D3E5DEA7D1D8B3C575 ft=0 fh=0000000000000000 vn="Java/Agent.DH trojan" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3b8bc0f6-63132d25"
sh=19BC442BF50EB33EF7780A6F1F01A8B2AADA8EFE ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DT trojan" ac=I fn="C:\Users\dhushan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\c3423b7-237c01b3"

FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by dhushan (administrator) on ZULU on 07-10-2013 10:33:19
Running from C:\Users\dhushan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() D:\Programme\phonostar-Player\phonostarTimer.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(FileHippo.com) D:\Programme\FileHippo.com\UpdateChecker.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-13] (Google Inc.)
HKCU\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe [39936 2010-04-01] ()
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [40960 2011-06-20] ()
HKCU\...\Run: [FileHippo.com] - D:\Programme\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-29] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2780432 2009-05-08] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7_64\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7_64\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - D:\Programme\Java\jre7_64\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - D:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
S3 Microsoft Office Groove Audit Service; D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 10:02 - 2013-10-07 10:02 - 99582406 _____ C:\Windows\SysWOW64\뛙燪轜ƒ
2013-10-04 12:51 - 2013-10-04 12:51 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-04 12:25 - 2013-10-04 12:25 - 00000000 ____D C:\Users\dhushan\AppData\Local\Systweak
2013-10-04 12:00 - 2013-10-04 12:25 - 00000000 ____D C:\ProgramData\Systweak
2013-10-04 12:00 - 2013-10-04 12:13 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-04 12:00 - 2013-10-04 12:00 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-10-04 12:00 - 2013-10-04 12:00 - 00001091 _____ C:\Users\dhushan\Desktop\MyPC Backup.lnk
2013-10-04 12:00 - 2013-10-04 12:00 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-04 12:00 - 2013-10-04 12:00 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-04 12:00 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-10-04 11:59 - 2013-10-04 12:25 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\Systweak
2013-10-04 11:59 - 2013-07-22 16:07 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00000000 ____D C:\ProgramData\Sun
2013-10-04 11:32 - 2013-10-04 11:32 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-04 11:32 - 2013-10-04 11:32 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-04 11:32 - 2013-10-04 11:32 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-04 11:13 - 2013-10-04 11:13 - 00000020 _____ C:\Windows\xøˆ
2013-10-04 11:02 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-04 11:02 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-04 11:02 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-04 11:02 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-04 11:01 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-10-04 11:01 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-10-04 11:01 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-10-04 11:01 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-10-04 11:01 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-10-04 11:01 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-04 11:01 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-04 11:01 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-10-04 11:01 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-10-04 11:01 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-10-04 11:01 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-10-04 11:01 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-10-04 11:01 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-10-04 11:01 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-10-04 11:01 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-10-04 11:01 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-10-04 11:01 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-10-04 11:01 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-10-04 11:01 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-10-04 11:01 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-10-04 11:01 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-10-04 11:01 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-10-04 11:01 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-10-04 11:01 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-10-04 11:00 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-10-04 11:00 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-10-04 11:00 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-10-04 11:00 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-10-04 11:00 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-10-04 11:00 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-10-04 11:00 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-10-04 11:00 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-10-04 10:59 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-10-04 10:59 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-10-04 10:59 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-10-04 10:59 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-10-04 10:59 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-10-04 10:59 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-10-04 10:59 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-10-04 10:59 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-10-04 10:59 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-10-04 10:59 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-10-04 10:59 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-10-04 10:59 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-10-04 10:59 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-10-04 10:59 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-10-04 10:59 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-10-04 10:59 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-10-04 10:59 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-10-04 10:59 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-10-04 10:59 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-10-04 10:58 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-04 10:58 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-10-04 10:58 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-10-04 10:58 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-10-04 10:58 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-10-04 10:58 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-10-04 10:58 - 2012-11-30 01:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-10-04 10:58 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-10-04 10:58 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-10-04 10:58 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-10-04 10:58 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-10-04 10:58 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-10-04 10:58 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-10-04 10:58 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-10-04 10:58 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-10-04 10:58 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-10-04 10:58 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-10-04 10:58 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-10-04 10:58 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-10-04 10:58 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-10-04 10:58 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-10-04 10:58 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-10-04 10:58 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-10-04 10:58 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-10-04 10:58 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-10-04 10:58 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-10-04 10:58 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-10-04 10:58 - 2012-04-07 14:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-10-04 10:58 - 2012-04-07 13:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-10-04 10:58 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-10-04 10:58 