Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Brief von Telekom Abuse Team wegen Verdachts auf Hacking

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.06.2013, 09:06   #1
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Hallo,

folgendes zur Situation. Bin Untermieter bei einem älteren Ehepaar und benutze auch den selben Internetanschluss. Die Vermieter haben den im Thema erwähnten Brief bekommen.

Dort stand, dass von dem Anschluss wohl Attacken auf andere Computer ausgeführt wurden ( "Hacking") und evtl auch Passwörter etc. ausgelesen wurden. Leider steht da nichts näheres zu Zeitpunkt etc drinnen.

Kommt mir relativ ungelegen da ich z.Z. sehr sehr viel Stress habe.

Von daher erst mal eine Frage: Könnte ich theoretisch einfach meinen Rechner platt machen und neu aufsetzen, um sicherzugehen , dass die Gefahr zumindest nicht von mir ausgeht und meine Daten etc sicher sind, falls was gefunden wird ? Stelle ich mir schneller vor als Stundenlange Workarounds

Ab und zu hatte ich aber leider eine externe Festplatte sowie das Handy dran, und weiß daher natürlich nicht ob der Virus da evtl übergesprungen ist. Auf der externen Platte befinden sich auch Sicherungen zum Studium, weswegen ich die auch später wieder anschließen müsste.

Aber jetzt zur Systemsituation.

Im WLAN hängen mein Laptop ( Win 7 ), ein MacMini , und die Vermieter haben wohl noch zwei älteren Laptops, die sie wohl auch manchmal benutzen. Besuch haben sie auch häufig von Verwandten, die alle möglichen Geräte mitbringen ( Laptops/Handy/Tablets ) und sich damit ins WLAN einloggen. Auch die letzten Wochen wohl. Über all diese Rechner habe ich auch wenig Handhabe und ehrlich gesagt auch zur Zeit nicht die Lust, geschweige überhaupt Zeit, mich darum zu kümmern. Deswegen hier erst mal alles zu meinem Laptop (win-7 64 bit)


Avast! hat mit der schnellen Systemprüfung was gefunden. Einen Virus namens, HTML:lframe-inf , und diesen in den Container verschoben.
Aufenthaltsort war C:\Users\lui\AppData\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\...
Außerdem konnte es einige Dateien nicht überprüfen ( selber Ordner ).

Eine anschließende komplette Überprüfung hat bis auf die Dateien, auf die Avast nicht zugreifen konnte, nichts mehr ergeben.

Leider finde ich bei Avast nirgends eine Option das Log zu kopieren um es hier einzufügen.


Malwarebytes


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.27.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
lui :: LUI-PC [Administrator]

Schutz: Aktiviert

27.06.2013 18:47:50
mbam-log-2013-06-27 (18-47-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 584468
Laufzeit: 2 Stunde(n), 1 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

OTL
Code:
ATTFilter
OTL logfile created on: 28.06.2013 00:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lui\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,48% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 116,20 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
 
Computer Name: LUI-PC | User Name: lui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.27 19:32:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lui\Desktop\OTL.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.11 14:12:03 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.03.12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.04.13 11:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.11 14:12:03 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.26 09:49:06 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 15:10:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.13 11:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.27 23:28:39 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.06.27 23:28:39 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.06.27 23:28:39 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.01.29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 20 56 C0 C8 6C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.netvibes.com"
FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.4
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.6
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.backup.ftp: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.01 13:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.16 19:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\Extensions
[2013.06.27 23:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\Firefox\Profiles\trxgfzh0.default\extensions
[2013.01.15 18:44:19 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\lui\AppData\Roaming\mozilla\Firefox\Profiles\trxgfzh0.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2013.05.07 21:30:33 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\lui\AppData\Roaming\mozilla\Firefox\Profiles\trxgfzh0.default\extensions\foxyproxy@eric.h.jung
[2013.04.05 17:51:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\lui\AppData\Roaming\mozilla\Firefox\Profiles\trxgfzh0.default\extensions\ich@maltegoetz.de
[2013.06.27 23:23:43 | 000,316,574 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\artur.dubovoy@gmail.com.xpi
[2013.04.18 21:37:24 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\info@maltegoetz.de.xpi
[2013.06.16 19:20:45 | 000,375,787 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.06.20 19:22:45 | 000,069,465 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\mediahint@jetpack.xpi
[2013.06.23 07:53:32 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.30 21:27:39 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2013.05.08 20:39:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.26 09:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.26 09:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.01 13:55:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google-Suche = C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D411ACB2-76F7-4E50-9EF4-D657431B8458}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.27 19:32:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lui\Desktop\OTL.exe
[2013.06.27 18:43:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\lui\Desktop\HiJackThis204.exe
[2013.06.27 18:42:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\lui\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.26 09:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.19 10:08:37 | 000,000,000 | ---D | C] -- C:\Users\lui\Desktop\mathe2 13
[2013.06.06 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\lui\AppData\Local\My Games
[2013.06.04 23:49:20 | 000,000,000 | ---D | C] -- C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.28 00:32:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.28 00:11:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 23:29:46 | 000,007,603 | ---- | M] () -- C:\Users\lui\AppData\Local\Resmon.ResmonCfg
[2013.06.27 23:28:39 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.27 23:28:39 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.27 23:28:39 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.27 23:28:39 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 23:28:39 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 23:28:39 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.27 20:51:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.27 19:57:23 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 19:57:23 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 19:39:16 | 000,377,856 | ---- | M] () -- C:\Users\lui\Desktop\gmer_2.1.19163.exe
[2013.06.27 19:32:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lui\Desktop\OTL.exe
[2013.06.27 19:29:46 | 000,000,000 | ---- | M] () -- C:\Users\lui\defogger_reenable
[2013.06.27 19:16:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.27 18:44:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 18:43:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\lui\Desktop\HiJackThis204.exe
[2013.06.27 18:43:05 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\lui\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.27 15:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.27 15:09:16 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.23 16:20:31 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.23 16:20:31 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.23 16:20:31 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.23 16:20:31 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.23 16:20:31 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.21 18:45:57 | 016,170,387 | ---- | M] () -- C:\Users\lui\Desktop\Daft Punk - Get Lucky (Official Audio) ft. Pharrell Williams (HD).mp4
[2013.06.20 22:00:47 | 002,569,381 | ---- | M] () -- C:\Users\lui\Desktop\4EXTRecoveryUpdater.apk
[2013.06.20 21:55:24 | 000,268,376 | ---- | M] () -- C:\Users\lui\Desktop\winmd5free.zip
[2013.06.20 21:40:18 | 160,111,702 | ---- | M] () -- C:\Users\lui\Desktop\cm-10.1-20130618-UNOFFICIAL-saga.zip
[2013.06.20 21:38:37 | 095,417,279 | ---- | M] () -- C:\Users\lui\Desktop\gapps-jb-20130301-signed.zip
[2013.06.18 15:42:47 | 033,033,759 | ---- | M] () -- C:\Users\lui\Desktop\German Education (SD).mp4
[2013.06.05 10:02:36 | 000,030,531 | ---- | M] () -- C:\Users\lui\Desktop\blatt20.pdf
[2013.06.04 23:49:00 | 000,230,613 | ---- | M] () -- C:\Users\lui\Documents\EVEMon_Settings_4016.xml.bak
[2013.06.02 11:35:32 | 037,693,908 | ---- | M] () -- C:\Users\lui\Desktop\[Electro] - Insan3Lik3 - Bad Pitched (Original Mix) [Monstercat VIP Release] (HD).mp4
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.27 23:28:40 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 19:39:11 | 000,377,856 | ---- | C] () -- C:\Users\lui\Desktop\gmer_2.1.19163.exe
[2013.06.27 19:29:46 | 000,000,000 | ---- | C] () -- C:\Users\lui\defogger_reenable
[2013.06.27 18:44:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 09:15:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 09:15:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.21 18:45:23 | 016,170,387 | ---- | C] () -- C:\Users\lui\Desktop\Daft Punk - Get Lucky (Official Audio) ft. Pharrell Williams (HD).mp4
[2013.06.20 22:00:45 | 002,569,381 | ---- | C] () -- C:\Users\lui\Desktop\4EXTRecoveryUpdater.apk
[2013.06.20 21:55:17 | 000,268,376 | ---- | C] () -- C:\Users\lui\Desktop\winmd5free.zip
[2013.06.20 21:33:36 | 095,417,279 | ---- | C] () -- C:\Users\lui\Desktop\gapps-jb-20130301-signed.zip
[2013.06.20 21:32:19 | 160,111,702 | ---- | C] () -- C:\Users\lui\Desktop\cm-10.1-20130618-UNOFFICIAL-saga.zip
[2013.06.18 15:41:42 | 033,033,759 | ---- | C] () -- C:\Users\lui\Desktop\German Education (SD).mp4
[2013.06.05 10:02:31 | 000,030,531 | ---- | C] () -- C:\Users\lui\Desktop\blatt20.pdf
[2013.06.04 23:50:03 | 000,230,613 | ---- | C] () -- C:\Users\lui\Documents\EVEMon_Settings_4016.xml.bak
[2013.06.02 11:34:16 | 037,693,908 | ---- | C] () -- C:\Users\lui\Desktop\[Electro] - Insan3Lik3 - Bad Pitched (Original Mix) [Monstercat VIP Release] (HD).mp4
[2012.04.05 00:43:01 | 001,590,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.19 13:03:10 | 000,007,603 | ---- | C] () -- C:\Users\lui\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.18 20:06:31 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\.minecraft
[2013.04.08 14:34:24 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\.StarMade
[2013.04.28 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\AnvSoft
[2013.06.02 11:48:54 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Audacity
[2012.12.09 01:42:58 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\EAC
[2013.03.04 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\EveHQ
[2013.06.04 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\EVEMon
[2013.02.13 22:22:29 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\FDRLab
[2012.09.21 12:11:22 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\HTC
[2012.09.21 12:13:04 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013.04.28 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Imagine
[2012.02.07 18:47:29 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Indicium Technologies
[2012.03.03 12:08:20 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\IrfanView
[2013.04.11 18:48:30 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\LolClient
[2012.01.26 15:48:22 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Miranda
[2012.02.09 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\OpenOffice.org
[2012.12.03 05:43:15 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Origin
[2013.04.10 00:00:43 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\TS3Client
[2012.05.09 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\ts3overlay
[2013.05.23 00:36:54 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 28.06.2013 00:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lui\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,48% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 116,20 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
 
Computer Name: LUI-PC | User Name: lui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067571AE-B73F-4E91-A617-624C7DD9CD56}" = rport=139 | protocol=6 | dir=out | app=system | 
"{19557127-C6E1-4050-900A-9C5AD243CB80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1AD2966D-39B9-4308-9983-56174DC9EF39}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F888D55-802E-4EFD-BD8E-687923074831}" = rport=137 | protocol=17 | dir=out | app=system | 
"{28E28A3E-471E-49BA-B837-9BCB479FCFFB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2C3D7347-702F-4FDB-B0B6-7EC246F6D88B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3882FE75-4AA8-4CAC-979B-65D432306020}" = rport=138 | protocol=17 | dir=out | app=system | 
"{42BB55DC-27B3-43F4-A37D-DE83028B90E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{44D97CBC-1865-45A9-8073-0A70F27057E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{45D530D9-5801-4F43-89F9-5C7E4CF3EF32}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5319C9EA-C69F-4FCD-A185-122B11769788}" = lport=58403 | protocol=17 | dir=in | name=pando media booster | 
"{53C0DB24-2252-42CE-98FF-8A1EBF378412}" = lport=58403 | protocol=17 | dir=in | name=pando media booster | 
"{5888C16E-314B-43F5-924E-3622944C609B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6BFF31A0-5F1D-4C6A-88AE-7106670C7A6D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6E7E79DE-8D3C-4903-B7C4-E846021392C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{72AEC516-0AB8-46CD-88FE-E96EE58FE180}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8ADAF6D4-3AAB-44A7-AC55-5ABB7F450FAB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9415FFDE-A05B-482B-A151-A1E24E64CFB1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{96E81057-881B-4C3C-BA09-F5B58629A5BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3B83A7F-8D82-4578-9258-3C572E567B9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5274EBE-D9C0-4258-A851-98CEB6165DA4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C67C6C9C-2CA4-49D6-BA98-3447C4D44EFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9F6029C-DC3A-4233-965B-391B47447786}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6829C65-A4B9-4C4C-B0D6-38E7BAC372AF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D72A516C-CBDE-4517-B4A1-838B32821B8B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2B2A201-5929-479C-BBF2-701F47AF7FC8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FCEB000D-DCEA-4820-9790-9A1EC18F01F6}" = lport=58403 | protocol=6 | dir=in | name=pando media booster | 
"{FEE8ED0F-AEEF-4BA4-AC7B-2274C9D1A5D8}" = lport=58403 | protocol=6 | dir=in | name=pando media booster | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0591EC3F-CBF6-4F3D-B594-2E87A8963B64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0951295C-E7DD-423B-8D11-7D9E58C14717}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{1BC2536B-DAF1-46C7-9B20-B75DA19A4232}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe | 
"{1C870241-C0AD-44B0-AF6F-508D5420A989}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{21A2BE19-DC70-4799-A403-FC82CD25E135}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{2476F010-818D-44A1-BF73-C9713B2FD8BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{24C9608F-BEDF-4E85-B3E7-664AF0972555}" = protocol=6 | dir=out | app=system | 
"{24EE1A2C-308A-4677-BCF2-ADD01F5BC74A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A76F6C4-F99E-414B-A546-45599630E13C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{307F4E33-B3CB-43C3-85A4-6669DF85A5E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{31C93FB9-1C07-486F-BBF7-81B9677B16F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32AB04AA-D573-460B-8B46-07CBFC65F343}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{33D2545A-E442-4453-BC44-D08D1A2A8233}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3A88AD73-615D-4AC8-99B7-5E537ED6B3FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3CBC4F85-93D8-4E78-818A-AB3126B31520}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{47AB54F5-5194-4628-B794-68FFD667DA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe | 
"{4E1A8C51-21ED-4501-BBB0-CCAA8EDEFC72}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{50489535-7504-4BCB-BAAB-25EF4F4F412F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{51E6B994-AF08-481E-BCE2-DCD5FF92EA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{528A127B-6C21-47FB-B807-1B32B52528EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{54FBA04E-0AFB-4760-A7E0-53E3A1680241}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5C869545-DC4E-4340-949D-E52F5BC77DAD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{5C89FD2F-DD13-46D8-9425-BE0D1A96E76E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{5E973B3F-023A-4098-8AF9-0ABF1CBE6EA0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{659CAFC3-E70C-4916-AAF4-EF1B6A6AA595}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{66F2946B-E88D-4E5C-A607-23A4BDF86EF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{6904A5AF-BF36-4265-9270-FEC1B0E28292}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe | 
"{69E2FE67-E9A7-433F-BA35-F698F3BF56B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6A1EBF73-E863-467A-8CF5-DA501DB23858}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{74438AF5-F558-4383-8B64-CD77CA88732F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E72B6E2-F6FD-4D5B-AA8B-8F0B136E0E55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8454C1C3-72F6-439B-B04D-C41B528CB6CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E68F39F-E323-4224-9D89-8B6A9D3A601E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{9B987F12-5F70-4981-90EE-958D71384BD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A4DF4870-F9B9-4C9E-983A-7C8BE675812E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A760DA8D-82D8-4656-AD5B-47E8383B4AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{ADDAB324-0A68-4FEB-8274-F5319AF8E67B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B772FC00-8588-41DE-88BE-89C07EBB34C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{BE78533F-ADA9-40B3-928E-25252589794F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe | 
"{C21638FC-158A-449B-B3E9-A8F830287D1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CDF2CF74-3512-483C-9692-4C3010961A6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D69912B8-26EB-4C9A-BB7B-24923A8E87D0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{D6C5B878-713C-43AE-8FA7-29781F526054}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DFA8FEB4-9D2B-4059-B812-FB1AD75E1AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{E2ACE61D-EE44-4CC2-9627-4039C42F0685}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{E3547413-D807-495D-8533-E96D093287C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E952D60D-5864-439F-8402-9CB41B951D4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EEF1AA87-BBBB-4525-A43F-0C0965191E28}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F077C1A7-042F-4E82-9937-AB37C27E42DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{F308E984-140C-4F23-BC32-8475C248D9A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{F682F84C-01DF-4FF8-B3CA-6BEF83608F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F7B10B3E-4A2E-47BA-ABAB-BFE2536AF515}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FB3863EF-FCF5-4ACD-84F5-AD3210CB5990}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{FB9307F5-366C-4756-892F-EC910AD537B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{0E35F312-CD81-4CA4-A523-788537D88DE4}C:\users\lui\desktop\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\lui\desktop\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{14E1DBF6-BFCD-406C-A7DC-28CF648F1019}C:\program files (x86)\ccp\eve - kopie\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve - kopie\bin\exefile.exe | 
"TCP Query User{506E5605-B1C0-4E41-A34F-71177C93CDC6}C:\program files (x86)\ccp\singularity\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\singularity\bin\exefile.exe | 
"TCP Query User{50C5EAB5-72E9-449D-9E75-4768EF367595}C:\program files (x86)\mass effect 2\binaries\eacoreserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\eacoreserver.exe | 
"TCP Query User{5B0A90BB-7A9E-434F-81B5-88074010E6DA}C:\program files (x86)\fdrlab\anytv\anytv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fdrlab\anytv\anytv.exe | 
"TCP Query User{77645CDA-AFDB-4D58-952E-D229611A04AB}C:\games\mass effect 2\binaries\eacoreserver.exe" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\eacoreserver.exe | 
"TCP Query User{9FA417B0-6774-4706-8D36-4586B8FC4D3C}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{A4867638-0814-46CA-9E85-9A18670E8E62}C:\program files (x86)\ccp\buckungham\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\buckungham\bin\exefile.exe | 
"TCP Query User{AD38140B-CBDE-4F73-BB19-823CB8B8ED2A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{BF9D7C9F-CD57-4099-9E28-BF2F3BD1F13D}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{C36E46AB-2F69-41E0-9D60-5A56D7711AA7}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"TCP Query User{E4AB6C2D-55A1-4D9A-BEA1-6F56EB2FA527}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{EB3ED7CB-11B6-41D8-934C-FDB460215ABC}C:\program files (x86)\ccp\duality\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\duality\bin\exefile.exe | 
"UDP Query User{1A4CBB15-1E8A-485E-BEA0-7BA129C01188}C:\program files (x86)\mass effect 2\binaries\eacoreserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\eacoreserver.exe | 
"UDP Query User{374F58F0-F5BA-4AC9-86F1-DF31677763D3}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{3AFF78E1-A79B-46AA-B4CE-9200E644747C}C:\program files (x86)\fdrlab\anytv\anytv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fdrlab\anytv\anytv.exe | 
"UDP Query User{7E7E8977-1339-411D-81A7-21B8929BD955}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A8A72941-2BA6-4A27-B53B-A8BFEE0D6520}C:\users\lui\desktop\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\lui\desktop\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{BC79B44C-DB40-46F5-915D-FA15C929561C}C:\program files (x86)\ccp\buckungham\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\buckungham\bin\exefile.exe | 
"UDP Query User{BCDCAE7E-971D-468D-A674-1B359984A0C5}C:\program files (x86)\ccp\singularity\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\singularity\bin\exefile.exe | 
"UDP Query User{D2D58A1D-02EB-42A3-B0FB-D14EF7000217}C:\games\mass effect 2\binaries\eacoreserver.exe" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\eacoreserver.exe | 
"UDP Query User{D713794A-A065-4175-AD0E-BBB6A9C7699C}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{E0EC86C6-90BE-43E0-A490-FA46C0355B62}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"UDP Query User{E1D08A0A-10C2-4A94-9A32-5646C1136631}C:\program files (x86)\ccp\eve - kopie\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve - kopie\bin\exefile.exe | 
"UDP Query User{EFC93121-A2A7-4C3B-8B99-BD482E132331}C:\program files (x86)\ccp\duality\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\duality\bin\exefile.exe | 
"UDP Query User{FB685353-5885-465C-A481-A5F938B19EAF}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0613D880-939E-4C9D-AD7C-A10DF7D7D5E9}" = EveHQ
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C71F947D-C500-4C00-AF0A-8B397A3F9DE5}" = HTC Sync
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{EDF6CEF3-8415-4868-8B1F-8D9E5FF8FC23}" = Microsoft Expression Design 4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Audio Converter_is1" = Any Audio Converter 4.0.1
"AnyTV Free_is1" = AnyTV Free 2.63
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"BOSS" = BOSS
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Design_8.0.31217.1" = Microsoft Expression Design 4
"EA Installer.1760404899" = EA Installer
"EA Installer.-2099549384" = EA Installer
"EVEMon" = EVEMon
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Maxima-5.25.1_is1" = Maxima 5.25.1
"Miranda IM" = Miranda IM 0.9.42
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0
"Neverwinter" = Neverwinter
"Origin" = Origin
"SpeedFan" = SpeedFan (remove only)
"Steam App 17410" = Mirror's Edge
"Steam App 202480" = Creation Kit
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"UltraISO_is1" = UltraISO Premium V9.53
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
"Imagine" = Imagine
"Network Addon Mod" = Network Addon Mod 31.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 07:30:25 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00032f02  ID des fehlerhaften
 Prozesses: 0x13fc  Startzeit der fehlerhaften Anwendung: 0x01ce521e0352a09c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 004edda8-be1c-11e2-8f0a-00197ef16f14
 