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-10-04 10:58 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-10-04 10:58 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-10-04 10:58 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-10-04 10:58 - 2011-06-16 07:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-10-04 10:58 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2013-10-04 10:58 - 2011-04-23 00:15 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-10-04 10:58 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-10-04 10:58 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2013-10-04 10:58 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-10-04 10:58 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2013-10-04 10:58 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-10-04 10:57 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-04 10:57 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-04 10:57 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-10-04 10:57 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-10-04 10:57 - 2011-03-25 05:29 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-04 10:57 - 2011-03-25 05:28 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-04 10:57 - 2011-02-18 12:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-10-04 10:57 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-10-04 10:56 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-10-04 10:55 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-10-04 10:55 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-10-04 10:51 - 2013-10-04 10:51 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-04 10:04 - 2013-10-04 10:05 - 01954124 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-02 19:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-02 19:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-02 16:10 - 2013-10-02 16:11 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 16:02 - 2013-10-02 16:02 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-02 16:00 - 2013-10-02 16:00 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-10-02 15:58 - 2013-10-02 16:05 - 00012966 _____ C:\Windows\IE10_main.log
2013-10-02 15:54 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-02 15:54 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-02 15:54 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-02 15:54 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-02 13:00 - 2013-10-02 13:00 - 00019845 _____ C:\ComboFix.txt
2013-10-02 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-02 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-02 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-10-02 12:28 - 2013-10-02 12:28 - 18070536 _____ (Adobe Systems Inc.) C:\Users\dhushan\Downloads\AdobeAIRInstaller.exe
2013-10-02 12:28 - 2013-10-02 12:28 - 00000000 ____D C:\Users\dhushan\AppData\Local\Macromedia
2013-10-02 12:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-10-02 12:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-10-02 12:26 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-02 12:26 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-02 12:26 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-02 12:25 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-02 12:25 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-10-02 12:25 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-02 12:25 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-10-02 12:25 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-02 12:25 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-02 12:25 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-02 12:25 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-02 12:25 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-02 12:25 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-02 12:25 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-02 12:25 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-10-02 12:25 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-10-02 12:25 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-10-02 12:25 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-10-02 12:25 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-10-02 12:25 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-10-02 12:25 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-10-02 12:25 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-10-02 12:25 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-10-02 12:25 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-10-02 12:25 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-10-02 12:25 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-10-02 12:25 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-10-02 12:25 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-10-02 12:25 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-10-02 12:25 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-10-02 12:25 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-10-02 12:25 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-10-02 12:25 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-10-02 12:25 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-10-02 12:25 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-10-02 12:25 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-10-02 12:25 - 2012-06-02 07:48 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-10-02 12:25 - 2010-06-26 05:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-10-02 12:25 - 2010-06-26 05:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-10-02 12:24 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-02 12:24 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-02 12:24 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-02 12:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-02 12:24 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-10-02 12:24 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-10-02 12:24 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-10-02 12:24 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-10-02 12:24 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-10-02 12:24 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-10-02 12:24 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-10-02 12:23 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-02 12:23 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-10-02 12:23 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-10-02 12:23 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-10-02 12:23 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-10-02 12:23 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-10-02 12:23 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-10-02 12:23 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-02 12:23 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-10-02 12:23 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-10-02 12:23 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-10-02 12:23 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-10-02 12:23 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-10-02 12:23 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-10-02 12:23 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-10-02 12:23 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-10-02 11:55 - 2013-10-02 13:00 - 00000000 ____D C:\Qoobox
2013-10-02 11:55 - 2013-10-02 12:59 - 00000000 ____D C:\Windows\erdnt
2013-10-02 11:53 - 2013-10-02 11:53 - 05132885 ____R (Swearware) C:\Users\dhushan\Desktop\ComboFix.exe
2013-10-02 11:47 - 2013-10-02 11:48 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:46 - 2013-10-02 11:46 - 01045226 _____ C:\Users\dhushan\Desktop\adwcleaner.exe
2013-10-02 11:45 - 2013-10-02 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\Desktop\Update Checker.lnk
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-02 11:23 - 2013-10-06 19:08 - 01974251 _____ C:\Windows\WindowsUpdate.log
2013-10-02 10:39 - 2013-10-02 10:39 - 00002145 _____ C:\Users\dhushan\Desktop\Gmer.txt
2013-10-02 10:31 - 2013-10-02 10:31 - 00377856 _____ C:\Users\dhushan\Desktop\9h2u4ps3.exe
2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 11:56 - 2013-10-07 10:01 - 00031106 _____ C:\Windows\PFRO.log
2013-09-30 11:56 - 2013-10-07 10:01 - 00001568 _____ C:\Windows\setupact.log
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 12:22 - 2013-09-16 18:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I