Error - 16.05.2013 07:30:36 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004ff4b  ID des fehlerhaften
 Prozesses: 0x13fc  Startzeit der fehlerhaften Anwendung: 0x01ce521e0352a09c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 06649277-be1c-11e2-8f0a-00197ef16f14
 
Error - 16.05.2013 10:16:36 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002aafac  ID des fehlerhaften
 Prozesses: 0xe88  Startzeit der fehlerhaften Anwendung: 0x01ce523fb9ff0526  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Berichtskennung:
 3728626a-be33-11e2-8f0a-00197ef16f14
 
Error - 16.05.2013 11:34:01 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00060bf0  ID des fehlerhaften
 Prozesses: 0x107c  Startzeit der fehlerhaften Anwendung: 0x01ce523fff529e04  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Berichtskennung:
 07f92bea-be3e-11e2-8f0a-00197ef16f14
 
Error - 25.05.2013 13:07:07 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec3cc  Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec306  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c9789  ID des fehlerhaften
 Prozesses: 0x89c  Startzeit der fehlerhaften Anwendung: 0x01ce595c1a1fea30  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 8713a1ef-c55d-11e2-89f0-00197ef16f14
 
Error - 31.05.2013 07:13:42 | Computer Name = lui-PC | Source = Application Hang | ID = 1002
Description = Programm Morrowind.exe, Version 1.6.0.1820 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e1c    Startzeit: 
01ce5ded39332c51    Endzeit: 7    Anwendungspfad: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe

Berichts-ID:
   
 
Error - 31.05.2013 10:18:53 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033c5c  ID des fehlerhaften
 Prozesses: 0xc90  Startzeit der fehlerhaften Anwendung: 0x01ce5df74163e7e9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 050c1e02-c9fd-11e2-8fea-00197ef16f14
 
Error - 08.06.2013 13:00:00 | Computer Name = lui-PC | Source = BugSplat | ID = 1
Description = 
 
Error - 10.06.2013 06:38:11 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x2454892c  ID des fehlerhaften
 Prozesses: 0xf1c  Startzeit der fehlerhaften Anwendung: 0x01ce65c6534a3c34  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d84d44d7-d1b9-11e2-8615-00197ef16f14
 
Error - 23.06.2013 07:48:17 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002aafc9  ID des fehlerhaften
 Prozesses: 0xadc  Startzeit der fehlerhaften Anwendung: 0x01ce70071a46b64a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Berichtskennung:
 cb083798-dbfa-11e2-9680-00197ef16f14
 
[ System Events ]
Error - 31.05.2013 04:06:15 | Computer Name = lui-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31.05.2013 06:16:36 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?05.?2013 um 12:15:10 unerwartet heruntergefahren.
 
Error - 02.06.2013 03:54:29 | Computer Name = lui-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.06.2013 07:19:13 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?06.?2013 um 12:49:32 unerwartet heruntergefahren.
 
Error - 06.06.2013 09:23:34 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?06.?2013 um 15:21:37 unerwartet heruntergefahren.
 
Error - 07.06.2013 11:54:52 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?06.?2013 um 16:59:42 unerwartet heruntergefahren.
 
Error - 10.06.2013 02:46:03 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?06.?2013 um 00:06:03 unerwartet heruntergefahren.
 
Error - 25.06.2013 14:43:07 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?06.?2013 um 16:22:43 unerwartet heruntergefahren.
 
Error - 26.06.2013 06:45:54 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?06.?2013 um 12:02:42 unerwartet heruntergefahren.
 
Error - 27.06.2013 09:09:21 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?06.?2013 um 15:06:53 unerwartet heruntergefahren.
 
 
< End of report >
         


Ich hätte auch noch einen Log von Gmer, aber der Post wäre zu lang und Anhänge soll ich ja erst posten wenn vom Helfer gefordert. Steht aber wie gesagt auf Abruf bereit.

Schon mal Danke und freundliche Grüße
Penicillin

Alt 28.06.2013, 09:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 28.06.2013, 11:07   #3
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



hallo und vielen dank für die schnelle antwort

frst.txt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by lui (administrator) on 28-06-2013 11:44:10
Running from C:\Users\lui\Desktop
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-11] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default
FF Homepage: www.netvibes.com
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "backup.ftp", "www-proxy.t-online.de"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "www-proxy.t-online.de"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "www-proxy.t-online.de"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\foxyproxy@eric.h.jung
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\ich@maltegoetz.de
FF Extension: mediaplayerconnectivity - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
FF Extension: artur.dubovoy - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: info - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\info@maltegoetz.de.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: mediahint - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\mediahint@jetpack.xpi
FF Extension: No Name - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
FF Extension: No Name - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-13] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 uwldapow; \??\C:\Users\lui\AppData\Local\Temp\uwldapow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 11:43 - 2013-06-28 11:43 - 00000000 ____D C:\FRST
2013-06-28 10:44 - 2013-06-28 10:45 - 01933484 ____A (Farbar) C:\Users\lui\Desktop\FRST64.exe
2013-06-28 09:34 - 2013-06-28 09:34 - 00095899 ____A C:\Users\lui\Desktop\gmer.log
2013-06-28 01:05 - 2013-06-28 01:05 - 00072120 ____A C:\Users\lui\Desktop\Extras.Txt
2013-06-28 01:04 - 2013-06-28 01:04 - 00070508 ____A C:\Users\lui\Desktop\OTL.Txt
2013-06-27 23:28 - 2013-06-27 23:28 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 19:40 - 2013-06-28 00:42 - 00001585 ____A C:\Users\lui\Desktop\Neues Textdokument.txt
2013-06-27 19:39 - 2013-06-27 19:39 - 00377856 ____A C:\Users\lui\Desktop\gmer_2.1.19163.exe
2013-06-27 19:32 - 2013-06-27 19:32 - 00602112 ____A (OldTimer Tools) C:\Users\lui\Desktop\OTL.exe
2013-06-27 19:29 - 2013-06-27 19:29 - 00000468 ____A C:\Users\lui\Downloads\defogger_disable.log
2013-06-27 19:29 - 2013-06-27 19:29 - 00000000 ____A C:\Users\lui\defogger_reenable
2013-06-27 19:28 - 2013-06-27 19:28 - 00050477 ____A C:\Users\lui\Downloads\Defogger.exe
2013-06-27 18:49 - 2013-06-27 18:49 - 00007978 ____A C:\Users\lui\Desktop\hijackthis.log
2013-06-27 18:44 - 2013-06-27 18:44 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-27 18:43 - 2013-06-27 18:43 - 00388608 ____A (Trend Micro Inc.) C:\Users\lui\Desktop\HiJackThis204.exe
2013-06-27 18:42 - 2013-06-27 18:43 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\lui\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-27 09:15 - 2013-06-27 23:28 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 09:15 - 2013-06-27 23:28 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-26 09:48 - 2013-06-26 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-21 18:45 - 2013-06-21 18:45 - 16170387 ____A C:\Users\lui\Desktop\Daft Punk - Get Lucky (Official Audio) ft. Pharrell Williams (HD).mp4
2013-06-20 22:00 - 2013-06-20 22:00 - 02569381 ____A C:\Users\lui\Desktop\4EXTRecoveryUpdater.apk
2013-06-20 21:55 - 2013-06-20 21:55 - 00268376 ____A C:\Users\lui\Desktop\winmd5free.zip
2013-06-20 21:33 - 2013-06-20 21:38 - 95417279 ____A C:\Users\lui\Desktop\gapps-jb-20130301-signed.zip
2013-06-20 21:32 - 2013-06-20 21:40 - 160111702 ____A C:\Users\lui\Desktop\cm-10.1-20130618-UNOFFICIAL-saga.zip
2013-06-20 09:26 - 2013-06-20 09:27 - 22368277 ____A C:\Users\lui\Downloads\18 year old innocent teen babe - Free Porn Videos - YouPorn.mp4
2013-06-20 09:26 - 2013-06-20 09:27 - 13443606 ____A C:\Users\lui\Downloads\Big tit stripper rides a cock - Free Porn Videos - YouPorn.mp4
2013-06-20 09:24 - 2013-06-20 09:25 - 07543835 ____A C:\Users\lui\Downloads\Cute brunette taking cock well - Free Porn Videos - YouPorn.mp4
2013-06-20 09:23 - 2013-06-20 09:24 - 22025094 ____A C:\Users\lui\Downloads\Busty amateur first porn video - Free Porn Videos - YouPorn.mp4
2013-06-20 09:21 - 2013-06-20 09:23 - 26390147 ____A C:\Users\lui\Downloads\18 year old cutie taking a dick - Free Porn Videos - YouPorn.mp4
2013-06-19 10:08 - 2013-06-19 10:57 - 00000000 ____D C:\Users\lui\Desktop\mathe2 13
2013-06-18 21:57 - 2013-06-18 22:03 - 136284185 ____A C:\Users\lui\Downloads\Meine KETTEN SAMMLUNG (HD).mp4
2013-06-18 21:57 - 2013-06-18 22:01 - 74763024 ____A C:\Users\lui\Downloads\INDIAN SUMMER Look   Make Up   Tutorial (HD).mp4
2013-06-18 15:41 - 2013-06-18 15:42 - 33033759 ____A C:\Users\lui\Desktop\German Education (SD).mp4
2013-06-16 20:08 - 2013-06-17 13:10 - 00000000 ____D C:\Users\lui\Downloads\catherine bell
2013-06-06 22:59 - 2013-06-06 22:59 - 00000000 ____D C:\Users\lui\AppData\Local\My Games
2013-06-04 23:50 - 2013-06-04 23:49 - 00230613 ____A C:\Users\lui\Documents\EVEMon_Settings_4016.xml.bak
2013-06-02 15:26 - 2013-06-02 15:26 - 00000422 ____A C:\Users\lui\Desktop\almost daily.txt
2013-06-02 11:34 - 2013-06-02 11:35 - 37693908 ____A C:\Users\lui\Desktop\[Electro] - Insan3Lik3 - Bad Pitched (Original Mix) [Monstercat VIP Release] (HD).mp4

==================== One Month Modified Files and Folders =======

2013-06-28 11:44 - 2013-04-11 14:12 - 00000000 ____D C:\Users\lui\AppData\Local\PMB Files
2013-06-28 11:43 - 2013-06-28 11:43 - 00000000 ____D C:\FRST
2013-06-28 11:16 - 2012-10-10 20:28 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-28 11:10 - 2012-03-30 00:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 10:45 - 2013-06-28 10:44 - 01933484 ____A (Farbar) C:\Users\lui\Desktop\FRST64.exe
2013-06-28 09:34 - 2013-06-28 09:34 - 00095899 ____A C:\Users\lui\Desktop\gmer.log
2013-06-28 08:20 - 2012-10-10 20:28 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-28 08:20 - 2009-07-14 06:45 - 00013248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 08:20 - 2009-07-14 06:45 - 00013248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 08:17 - 2012-01-16 18:54 - 01508217 ____A C:\Windows\WindowsUpdate.log
2013-06-28 08:12 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 08:12 - 2009-07-14 06:51 - 00058930 ____A C:\Windows\setupact.log
2013-06-28 01:05 - 2013-06-28 01:05 - 00072120 ____A C:\Users\lui\Desktop\Extras.Txt
2013-06-28 01:04 - 2013-06-28 01:04 - 00070508 ____A C:\Users\lui\Desktop\OTL.Txt
2013-06-28 00:42 - 2013-06-27 19:40 - 00001585 ____A C:\Users\lui\Desktop\Neues Textdokument.txt
2013-06-27 23:29 - 2012-01-19 13:03 - 00007603 ____A C:\Users\lui\AppData\Local\Resmon.ResmonCfg
2013-06-27 23:28 - 2013-06-27 23:28 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 23:28 - 2013-06-27 09:15 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 23:28 - 2013-06-27 09:15 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 23:28 - 2013-03-01 19:11 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 23:28 - 2012-12-15 12:59 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 23:28 - 2012-12-15 12:59 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 20:51 - 2012-12-15 12:59 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-27 19:39 - 2013-06-27 19:39 - 00377856 ____A C:\Users\lui\Desktop\gmer_2.1.19163.exe
2013-06-27 19:32 - 2013-06-27 19:32 - 00602112 ____A (OldTimer Tools) C:\Users\lui\Desktop\OTL.exe
2013-06-27 19:31 - 2013-05-21 19:05 - 00000000 ____D C:\Users\lui\Downloads\[AP]_MONSTER_01-21_(Xvid,ger.sub)
2013-06-27 19:29 - 2013-06-27 19:29 - 00000468 ____A C:\Users\lui\Downloads\defogger_disable.log
2013-06-27 19:29 - 2013-06-27 19:29 - 00000000 ____A C:\Users\lui\defogger_reenable
2013-06-27 19:29 - 2012-01-16 19:00 - 00000000 ____D C:\users\lui
2013-06-27 19:28 - 2013-06-27 19:28 - 00050477 ____A C:\Users\lui\Downloads\Defogger.exe
2013-06-27 18:49 - 2013-06-27 18:49 - 00007978 ____A C:\Users\lui\Desktop\hijackthis.log
2013-06-27 18:44 - 2013-06-27 18:44 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-27 18:44 - 2012-12-31 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-27 18:43 - 2013-06-27 18:43 - 00388608 ____A (Trend Micro Inc.) C:\Users\lui\Desktop\HiJackThis204.exe
2013-06-27 18:43 - 2013-06-27 18:42 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\lui\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-27 15:18 - 2012-01-16 19:36 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-26 12:45 - 2012-04-25 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 12:01 - 2012-01-19 23:23 - 00000000 ____D C:\Users\lui\AppData\Roaming\vlc
2013-06-26 11:50 - 2013-06-26 09:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 10:07 - 2013-05-21 16:08 - 00000000 ____D C:\Output
2013-06-23 16:20 - 2009-07-14 19:58 - 00697082 ____A C:\Windows\System32\perfh007.dat
2013-06-23 16:20 - 2009-07-14 19:58 - 00148346 ____A C:\Windows\System32\perfc007.dat
2013-06-23 16:20 - 2009-07-14 07:13 - 01613340 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-21 18:45 - 2013-06-21 18:45 - 16170387 ____A C:\Users\lui\Desktop\Daft Punk - Get Lucky (Official Audio) ft. Pharrell Williams (HD).mp4
2013-06-21 10:57 - 2012-11-17 20:14 - 00000000 ____D C:\Android
2013-06-20 22:00 - 2013-06-20 22:00 - 02569381 ____A C:\Users\lui\Desktop\4EXTRecoveryUpdater.apk
2013-06-20 21:55 - 2013-06-20 21:55 - 00268376 ____A C:\Users\lui\Desktop\winmd5free.zip
2013-06-20 21:40 - 2013-06-20 21:32 - 160111702 ____A C:\Users\lui\Desktop\cm-10.1-20130618-UNOFFICIAL-saga.zip
2013-06-20 21:38 - 2013-06-20 21:33 - 95417279 ____A C:\Users\lui\Desktop\gapps-jb-20130301-signed.zip
2013-06-20 09:27 - 2013-06-20 09:26 - 22368277 ____A C:\Users\lui\Downloads\18 year old innocent teen babe - Free Porn Videos - YouPorn.mp4
2013-06-20 09:27 - 2013-06-20 09:26 - 13443606 ____A C:\Users\lui\Downloads\Big tit stripper rides a cock - Free Porn Videos - YouPorn.mp4
2013-06-20 09:25 - 2013-06-20 09:24 - 07543835 ____A C:\Users\lui\Downloads\Cute brunette taking cock well - Free Porn Videos - YouPorn.mp4
2013-06-20 09:24 - 2013-06-20 09:23 - 22025094 ____A C:\Users\lui\Downloads\Busty amateur first porn video - Free Porn Videos - YouPorn.mp4
2013-06-20 09:23 - 2013-06-20 09:21 - 26390147 ____A C:\Users\lui\Downloads\18 year old cutie taking a dick - Free Porn Videos - YouPorn.mp4
2013-06-19 10:57 - 2013-06-19 10:08 - 00000000 ____D C:\Users\lui\Desktop\mathe2 13
2013-06-18 22:03 - 2013-06-18 21:57 - 136284185 ____A C:\Users\lui\Downloads\Meine KETTEN SAMMLUNG (HD).mp4
2013-06-18 22:01 - 2013-06-18 21:57 - 74763024 ____A C:\Users\lui\Downloads\INDIAN SUMMER Look   Make Up   Tutorial (HD).mp4
2013-06-18 15:42 - 2013-06-18 15:41 - 33033759 ____A C:\Users\lui\Desktop\German Education (SD).mp4
2013-06-17 13:10 - 2013-06-16 20:08 - 00000000 ____D C:\Users\lui\Downloads\catherine bell
2013-06-12 15:10 - 2012-03-30 00:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 15:10 - 2012-01-16 20:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 12:43 - 2012-12-02 16:22 - 00000000 ____D C:\Fraps
2013-06-06 22:59 - 2013-06-06 22:59 - 00000000 ____D C:\Users\lui\AppData\Local\My Games
2013-06-06 22:59 - 2012-01-16 20:04 - 00000000 ____D C:\Users\lui\Documents\My Games
2013-06-06 22:58 - 2012-01-16 20:07 - 00483334 ____A C:\Windows\DirectX.log
2013-06-04 23:49 - 2013-06-04 23:50 - 00230613 ____A C:\Users\lui\Documents\EVEMon_Settings_4016.xml.bak
2013-06-04 23:49 - 2012-04-05 00:47 - 00000000 ____D C:\Users\lui\AppData\Roaming\EVEMon
2013-06-04 23:49 - 2012-04-05 00:43 - 00000000 ____D C:\Program Files (x86)\EVEMon
2013-06-02 15:26 - 2013-06-02 15:26 - 00000422 ____A C:\Users\lui\Desktop\almost daily.txt
2013-06-02 11:48 - 2013-05-21 16:14 - 00000000 ____D C:\Users\lui\AppData\Roaming\Audacity
2013-06-02 11:35 - 2013-06-02 11:34 - 37693908 ____A C:\Users\lui\Desktop\[Electro] - Insan3Lik3 - Bad Pitched (Original Mix) [Monstercat VIP Release] (HD).mp4
2013-05-31 17:19 - 2012-10-12 23:06 - 00000000 ____D C:\Users\lui\Downloads\Neuer Ordner
2013-05-29 07:37 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 15:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by lui at 2013-06-28 11:45:21
Running from C:\Users\lui\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.2.2.28595)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.6) - Deutsch (x32 Version: 10.1.6)
Any Audio Converter 4.0.1 (x32)
AnyTV Free 2.63 (x32)
ARMA 2 Operation Arrowhead Uninstall (x32)
Audacity 2.0.3 (x32 Version: 2.0.3)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
BMW M3 Challenge (x32 Version: BMW M3 Challenge v1.0.0.0)
BOSS (x32 Version: 2.1.1)
Creation Kit (x32)
Deus Ex: Human Revolution (x32)
EA Installer (x32 Version: 2.2.0.62)
EA Shared Game Component: Activation (x32 Version: 2.2.0)
EA Shared Game Component: Activation (x32 Version: 2.2.0.62)
EveHQ (x32 Version: 2.11.6)
EVEMon (x32 Version: 1.8.2.4081)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3)
Fraps (x32)
GeoGebra 4 (HKCU)
Google Chrome (x32 Version: 28.0.1500.63)
Google Update Helper (x32 Version: 1.3.21.145)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.023)
HTC Sync (x32 Version: 3.3.10)
Imagine (HKCU Version: 1.0.9)
IrfanView (remove only) (x32 Version: 4.32)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
LAME v3.99.3 (for Windows) (x32)
League of Legends (x32 Version: 1.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect™ 3 (x32 Version: 1.05.0.0)
Maxima 5.25.1 (x32 Version: 5.25.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Expression Design 4 (x32 Version: 8.0.31217.1)
Microsoft SQL Server Compact 4.0 x64 DEU (Version: 4.0.8482.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Miranda IM 0.9.42 (x32)
Mirror's Edge (x32)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MP4 To MP3 Converter V3.0 (x32)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Network Addon Mod 31.1 (HKCU Version: 31.1)
Neverwinter (x32)
Nexus Mod Manager (Version: 0.44.11)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 9.1.3.2636)
Pando Media Booster (x32 Version: 2.6.0.9)
SimCity 4 Deluxe (x32)
SpeedFan (remove only) (x32)
Star Wars: Knights of the Old Republic (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client
TechPowerUp GPU-Z (x32)
The Elder Scrolls III: Morrowind (x32)
The Elder Scrolls V: Skyrim (x32)
UltraISO Premium V9.53 (x32)
VLC media player 2.0.2 (x32 Version: 2.0.2)