==================== One Month Modified Files and Folders =======

2013-10-07 10:09 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 10:09 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 10:06 - 2013-10-02 11:23 - 01974251 _____ C:\Windows\WindowsUpdate.log
2013-10-07 10:06 - 2009-12-16 12:40 - 00643628 _____ C:\Windows\system32\perfh007.dat
2013-10-07 10:06 - 2009-12-16 12:40 - 00126188 _____ C:\Windows\system32\perfc007.dat
2013-10-07 10:06 - 2009-07-14 07:13 - 01471828 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-07 10:02 - 2013-10-07 10:02 - 99582406 _____ C:\Windows\SysWOW64\뛙燪轜ƒ
2013-10-07 10:01 - 2013-09-30 11:56 - 00031106 _____ C:\Windows\PFRO.log
2013-10-07 10:01 - 2013-09-30 11:56 - 00001568 _____ C:\Windows\setupact.log
2013-10-07 10:01 - 2010-03-02 19:22 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 10:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 18:57 - 2010-02-26 13:41 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\UseNeXT
2013-10-06 18:56 - 2010-03-02 19:22 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-05 18:14 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-05 17:27 - 2010-02-14 14:33 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\Adobe
2013-10-05 16:55 - 2010-11-21 16:32 - 00000200 _____ C:\Users\dhushan\AppData\Roaming\default.rss
2013-10-05 16:55 - 2010-06-24 13:20 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-10-04 12:51 - 2013-10-04 12:51 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-04 12:25 - 2013-10-04 12:25 - 00000000 ____D C:\Users\dhushan\AppData\Local\Systweak
2013-10-04 12:25 - 2013-10-04 12:00 - 00000000 ____D C:\ProgramData\Systweak
2013-10-04 12:25 - 2013-10-04 11:59 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\Systweak
2013-10-04 12:13 - 2013-10-04 12:00 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-04 12:00 - 2013-10-04 12:00 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-10-04 12:00 - 2013-10-04 12:00 - 00001091 _____ C:\Users\dhushan\Desktop\MyPC Backup.lnk
2013-10-04 12:00 - 2013-10-04 12:00 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-04 12:00 - 2013-10-04 12:00 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-04 12:00 - 2010-02-14 14:25 - 00000000 ___RD C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-04 11:56 - 2013-10-04 11:56 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00000000 ____D C:\ProgramData\Sun
2013-10-04 11:32 - 2013-10-04 11:32 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-04 11:32 - 2013-10-04 11:32 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-04 11:32 - 2013-10-04 11:32 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-04 11:13 - 2013-10-04 11:13 - 00000020 _____ C:\Windows\xøˆ
2013-10-04 11:13 - 2009-12-17 13:24 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-10-04 11:08 - 2010-02-14 14:24 - 00111288 _____ C:\Users\dhushan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-04 11:06 - 2009-07-14 06:45 - 03028512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-04 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-04 11:02 - 2009-10-13 00:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-04 10:51 - 2013-10-04 10:51 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-04 10:51 - 2009-10-13 00:51 - 00000000 ____D C:\ProgramData\Adobe
2013-10-04 10:51 - 2009-10-13 00:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-04 10:50 - 2010-02-25 00:59 - 00000000 ____D C:\Users\dhushan\AppData\Local\Adobe
2013-10-04 10:05 - 2013-10-04 10:04 - 01954124 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-04 09:17 - 2010-02-26 16:06 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\vlc
2013-10-02 19:24 - 2010-02-14 14:25 - 00001425 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-02 19:24 - 2010-02-14 14:25 - 00000000 ___RD C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-02 19:22 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 19:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-02 19:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-10-02 19:19 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-10-02 16:11 - 2013-10-02 16:10 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 16:05 - 2013-10-02 15:58 - 00012966 _____ C:\Windows\IE10_main.log
2013-10-02 16:02 - 2013-10-02 16:02 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-02 16:00 - 2013-10-02 16:00 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-02 15:50 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-10-02 13:00 - 2013-10-02 13:00 - 00019845 _____ C:\ComboFix.txt
2013-10-02 13:00 - 2013-10-02 11:55 - 00000000 ____D C:\Qoobox
2013-10-02 13:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-02 12:59 - 2013-10-02 11:55 - 00000000 ____D C:\Windows\erdnt
2013-10-02 12:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-02 12:53 - 2013-01-29 17:31 - 00000000 ____D C:\Users\dhushan\Documents\Windows
2013-10-02 12:31 - 2012-06-13 10:24 - 00000740 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-10-02 12:28 - 2013-10-02 12:28 - 18070536 _____ (Adobe Systems Inc.) C:\Users\dhushan\Downloads\AdobeAIRInstaller.exe
2013-10-02 12:28 - 2013-10-02 12:28 - 00000000 ____D C:\Users\dhushan\AppData\Local\Macromedia
2013-10-02 12:26 - 2013-02-25 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 12:26 - 2011-08-29 11:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-02 11:53 - 2013-10-02 11:53 - 05132885 ____R (Swearware) C:\Users\dhushan\Desktop\ComboFix.exe
2013-10-02 11:49 - 2013-02-03 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-02 11:48 - 2013-10-02 11:47 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:46 - 2013-10-02 11:46 - 01045226 _____ C:\Users\dhushan\Desktop\adwcleaner.exe
2013-10-02 11:45 - 2013-10-02 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 11:45 - 2013-02-03 14:54 - 00000000 ____D C:\Users\dhushan\AppData\Local\Mozilla
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\Desktop\Update Checker.lnk
2013-10-02 11:43 - 2013-10-02 11:43 - 00000800 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-02 11:26 - 2010-09-15 11:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-02 10:39 - 2013-10-02 10:39 - 00002145 _____ C:\Users\dhushan\Desktop\Gmer.txt
2013-10-02 10:31 - 2013-10-02 10:31 - 00377856 _____ C:\Users\dhushan\Desktop\9h2u4ps3.exe
2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:11 - 2010-02-14 14:24 - 00000000 ____D C:\Users\dhushan
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:30 - 2010-07-19 10:49 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 19:03 - 2010-11-05 17:46 - 00000000 ____D C:\Users\dhushan\Documents\UseNeXT
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 18:22 - 2013-09-16 12:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