==================== Restore Points  =========================

14-06-2013 06:44:07 Geplanter Prüfpunkt
21-06-2013 11:17:59 Geplanter Prüfpunkt

==================== Scheduled Tasks (whitelisted) =============

Task: {3A1F8C0E-F9C2-4920-981F-20BE02C68F79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10] (Google Inc.)
Task: {4B31DE41-3DDE-4955-9B8C-037202EC1F5A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2009-07-14] (Microsoft Corporation)
Task: {78447FF2-84BD-4603-B4B5-332D1EE30D82} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-09-25] ()
Task: {7F282111-9990-4C11-AAA0-2972EC1473FE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {A8A209FC-D059-440C-AD8D-69ECF4F73660} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {E421DDAC-1F05-41E8-B765-43A023A4117E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {F5E617BC-ACB8-495C-85B2-8ABC2667B5EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2013 01:48:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002aafc9
ID des fehlerhaften Prozesses: 0xadc
Startzeit der fehlerhaften Anwendung: 0xMorrowind.exe0
Pfad der fehlerhaften Anwendung: Morrowind.exe1
Pfad des fehlerhaften Moduls: Morrowind.exe2
Berichtskennung: Morrowind.exe3

Error: (06/10/2013 00:38:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x2454892c
ID des fehlerhaften Prozesses: 0xf1c
Startzeit der fehlerhaften Anwendung: 0xMorrowind.exe0
Pfad der fehlerhaften Anwendung: Morrowind.exe1
Pfad des fehlerhaften Moduls: Morrowind.exe2
Berichtskennung: Morrowind.exe3

Error: (06/08/2013 07:00:00 PM) (Source: BugSplat) (User: )
Description: Pando_WinPando-1

Error: (05/31/2013 04:18:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00033c5c
ID des fehlerhaften Prozesses: 0xc90
Startzeit der fehlerhaften Anwendung: 0xMorrowind.exe0
Pfad der fehlerhaften Anwendung: Morrowind.exe1
Pfad des fehlerhaften Moduls: Morrowind.exe2
Berichtskennung: Morrowind.exe3

Error: (05/31/2013 01:13:42 PM) (Source: Application Hang) (User: )
Description: Programm Morrowind.exe, Version 1.6.0.1820 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e1c

Startzeit: 01ce5ded39332c51

Endzeit: 7

Anwendungspfad: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe

Berichts-ID:

Error: (05/25/2013 07:07:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0x89c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (05/16/2013 05:34:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00060bf0
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xMorrowind.exe0
Pfad der fehlerhaften Anwendung: Morrowind.exe1
Pfad des fehlerhaften Moduls: Morrowind.exe2
Berichtskennung: Morrowind.exe3

Error: (05/16/2013 04:16:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002aafac
ID des fehlerhaften Prozesses: 0xe88
Startzeit der fehlerhaften Anwendung: 0xMorrowind.exe0
Pfad der fehlerhaften Anwendung: Morrowind.exe1
Pfad des fehlerhaften Moduls: Morrowind.exe2
Berichtskennung: Morrowind.exe3

Error: (05/16/2013 01:30:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004ff4b
ID des fehlerhaften Prozesses: 0x13fc
Startzeit der fehlerhaften Anwendung: 0xMorrowind.exe0
Pfad der fehlerhaften Anwendung: Morrowind.exe1
Pfad des fehlerhaften Moduls: Morrowind.exe2
Berichtskennung: Morrowind.exe3

Error: (05/16/2013 01:30:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820, Zeitstempel: 0x72456542
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00032f02
ID des fehlerhaften Prozesses: 0x13fc
Startzeit der fehlerhaften Anwendung: 0xMorrowind.exe0
Pfad der fehlerhaften Anwendung: Morrowind.exe1
Pfad des fehlerhaften Moduls: Morrowind.exe2
Berichtskennung: Morrowind.exe3


System errors:
=============
Error: (06/28/2013 11:31:03 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolume4" den Befehl "chkdsk" aus.

Error: (06/27/2013 03:09:21 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?27.?06.?2013 um 15:06:53 unerwartet heruntergefahren.

Error: (06/26/2013 00:45:54 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?26.?06.?2013 um 12:02:42 unerwartet heruntergefahren.

Error: (06/25/2013 08:43:07 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?25.?06.?2013 um 16:22:43 unerwartet heruntergefahren.

Error: (06/10/2013 08:46:03 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?10.?06.?2013 um 00:06:03 unerwartet heruntergefahren.

Error: (06/07/2013 05:54:52 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?07.?06.?2013 um 16:59:42 unerwartet heruntergefahren.

Error: (06/06/2013 03:23:34 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?06.?06.?2013 um 15:21:37 unerwartet heruntergefahren.

Error: (06/03/2013 01:19:13 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?03.?06.?2013 um 12:49:32 unerwartet heruntergefahren.