Some content of TEMP:
====================
C:\Users\dhushan\AppData\Local\Temp\BackupSetup.exe
C:\Users\dhushan\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-10-14 15:09

==================== End Of Log ============================
--- --- ---

--- --- ---

aharonov 07.10.2013 09:49
Ok, dann noch die neu hinzugekommene Adware:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

aileron 07.10.2013 10:14
AdwCleaner Logfile:
Code:
# AdwCleaner v3.006 - Bericht erstellt am 07/10/2013 um 11:00:12
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : dhushan - ZULU
# Gestartet von : C:\Users\dhushan\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : BackupStack

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Users\dhushan\AppData\Local\Systweak
Ordner Gelöscht : C:\Users\dhushan\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\dhushan\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Datei Gelöscht : C:\Users\Public\Desktop\Advanced System Protector.lnk
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\dhushan\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [13403 octets] - [02/10/2013 11:47:33]
AdwCleaner[R1].txt - [2395 octets] - [07/10/2013 10:59:25]
AdwCleaner[S0].txt - [13137 octets] - [02/10/2013 11:48:56]
AdwCleaner[S1].txt - [1985 octets] - [07/10/2013 11:00:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2045 octets] ##########
--- --- ---

[/CODE]



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by dhushan (administrator) on ZULU on 07-10-2013 11:03:36
Running from C:\Users\dhushan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() D:\Programme\phonostar-Player\phonostarTimer.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-13] (Google Inc.)
HKCU\...\Run: [phonostarTimer] - D:\Programme\phonostar-Player\phonostarTimer.exe [39936 2010-04-01] ()
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [40960 2011-06-20] ()
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-29] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2780432 2009-05-08] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7_64\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7_64\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - D:\Programme\Java\jre7_64\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - D:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\dhushan\AppData\Roaming\Mozilla\Firefox\Profiles\m9z85dj0.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S3 Microsoft Office Groove Audit Service; D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 10:51 - 2013-10-07 10:51 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-10-04 12:51 - 2013-10-04 12:51 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-04 12:00 - 2013-10-04 12:13 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-04 12:00 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00000000 ____D C:\ProgramData\Sun
2013-10-04 11:32 - 2013-10-04 11:32 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-04 11:32 - 2013-10-04 11:32 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-04 11:32 - 2013-10-04 11:32 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-04 11:13 - 2013-10-04 11:13 - 00000020 _____ C:\Windows\xøˆ
2013-10-04 11:02 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-04 11:02 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-04 11:02 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-04 11:02 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-04 11:01 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-10-04 11:01 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-10-04 11:01 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-10-04 11:01 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-10-04 11:01 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-10-04 11:01 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-04 11:01 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-04 11:01 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-10-04 11:01 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-10-04 11:01 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-10-04 11:01 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-10-04 11:01 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-10-04 11:01 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-10-04 11:01 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-10-04 11:01 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-10-04 11:01 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-10-04 11:01 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-10-04 11:01 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-10-04 11:01 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-10-04 11:01 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-10-04 11:01 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-10-04 11:01 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-10-04 11:01 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-10-04 11:01 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-10-04 11:00 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-10-04 11:00 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-10-04 11:00 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-10-04 11:00 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-10-04 11:00 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-10-04 11:00 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-10-04 11:00 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-10-04 11:00 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-10-04 10:59 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-10-04 10:59 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-10-04 10:59 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-10-04 10:59 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-10-04 10:59 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-10-04 10:59 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-10-04 10:59 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-10-04 10:59 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-10-04 10:59 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-10-04 10:59 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-10-04 10:59 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-10-04 10:59 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-10-04 10:59 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-10-04 10:59 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-10-04 10:59 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-10-04 10:59 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-10-04 10:59 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-10-04 10:59 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-10-04 10:59 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-10-04 10:59 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-10-04 10:59 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-10-04 10:59 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-10-04 10:59 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-10-04 10:59 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-10-04 10:58 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-04 10:58 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-10-04 10:58 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-10-04 10:58 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-10-04 10:58 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-10-04 10:58 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-10-04 10:58 - 2012-11-30 01:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-10-04 10:58 - 2012-11-22 07:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-10-04 10:58 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-10-04 10:58 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-10-04 10:58 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-10-04 10:58 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-10-04 10:58 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-10-04 10:58 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-10-04 10:58 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-10-04 10:58 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-10-04 10:58 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-10-04 10:58 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-10-04 10:58 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-10-04 10:58 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-10-04 10:58 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-10-04 10:58 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-10-04 10:58 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-10-04 10:58 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-10-04 10:58 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-10-04 10:58 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-10-04 10:58 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-10-04 10:58 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-10-04 10:58 - 2012-04-07 14:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-10-04 10:58 - 2012-04-07 13:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-10-04 10:58 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-10-04 10:58 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-10-04 10:58 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-10-04 10:58 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-10-04 10:58 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-10-04 10:58 - 2011-06-16 07:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-10-04 10:58 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2013-10-04 10:58 - 2011-04-23 00:15 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-10-04 10:58 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-10-04 10:58 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-10-04 10:58 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2013-10-04 10:58 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-10-04 10:58 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2013-10-04 10:58 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-10-04 10:57 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-04 10:57 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-04 10:57 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-10-04 10:57 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-10-04 10:57 - 2011-03-25 05:29 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-04 10:57 - 2011-03-25 05:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-04 10:57 - 2011-03-25 05:28 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-04 10:57 - 2011-02-18 12:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-10-04 10:57 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-10-04 10:56 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-10-04 10:55 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-10-04 10:55 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-10-04 10:51 - 2013-10-04 10:51 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-04 10:04 - 2013-10-04 10:05 - 01954124 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-02 19:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-02 19:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-02 16:10 - 2013-10-02 16:11 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 16:02 - 2013-10-02 16:02 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-02 16:00 - 2013-10-02 16:00 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-10-02 15:58 - 2013-10-02 16:05 - 00012966 _____ C:\Windows\IE10_main.log
2013-10-02 15:54 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-02 15:54 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-02 15:54 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-02 15:54 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-02 13:00 - 2013-10-02 13:00 - 00019845 _____ C:\ComboFix.txt
2013-10-02 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-02 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-02 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-02 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-10-02 12:28 - 2013-10-02 12:28 - 18070536 _____ (Adobe Systems Inc.) C:\Users\dhushan\Downloads\AdobeAIRInstaller.exe
2013-10-02 12:28 - 2013-10-02 12:28 - 00000000 ____D C:\Users\dhushan\AppData\Local\Macromedia
2013-10-02 12:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-10-02 12:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-10-02 12:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-10-02 12:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-10-02 12:26 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-02 12:26 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-02 12:26 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-02 12:25 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-02 12:25 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-02 12:25 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-10-02 12:25 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-02 12:25 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-10-02 12:25 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-02 12:25 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-02 12:25 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-02 12:25 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-02 12:25 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-02 12:25 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-02 12:25 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-02 12:25 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-02 12:25 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-02 12:25 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-02 12:25 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-10-02 12:25 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-10-02 12:25 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-10-02 12:25 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-10-02 12:25 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-10-02 12:25 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-10-02 12:25 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-10-02 12:25 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-10-02 12:25 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-10-02 12:25 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-10-02 12:25 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-10-02 12:25 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-10-02 12:25 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-10-02 12:25 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-10-02 12:25 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-10-02 12:25 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-10-02 12:25 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-10-02 12:25 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-10-02 12:25 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-10-02 12:25 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-10-02 12:25 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-10-02 12:25 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-10-02 12:25 - 2012-06-02 07:48 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-10-02 12:25 - 2010-06-26 05:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-10-02 12:25 - 2010-06-26 05:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-10-02 12:24 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-02 12:24 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-02 12:24 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-02 12:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-02 12:24 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-10-02 12:24 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-10-02 12:24 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-10-02 12:24 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-10-02 12:24 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-10-02 12:24 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-10-02 12:24 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-10-02 12:23 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-02 12:23 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-10-02 12:23 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-10-02 12:23 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-10-02 12:23 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-10-02 12:23 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-10-02 12:23 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-10-02 12:23 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-02 12:23 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-10-02 12:23 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-10-02 12:23 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-10-02 12:23 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-10-02 12:23 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-10-02 12:23 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-10-02 12:23 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-10-02 12:23 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-10-02 11:55 - 2013-10-02 13:00 - 00000000 ____D C:\Qoobox
2013-10-02 11:55 - 2013-10-02 12:59 - 00000000 ____D C:\Windows\erdnt
2013-10-02 11:53 - 2013-10-02 11:53 - 05132885 ____R (Swearware) C:\Users\dhushan\Desktop\ComboFix.exe
2013-10-02 11:47 - 2013-10-07 11:00 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:46 - 2013-10-07 10:58 - 01045226 _____ C:\Users\dhushan\Desktop\adwcleaner.exe
2013-10-02 11:45 - 2013-10-02 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 11:23 - 2013-10-07 11:00 - 01975651 _____ C:\Windows\WindowsUpdate.log
2013-10-02 10:39 - 2013-10-02 10:39 - 00002145 _____ C:\Users\dhushan\Desktop\Gmer.txt
2013-10-02 10:31 - 2013-10-02 10:31 - 00377856 _____ C:\Users\dhushan\Desktop\9h2u4ps3.exe
2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 11:56 - 2013-10-07 11:01 - 00031396 _____ C:\Windows\PFRO.log
2013-09-30 11:56 - 2013-10-07 11:01 - 00001624 _____ C:\Windows\setupact.log
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 12:22 - 2013-09-16 18:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I