Error: (06/02/2013 09:54:29 AM) (Source: DCOM) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (05/31/2013 00:16:36 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?31.?05.?2013 um 12:15:10 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (06/23/2013 01:48:17 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.182072456542Morrowind.exe1.6.0.182072456542c0000005002aafc9adc01ce70071a46b64aC:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exeC:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.execb083798-dbfa-11e2-9680-00197ef16f14

Error: (06/10/2013 00:38:11 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.182072456542unknown0.0.0.000000000c00000052454892cf1c01ce65c6534a3c34C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exeunknownd84d44d7-d1b9-11e2-8615-00197ef16f14

Error: (06/08/2013 07:00:00 PM) (Source: BugSplat)(User: )
Description: Pando_WinPando-1

Error: (05/31/2013 04:18:53 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.182072456542ntdll.dll6.1.7600.169154ec49d10c000000500033c5cc9001ce5df74163e7e9C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exeC:\Windows\SysWOW64\ntdll.dll050c1e02-c9fd-11e2-8fea-00197ef16f14

Error: (05/31/2013 01:13:42 PM) (Source: Application Hang)(User: )
Description: Morrowind.exe1.6.0.1820e1c01ce5ded39332c517C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe

Error: (05/25/2013 07:07:07 PM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c978989c01ce595c1a1fea30C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll8713a1ef-c55d-11e2-89f0-00197ef16f14

Error: (05/16/2013 05:34:01 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.182072456542Morrowind.exe1.6.0.182072456542c000000500060bf0107c01ce523fff529e04C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exeC:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe07f92bea-be3e-11e2-8f0a-00197ef16f14

Error: (05/16/2013 04:16:36 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.182072456542Morrowind.exe1.6.0.182072456542c0000005002aaface8801ce523fb9ff0526C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exeC:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe3728626a-be33-11e2-8f0a-00197ef16f14

Error: (05/16/2013 01:30:36 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.182072456542ntdll.dll6.1.7600.169154ec49d10c00000050004ff4b13fc01ce521e0352a09cC:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exeC:\Windows\SysWOW64\ntdll.dll06649277-be1c-11e2-8f0a-00197ef16f14

Error: (05/16/2013 01:30:25 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.182072456542ntdll.dll6.1.7600.169154ec49d10c000000500032f0213fc01ce521e0352a09cC:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exeC:\Windows\SysWOW64\ntdll.dll004edda8-be1c-11e2-8f0a-00197ef16f14


CodeIntegrity Errors:
===================================
  Date: 2013-01-15 18:29:54.853
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\lui\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-15 18:29:54.821
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\lui\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-15 18:29:54.166
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-15 18:29:54.119
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 70%
Total physical RAM: 2046.43 MB
Available physical RAM: 607.6 MB
Total Pagefile: 4092.86 MB
Available Pagefile: 2276.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:116.07 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 000DAA42)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 28.06.2013, 17:00   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.06.2013, 20:16   #5
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Code:
ATTFilter
ComboFix 13-06-28.01 - lui 28.06.2013  20:01:47.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2046.1178 [GMT 2:00]
ausgeführt von:: c:\users\lui\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\lui\AppData\Roaming\Identities\amara\Neuer Ordner (2)\efi\boot\bootx64.efi
c:\users\lui\AppData\Roaming\Identities\amara\Neuer Ordner (2)\wubi.exe
c:\users\lui\AppData\Roaming\Identities\amara\setup.exe
c:\users\lui\AppData\Roaming\Identities\Neuer Ordner\miranda-im-v0.9.43-unicode.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-28 bis 2013-06-28  ))))))))))))))))))))))))))))))
.
.
2013-06-28 18:14 . 2013-06-28 18:14	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-28 18:14 . 2013-06-28 18:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-28 09:43 . 2013-06-28 09:43	--------	d-----w-	C:\FRST
2013-06-06 20:59 . 2013-06-06 20:59	--------	d-----w-	c:\users\lui\AppData\Local\My Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 21:28 . 2013-03-01 17:11	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 21:28 . 2012-12-15 10:59	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-27 21:28 . 2012-12-15 10:59	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-12 13:10 . 2012-03-29 22:41	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 13:10 . 2012-01-16 18:01	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-03-01 17:11	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-12-15 10:59	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-12-15 10:59	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-12-15 10:59	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-12-15 10:59	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-12-15 10:58	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-12-15 10:59	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-04-04 12:50 . 2012-12-31 15:51	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-04 03:35 . 2013-05-22 19:08	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-04-11 4288048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-27 22:17	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 13:10]
.
2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10 18:28]
.
2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10 18:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\
FF - prefs.js: browser.startup.homepage - www.netvibes.com
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-28 21:17; foxyproxy@eric.h.jung; c:\users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\extensions\foxyproxy@eric.h.jung
FF - ExtSQL: 2013-06-03 14:03; jid1-QpHD8URtZWJC2A@jetpack; c:\users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-GeoGebra 4 - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1758410552-1741059045-3522886761-1001\Software\SecuROM\License information*]
"datasecu"=hex:01,e3,98,69,97,67,04,21,f9,fd,7a,62,e0,86,f8,3a,f3,21,8a,45,52,
   44,b5,80,8a,2e,a8,3b,37,05,5d,80,6b,22,f7,e8,b5,67,43,52,ba,79,42,4a,ac,7a,\
"rkeysecu"=hex:89,19,a0,95,8b,d6,5e,bf,20,22,9e,cf,ba,31,16,b6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-28  20:18:28
ComboFix-quarantined-files.txt  2013-06-28 18:18
.
Vor Suchlauf: 20 Verzeichnis(se), 125.880.217.600 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 131.651.088.384 Bytes frei
.
- - End Of File - - 76B9C22CB4BDCB96BCCD6A08D38D4738
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 29.06.2013, 08:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?
__________________
--> Brief von Telekom Abuse Team wegen Verdachts auf Hacking

Alt 29.06.2013, 10:03   #7
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Erst nochmal danke für die Hilfe. Ab ESET kann ich erst am Montag weiter machen, da ich zZ unterwegs bin und die externe Platte und USB Sticks nicht dabei habe.

Interssant wäre mal, ob dir bisher etwas verdächtiges aufgefallen ist, und du denkst, dass der Brief an meinem Rechner gelegen haben könnte.

Der ADWCleaner hat mir wohl die Windows Aktivierung zerschossen, ist das normal ?


Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 29/06/2013 um 10:44:01 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzer : lui - LUI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\lui\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\foxydeal.sqlite
Ordner Gelöscht : C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16912

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\prefs.js

Gelöscht : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Gelöscht : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "c:\\Program Files (x86)\\VideoLAN\\[...]

-\\ Google Chrome v28.0.1500.63

Datei : C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1715 octets] - [29/06/2013 10:44:01]

########## EOF - C:\AdwCleaner[S1].txt - [1775 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by lui on 29.06.2013 at 10:48:18,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi" 
Emptied folder: C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\minidumps [815 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.06.2013 at 10:54:42,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 29.06.2013, 11:40   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Nö, normal ist das nicht. Sicher?

Mach mal den Rest, ich schau mir das dann an. Rechner ist definitiv verseucht. Gibt es noch andere Rechner im Netzwerk?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 13:07   #9
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Es hat sich nach dem Neustart von ADWCleaner eben Windows vorm eigentlichen Desktop mit einem großen Fenster bezüglich Aktivierung und Original Software gemeldet.

Die Win-Version stammt vom Partnerprogramm der Uni mit Microsoft ( prod.mania.tum.de ).

OK, verseucht,blöd ? Trojaner oder was ist drauf ? Ist das mit der Bereinigung zeitaufwendig und sicher oder wäre es einfacher Windows einfach neu aufzuspielen ?

Im Netzwerk sind wie gesagt noch ein MacMini und öfter verschiedene Rechner angemeldet.

Zitat:
Im WLAN hängen mein Laptop ( Win 7 ), ein MacMini , und die Vermieter haben wohl noch zwei älteren Laptops, die sie wohl auch manchmal benutzen. Besuch haben sie auch häufig von Verwandten, die alle möglichen Geräte mitbringen ( Laptops/Handy/Tablets ) und sich damit ins WLAN einloggen. Auch die letzten Wochen wohl. Über all diese Rechner habe ich auch wenig Handhabe und ehrlich gesagt auch zur Zeit nicht die Lust, geschweige überhaupt Zeit, mich darum zu kümmern.
Kann die Verseuchung auf andere Rechner übergreifen ? Habe den rechner mit bei meinem Eltern und war dort im Netz. Allerdings nie gleichzeitig mit anderen Rechnern.

Den Rest mache ich dann wie gesagt Montags, außer du sagst ein platt machen des Rechners wäre einfacher. Dann setz ich ihn einfach neu auf.

Alt 29.06.2013, 14:36   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Platt machen is immer schneller, ne Stunde biste durch, wir sind aber nach dem Onlinescan und einem Kontrollscan mit FRST auch durch, also Deine Entscheidung. Adware und KRam ist drauf, nix was sich übers Netzwerk ausbreitet.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 16:03   #11
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Ok super. Ja dann werd ich die scans machen und mach ihn nicht platt. Der Virus, der von Avast gefunden wurde braucht also keine weitere Behandlung ? Passwörter brauch ich auch nicht alle ändern, wenns nur Adware und Krams war oder ?

Und an meinem Rechner kann der Brief nicht gelegen haben ? Denn dann muss ich auch den Vermietern bescheid sagen, dass die sich mal um ihr Zeugs kümmern. Irgend einer der Rechner im Netzwerk muss ja befallen sein.

Da ich gerade bei meinen Eltern bin würde es mir gelegen kommen, deren Rechner auch mal anschauen zu lassen. Kann ich da einen neuen Thread aufmachen oder soll ich warten bis wir mit meinem Rechner durch sind ?

Alt 29.06.2013, 19:11   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Wir machen deinen fertig, dann machen wir hier direkt mit dem nächsten weiter
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.07.2013, 16:36   #13
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



So sry, war etwas arg im Stress, deswegen hats etwas länger gedauert.

Von der Telekom kam auf Nachfrage noch das per Email:

Zitat:
Den Beschwerden zufolge befindet sich in Ihrem LAN mindestens ein mit
der Schadsoftware 'pushdo' (alias 'Cutwail') verseuchter Rechner.
Außerdem ist davon auszugehen, dass ein "verseuchter" Rechner nicht nur
eine Schadsoftware beherbergt, sondern unter multiplen Infektionen
leidet.
Und hier die Logs:

Eset

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=21163a2ed9cc8442b997be13e5dd8588
# engine=14376
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-13 10:18:03
# local_time=2013-07-13 12:18:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 162341 150420555 0 0
# compatibility_mode=5893 16776573 100 94 28389 125340533 0 0
# scanned=71755
# found=0
# cleaned=0
# scan_time=3210
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=21163a2ed9cc8442b997be13e5dd8588
# engine=14376
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-13 01:03:16
# local_time=2013-07-13 03:03:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 172254 150430468 0 0
# compatibility_mode=5893 16776573 100 94 38302 125350446 0 0
# scanned=316614
# found=0
# cleaned=0
# scan_time=5513
         

Security Check


Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0) 
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Das FRST File is zu lang und passt nicht rein. Ist es OK wenn ich das als Anahang reinstelle ?

Alt 13.07.2013, 19:02   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Adobe Reader updaten.

Das Log bitte in zwei Hälften teilen und in Codetags posten, ist einfach für mich, danke
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.07.2013, 19:41   #15
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013 01
Ran by lui (administrator) on 13-07-2013 17:19:52
Running from C:\Users\lui\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-11] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default
FF Homepage: www.netvibes.com
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "backup.ftp", "www-proxy.t-online.de"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "www-proxy.t-online.de"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "www-proxy.t-online.de"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: FoxyProxy Basic - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\foxyproxy@eric.h.jung
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\ich@maltegoetz.de
FF Extension: mediaplayerconnectivity - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
FF Extension: artur.dubovoy - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: info - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\info@maltegoetz.de.xpi
FF Extension: mediahint - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\mediahint@jetpack.xpi
FF Extension: No Name - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
FF Extension: No Name - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\trxgfzh0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-13] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 17:19 - 2013-07-13 17:19 - 01777829 _____ (Farbar) C:\Users\lui\Desktop\FRST64.exe
2013-07-13 15:11 - 2013-07-13 15:12 - 00890988 _____ C:\Users\lui\Desktop\SecurityCheck.exe
2013-07-13 11:18 - 2013-07-13 11:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-09 08:37 - 2013-07-09 08:37 - 17824768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 12329984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-09 08:37 - 2013-07-09 08:37 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-09 08:37 - 2013-07-09 08:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 08:37 - 2013-07-09 08:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-09 08:37 - 2013-07-09 08:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-09 08:37 - 2013-07-09 08:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-09 08:37 - 2013-07-09 08:37 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-09 08:37 - 2013-07-09 08:37 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-09 08:37 - 2013-07-09 08:37 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-09 08:37 - 2013-07-09 08:37 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-09 08:37 - 2013-07-09 08:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-09 08:37 - 2013-07-09 08:37 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-09 08:37 - 2013-07-09 08:37 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-09 08:33 - 2013-07-09 08:39 - 00003923 _____ C:\Windows\IE9_main.log
2013-07-09 08:09 - 2013-07-09 08:09 - 00000000 ____D C:\Windows\system32\SPReview
2013-07-09 08:08 - 2013-07-09 08:08 - 00000000 ____D C:\Windows\system32\EventProviders
2013-07-09 07:57 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-09 07:57 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-09 07:57 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-09 07:57 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-09 07:44 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-07-09 07:44 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-07-09 07:44 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-07-09 07:44 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-07-09 07:44 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-07-09 07:43 - 2013-07-09 07:43 - 00263238 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-09 07:33 - 2010-11-05 03:57 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2013-07-09 07:33 - 2010-11-05 03:57 - 00048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2013-07-09 07:32 - 2010-11-20 15:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2013-07-09 07:32 - 2010-11-20 15:33 - 00299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2013-07-09 07:32 - 2010-11-20 15:33 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2013-07-09 07:32 - 2010-11-20 15:27 - 14633472 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2013-07-09 07:32 - 2010-11-20 15:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 02314752 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 02018304 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 07:32 - 2010-11-20 15:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01219584 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 00867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2013-07-09 07:32 - 2010-11-20 15:27 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 04120064 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 03205120 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 01340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-07-09 07:32 - 2010-11-20 15:26 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-07-09 07:32 - 2010-11-20 15:26 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2013-07-09 07:32 - 2010-11-20 15:25 - 03957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2013-07-09 07:32 - 2010-11-20 15:25 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2013-07-09 07:32 - 2010-11-20 15:25 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-09 07:32 - 2010-11-20 15:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2013-07-09 07:32 - 2010-11-20 15:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2013-07-09 07:32 - 2010-11-20 15:25 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2013-07-09 07:32 - 2010-11-20 15:25 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2013-07-09 07:32 - 2010-11-20 15:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-09 07:32 - 2010-11-20 14:32 - 05066752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2013-07-09 07:32 - 2010-11-20 14:21 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-07-09 07:32 - 2010-11-20 14:21 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-07-09 07:32 - 2010-11-20 14:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2013-07-09 07:32 - 2010-11-20 14:21 - 00870912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-09 07:32 - 2010-11-20 14:21 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2013-07-09 07:32 - 2010-11-20 14:20 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2013-07-09 07:32 - 2010-11-20 14:19 - 03207680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2013-07-09 07:32 - 2010-11-20 14:19 - 01698816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-07-09 07:32 - 2010-11-20 14:19 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-07-09 07:32 - 2010-11-20 14:19 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2013-07-09 07:32 - 2010-11-20 14:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2013-07-09 07:32 - 2010-11-20 14:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2013-07-09 07:32 - 2010-11-20 14:18 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-09 07:32 - 2010-11-20 14:18 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-09 07:32 - 2010-11-20 14:17 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2013-07-09 07:32 - 2010-11-20 14:17 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2013-07-09 07:32 - 2010-11-20 14:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PushPrinterConnections.exe
2013-07-09 07:32 - 2010-11-20 13:07 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-07-09 07:32 - 2010-11-20 13:05 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2013-07-09 07:32 - 2010-11-05 04:20 - 00347904 _____ C:\Windows\system32\systemsf.ebd
2013-07-09 07:32 - 2010-11-05 03:58 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2013-07-09 07:32 - 2010-11-05 03:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-07-09 07:32 - 2010-11-05 03:57 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2013-07-09 07:32 - 2010-11-05 03:53 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2013-07-09 07:32 - 2010-11-05 03:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-07-09 07:32 - 2010-11-05 03:53 - 00109928 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2013-07-09 07:32 - 2010-11-05 03:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2013-07-09 07:32 - 2009-07-14 03:16 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pmcsnap.dll
2013-07-09 07:32 - 2009-07-14 03:16 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ppcsnap.dll
2013-07-09 07:31 - 2010-11-20 15:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-09 07:31 - 2010-11-20 15:34 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-07-09 07:31 - 2010-11-20 15:33 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-09 07:31 - 2010-11-20 15:33 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-09 07:31 - 2010-11-20 15:33 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2013-07-09 07:31 - 2010-11-20 15:33 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-07-09 07:31 - 2010-11-20 15:33 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-07-09 07:31 - 2010-11-20 15:33 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-07-09 07:31 - 2010-11-20 15:32 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-07-09 07:31 - 2010-11-20 15:29 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 02543616 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 02262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 02072576 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00800256 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00750080 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00605696 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00481280 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2013-07-09 07:31 - 2010-11-20 15:27 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00326144 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
2013-07-09 07:31 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2013-07-09 07:31 - 2010-11-20 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 01244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2013-07-09 07:31 - 2010-11-20 15:26 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
2013-07-09 07:31 - 2010-11-20 15:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-07-09 07:31 - 2010-11-20 15:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2013-07-09 07:31 - 2010-11-20 15:25 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-07-09 07:31 - 2010-11-20 15:25 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-07-09 07:31 - 2010-11-20 15:25 - 00692224 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-07-09 07:31 - 2010-11-20 15:25 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2013-07-09 07:31 - 2010-11-20 15:25 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2013-07-09 07:31 - 2010-11-20 15:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2013-07-09 07:31 - 2010-11-20 15:25 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2013-07-09 07:31 - 2010-11-20 15:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2013-07-09 07:31 - 2010-11-20 15:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\PushPrinterConnections.exe
2013-07-09 07:31 - 2010-11-20 15:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2013-07-09 07:31 - 2010-11-20 15:24 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2013-07-09 07:31 - 2010-11-20 15:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2013-07-09 07:31 - 2010-11-20 15:24 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2013-07-09 07:31 - 2010-11-20 15:24 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2013-07-09 07:31 - 2010-11-20 14:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 01712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 07:31 - 2010-11-20 14:21 - 01363456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 01128448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 01010688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2013-07-09 07:31 - 2010-11-20 14:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2013-07-09 07:31 - 2010-11-20 14:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2013-07-09 07:31 - 2010-11-20 14:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2013-07-09 07:31 - 2010-11-20 14:20 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2013-07-09 07:31 - 2010-11-20 14:20 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2013-07-09 07:31 - 2010-11-20 14:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-07-09 07:31 - 2010-11-20 14:19 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2013-07-09 07:31 - 2010-11-20 14:19 - 02151936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2013-07-09 07:31 - 2010-11-20 14:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2013-07-09 07:31 - 2010-11-20 14:19 - 00732160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2013-07-09 07:31 - 2010-11-20 14:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2013-07-09 07:31 - 2010-11-20 14:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2013-07-09 07:31 - 2010-11-20 14:19 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 02522624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 01828352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 01792000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 01555456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 01371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00252928 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-09 07:31 - 2010-11-20 14:18 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2013-07-09 07:31 - 2010-11-20 14:17 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-09 07:31 - 2010-11-20 14:17 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-09 07:31 - 2010-11-20 14:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2013-07-09 07:31 - 2010-11-20 14:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2013-07-09 07:31 - 2010-11-20 12:44 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2013-07-09 07:31 - 2010-11-20 11:27 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2013-07-09 07:31 - 2010-11-20 11:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-07-09 07:31 - 2010-11-20 11:25 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-07-09 07:31 - 2010-11-20 11:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2013-07-09 07:31 - 2010-11-20 11:21 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2013-07-09 07:31 - 2010-11-20 05:52 - 00419880 _____ C:\Windows\SysWOW64\locale.nls
2013-07-09 07:31 - 2010-11-20 05:52 - 00419880 _____ C:\Windows\system32\locale.nls