==================== One Month Modified Files and Folders =======

2013-10-07 11:01 - 2013-09-30 11:56 - 00031396 _____ C:\Windows\PFRO.log
2013-10-07 11:01 - 2013-09-30 11:56 - 00001624 _____ C:\Windows\setupact.log
2013-10-07 11:01 - 2010-03-02 19:22 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 11:01 - 2009-10-13 00:51 - 00000000 ____D C:\ProgramData\Adobe
2013-10-07 11:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 11:00 - 2013-10-02 11:47 - 00000000 ____D C:\AdwCleaner
2013-10-07 11:00 - 2013-10-02 11:23 - 01975651 _____ C:\Windows\WindowsUpdate.log
2013-10-07 11:00 - 2010-02-14 14:25 - 00000000 ___RD C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-07 10:58 - 2013-10-02 11:46 - 01045226 _____ C:\Users\dhushan\Desktop\adwcleaner.exe
2013-10-07 10:54 - 2010-03-02 19:22 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 10:51 - 2013-10-07 10:51 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-10-07 10:51 - 2009-10-13 00:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-07 10:46 - 2011-01-02 19:06 - 00000000 ____D C:\ProgramData\Screentime
2013-10-07 10:09 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 10:09 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 10:06 - 2009-12-16 12:40 - 00643628 _____ C:\Windows\system32\perfh007.dat
2013-10-07 10:06 - 2009-12-16 12:40 - 00126188 _____ C:\Windows\system32\perfc007.dat
2013-10-07 10:06 - 2009-07-14 07:13 - 01471828 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-06 18:57 - 2010-02-26 13:41 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\UseNeXT
2013-10-05 18:14 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-05 17:27 - 2010-02-14 14:33 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\Adobe
2013-10-05 16:55 - 2010-11-21 16:32 - 00000200 _____ C:\Users\dhushan\AppData\Roaming\default.rss
2013-10-05 16:55 - 2010-06-24 13:20 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-10-04 12:51 - 2013-10-04 12:51 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-04 12:13 - 2013-10-04 12:00 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-04 11:56 - 2013-10-04 11:56 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 11:56 - 2013-10-04 11:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-04 11:56 - 2013-10-04 11:56 - 00000000 ____D C:\ProgramData\Sun
2013-10-04 11:32 - 2013-10-04 11:32 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-04 11:32 - 2013-10-04 11:32 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-04 11:32 - 2013-10-04 11:32 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-04 11:32 - 2013-10-04 11:32 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-04 11:13 - 2013-10-04 11:13 - 00000020 _____ C:\Windows\xøˆ
2013-10-04 11:13 - 2009-12-17 13:24 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-10-04 11:08 - 2010-02-14 14:24 - 00111288 _____ C:\Users\dhushan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-04 11:06 - 2009-07-14 06:45 - 03028512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-04 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-04 11:02 - 2009-10-13 00:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-04 10:51 - 2013-10-04 10:51 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-04 10:51 - 2009-10-13 00:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-04 10:50 - 2010-02-25 00:59 - 00000000 ____D C:\Users\dhushan\AppData\Local\Adobe
2013-10-04 10:05 - 2013-10-04 10:04 - 01954124 _____ (Farbar) C:\Users\dhushan\Desktop\FRST64.exe
2013-10-04 09:17 - 2010-02-26 16:06 - 00000000 ____D C:\Users\dhushan\AppData\Roaming\vlc
2013-10-02 19:24 - 2010-02-14 14:25 - 00001425 _____ C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-02 19:24 - 2010-02-14 14:25 - 00000000 ___RD C:\Users\dhushan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-02 19:22 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 19:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-02 19:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-10-02 19:19 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-10-02 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-10-02 16:11 - 2013-10-02 16:10 - 00000000 ____D C:\Windows\system32\MRT
2013-10-02 16:05 - 2013-10-02 15:58 - 00012966 _____ C:\Windows\IE10_main.log
2013-10-02 16:02 - 2013-10-02 16:02 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-02 16:02 - 2013-10-02 16:02 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-02 16:02 - 2013-10-02 16:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-02 16:02 - 2013-10-02 16:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-02 16:02 - 2013-10-02 16:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-02 16:02 - 2013-10-02 16:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-02 16:02 - 2013-10-02 16:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-02 16:00 - 2013-10-02 16:00 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 16:00 - 2013-10-02 16:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-10-02 15:59 - 2013-10-02 15:59 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-02 15:50 - 2013-10-02 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-02 15:50 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-10-02 13:00 - 2013-10-02 13:00 - 00019845 _____ C:\ComboFix.txt
2013-10-02 13:00 - 2013-10-02 11:55 - 00000000 ____D C:\Qoobox
2013-10-02 13:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-02 12:59 - 2013-10-02 11:55 - 00000000 ____D C:\Windows\erdnt
2013-10-02 12:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-02 12:53 - 2013-01-29 17:31 - 00000000 ____D C:\Users\dhushan\Documents\Windows
2013-10-02 12:31 - 2012-06-13 10:24 - 00000740 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-10-02 12:29 - 2013-10-02 12:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-10-02 12:28 - 2013-10-02 12:28 - 18070536 _____ (Adobe Systems Inc.) C:\Users\dhushan\Downloads\AdobeAIRInstaller.exe
2013-10-02 12:28 - 2013-10-02 12:28 - 00000000 ____D C:\Users\dhushan\AppData\Local\Macromedia
2013-10-02 12:26 - 2013-02-25 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 12:26 - 2011-08-29 11:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-02 11:53 - 2013-10-02 11:53 - 05132885 ____R (Swearware) C:\Users\dhushan\Desktop\ComboFix.exe
2013-10-02 11:49 - 2013-02-03 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-02 11:45 - 2013-10-02 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 11:45 - 2013-02-03 14:54 - 00000000 ____D C:\Users\dhushan\AppData\Local\Mozilla
2013-10-02 11:26 - 2010-09-15 11:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-02 10:39 - 2013-10-02 10:39 - 00002145 _____ C:\Users\dhushan\Desktop\Gmer.txt
2013-10-02 10:31 - 2013-10-02 10:31 - 00377856 _____ C:\Users\dhushan\Desktop\9h2u4ps3.exe
2013-10-02 10:13 - 2013-10-02 10:13 - 00000000 ____D C:\FRST
2013-10-02 10:11 - 2013-10-02 10:11 - 00000476 _____ C:\Users\dhushan\Desktop\defogger_disable.log
2013-10-02 10:11 - 2013-10-02 10:11 - 00000000 _____ C:\Users\dhushan\defogger_reenable
2013-10-02 10:11 - 2010-02-14 14:24 - 00000000 ____D C:\Users\dhushan
2013-10-02 10:10 - 2013-10-02 10:10 - 00050477 _____ C:\Users\dhushan\Desktop\Defogger.exe
2013-10-02 09:30 - 2010-07-19 10:49 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT
2013-10-02 09:26 - 2013-10-02 09:26 - 98712514 _____ C:\Windows\SysWOW64\䫚躏轜S
2013-10-01 19:03 - 2010-11-05 17:46 - 00000000 ____D C:\Users\dhushan\Documents\UseNeXT
2013-10-01 18:37 - 2013-10-01 18:37 - 98609570 _____ C:\Windows\SysWOW64\ᕗ灍轜š
2013-09-30 11:56 - 2013-09-30 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 18:03 - 2013-09-29 18:03 - 98466785 _____ C:\Windows\SysWOW64\줵ᴰ轜š
2013-09-27 15:14 - 2013-09-27 15:14 - 98267320 _____ C:\Windows\SysWOW64\"韜轜™
2013-09-25 19:26 - 2013-09-25 19:26 - 97787360 _____ C:\Windows\SysWOW64\悎핼轜¢
2013-09-25 13:26 - 2013-09-25 13:26 - 97729025 _____ C:\Windows\SysWOW64\曤ĕ轜–
2013-09-24 14:05 - 2013-09-24 14:05 - 97531747 _____ C:\Windows\SysWOW64\஼䚗轜‹
2013-09-23 14:13 - 2013-09-23 14:13 - 98646441 _____ C:\Windows\SysWOW64\齖䬔轜N
2013-09-22 11:40 - 2013-09-22 11:40 - 98586517 _____ C:\Windows\SysWOW64\뗏ꤿ轜)
2013-09-20 14:01 - 2013-09-20 14:01 - 98474815 _____ C:\Windows\SysWOW64\᳕ߌ轜[
2013-09-19 14:25 - 2013-09-19 14:25 - 98378485 _____ C:\Windows\SysWOW64\膗⮚轜@
2013-09-18 13:16 - 2013-09-18 13:16 - 98123923 _____ C:\Windows\SysWOW64\陇珎轜˜
2013-09-16 18:22 - 2013-09-16 12:22 - 97787879 _____ C:\Windows\SysWOW64\⟟踠轜™
2013-09-14 17:43 - 2013-09-14 17:43 - 00000000 ____D C:\Program Files (x86)\Video Download Converter
2013-09-11 09:22 - 2013-09-11 09:22 - 97063418 _____ C:\Windows\SysWOW64\熫鴳轜S
2013-09-10 18:32 - 2013-09-10 18:32 - 96985259 _____ C:\Windows\SysWOW64\︕䕂轜C
2013-09-09 18:29 - 2013-09-09 18:29 - 96732368 _____ C:\Windows\SysWOW64\瀒霕轜‘
2013-09-07 17:28 - 2013-09-07 17:28 - 96511910 _____ C:\Windows\SysWOW64\⡨�轜I

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


Some content of TEMP:
====================
C:\Users\dhushan\AppData\Local\Temp\BackupSetup.exe
C:\Users\dhushan\AppData\Local\Temp\Quarantine.exe
C:\Users\dhushan\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-10-14 15:09

==================== End Of Log ============================
--- --- ---

--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:15 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132