2013-07-09 07:31 - 2010-11-05 03:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2013-07-09 07:31 - 2009-07-14 03:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2013-07-09 07:30 - 2010-11-20 15:44 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2013-07-09 07:30 - 2010-11-20 15:34 - 00199552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2013-07-09 07:30 - 2010-11-20 15:34 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2013-07-09 07:30 - 2010-11-20 15:33 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2013-07-09 07:30 - 2010-11-20 15:33 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-07-09 07:30 - 2010-11-20 15:32 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2013-07-09 07:30 - 2010-11-20 15:32 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-07-09 07:30 - 2010-11-20 15:32 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-09 07:30 - 2010-11-20 15:32 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-07-09 07:30 - 2010-11-20 15:28 - 00780008 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-07-09 07:30 - 2010-11-20 15:28 - 00298104 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2013-07-09 07:30 - 2010-11-20 15:28 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-09 07:30 - 2010-11-20 15:28 - 00166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 02250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 02193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2013-07-09 07:30 - 2010-11-20 15:27 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2013-07-09 07:30 - 2010-11-20 15:27 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
2013-07-09 07:30 - 2010-11-20 15:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-07-09 07:30 - 2010-11-20 15:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 02746880 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 01457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2013-07-09 07:30 - 2010-11-20 15:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00116224 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2013-07-09 07:30 - 2010-11-20 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 01264640 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2013-07-09 07:30 - 2010-11-20 15:25 - 00128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-09 07:30 - 2010-11-20 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-07-09 07:30 - 2010-11-20 15:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2013-07-09 07:30 - 2010-11-20 15:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2013-07-09 07:30 - 2010-11-20 15:24 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-07-09 07:30 - 2010-11-20 15:24 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2013-07-09 07:30 - 2010-11-20 15:24 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2013-07-09 07:30 - 2010-11-20 15:24 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2013-07-09 07:30 - 2010-11-20 15:24 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-07-09 07:30 - 2010-11-20 15:24 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2013-07-09 07:30 - 2010-11-20 15:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2013-07-09 07:30 - 2010-11-20 15:24 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2013-07-09 07:30 - 2010-11-20 15:24 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2013-07-09 07:30 - 2010-11-20 15:24 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe
2013-07-09 07:30 - 2010-11-20 15:24 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2013-07-09 07:30 - 2010-11-20 15:24 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-07-09 07:30 - 2010-11-20 15:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2013-07-09 07:30 - 2010-11-20 14:55 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-07-09 07:30 - 2010-11-20 14:23 - 00144768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00560128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00352256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-07-09 07:30 - 2010-11-20 14:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 02504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2013-07-09 07:30 - 2010-11-20 14:20 - 02494464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 01750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 01508864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00932352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netdiagfx.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2013-07-09 07:30 - 2010-11-20 14:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-07-09 07:30 - 2010-11-20 14:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 02341376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2013-07-09 07:30 - 2010-11-20 14:19 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2013-07-09 07:30 - 2010-11-20 14:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2013-07-09 07:30 - 2010-11-20 14:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2013-07-09 07:30 - 2010-11-20 14:18 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-07-09 07:30 - 2010-11-20 14:17 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2013-07-09 07:30 - 2010-11-20 14:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2013-07-09 07:30 - 2010-11-20 14:17 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2013-07-09 07:30 - 2010-11-20 14:17 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2013-07-09 07:30 - 2010-11-20 14:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2013-07-09 07:30 - 2010-11-20 14:16 - 00776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2013-07-09 07:30 - 2010-11-20 14:16 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2013-07-09 07:30 - 2010-11-20 14:16 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-07-09 07:30 - 2010-11-20 14:16 - 00658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2013-07-09 07:30 - 2010-11-20 14:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2013-07-09 07:30 - 2010-11-20 14:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-07-09 07:30 - 2010-11-20 14:08 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-07-09 07:30 - 2010-11-20 13:04 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-07-09 07:30 - 2010-11-20 12:52 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2013-07-09 07:30 - 2010-11-20 12:52 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2013-07-09 07:30 - 2010-11-20 12:52 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2013-07-09 07:30 - 2010-11-20 12:52 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-07-09 07:30 - 2010-11-20 12:52 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys
2013-07-09 07:30 - 2010-11-20 12:44 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-07-09 07:30 - 2010-11-20 12:44 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-07-09 07:30 - 2010-11-20 12:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-07-09 07:30 - 2010-11-20 12:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-07-09 07:30 - 2010-11-20 11:58 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2013-07-09 07:30 - 2010-11-20 11:26 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-07-09 07:30 - 2010-11-20 11:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-07-09 07:30 - 2010-11-05 03:58 - 00155472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2013-07-09 07:30 - 2010-11-05 03:57 - 00154960 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2013-07-09 07:29 - 2010-11-20 15:44 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
2013-07-09 07:29 - 2010-11-20 15:34 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2013-07-09 07:29 - 2010-11-20 15:34 - 00046464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys
2013-07-09 07:29 - 2010-11-20 15:34 - 00034688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
2013-07-09 07:29 - 2010-11-20 15:33 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2013-07-09 07:29 - 2010-11-20 15:33 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
2013-07-09 07:29 - 2010-11-20 15:33 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2013-07-09 07:29 - 2010-11-20 15:33 - 00052096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys
2013-07-09 07:29 - 2010-11-20 15:33 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2013-07-09 07:29 - 2010-11-20 15:32 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2013-07-09 07:29 - 2010-11-20 15:32 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-07-09 07:29 - 2010-11-20 15:27 - 02146816 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 01911808 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 01672704 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00781312 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\sdcpl.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2013-07-09 07:29 - 2010-11-20 15:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\OnLineIDCpl.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\twext.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\recovery.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountControlSettings.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\rdpd3d.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2013-07-09 07:29 - 2010-11-20 15:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\iTVData.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2013-07-09 07:29 - 2010-11-20 15:26 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 03745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2013-07-09 07:29 - 2010-11-20 15:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2013-07-09 07:29 - 2010-11-20 15:25 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-09 07:29 - 2010-11-20 15:24 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2013-07-09 07:29 - 2010-11-20 15:24 - 00899584 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2013-07-09 07:29 - 2010-11-20 15:24 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2013-07-09 07:29 - 2010-11-20 15:24 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2013-07-09 07:29 - 2010-11-20 15:24 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
2013-07-09 07:29 - 2010-11-20 15:24 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-07-09 07:29 - 2010-11-20 15:24 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-07-09 07:29 - 2010-11-20 15:24 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2013-07-09 07:29 - 2010-11-20 15:24 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2013-07-09 07:29 - 2010-11-20 15:24 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2013-07-09 07:29 - 2010-11-20 15:24 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2013-07-09 07:29 - 2010-11-20 15:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2013-07-09 07:29 - 2010-11-20 15:24 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2013-07-09 07:29 - 2010-11-20 15:24 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2013-07-09 07:29 - 2010-11-20 15:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-07-09 07:29 - 2010-11-20 15:24 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2013-07-09 07:29 - 2010-11-20 15:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2013-07-09 07:29 - 2010-11-20 15:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2013-07-09 07:29 - 2010-11-20 15:24 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
2013-07-09 07:29 - 2010-11-20 15:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2013-07-09 07:29 - 2010-11-20 15:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2013-07-09 07:29 - 2010-11-20 14:36 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPHLPR.DLL
2013-07-09 07:29 - 2010-11-20 14:21 - 02202624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 01326592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00933376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00755200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpsrcwp.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcRtRemote.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2013-07-09 07:29 - 2010-11-20 14:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 02130944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 01644032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00859648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00656384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnfldr.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00190976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QAGENT.DLL
2013-07-09 07:29 - 2010-11-20 14:20 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2013-07-09 07:29 - 2010-11-20 14:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallControlPanel.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localsec.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2013-07-09 07:29 - 2010-11-20 14:19 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-07-09 07:29 - 2010-11-20 14:19 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00093696 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\SysWOW64\fms.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2013-07-09 07:29 - 2010-11-20 14:19 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 03727872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 01040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 01003520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00744448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00743424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsuiext.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00537600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00438272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\defaultlocationcpl.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsldp.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscmmc.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2013-07-09 07:29 - 2010-11-20 14:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2013-07-09 07:29 - 2010-11-20 14:17 - 00586752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00098816 _____ (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2013-07-09 07:29 - 2010-11-20 14:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
2013-07-09 07:29 - 2010-11-20 14:16 - 00905216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2013-07-09 07:29 - 2010-11-20 14:16 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2013-07-09 07:29 - 2010-11-20 14:16 - 00649216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2013-07-09 07:29 - 2010-11-20 14:16 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\main.cpl
2013-07-09 07:29 - 2010-11-20 14:16 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-07-09 07:29 - 2010-11-20 14:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
         

Antwort

Themen zu Brief von Telekom Abuse Team wegen Verdachts auf Hacking
7-zip, adblock, antivirus, bho, brief, computer, converter, error, festplatte, firefox, flash player, frage, helper, hijack, hijackthis, hängen, install.exe, logfile, mozilla, mp3, nexus, ntdll.dll, plug-in, registry, rundll, s3.amazonaws.com, scan, security, software, svchost.exe, teamspeak, virus, windows




Ähnliche Themen: Brief von Telekom Abuse Team wegen Verdachts auf Hacking


  1. Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot
    Log-Analyse und Auswertung - 07.10.2015 (12)
  2. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  3. Bedep , Skinhole, Meldung Telekom Abuse Team
    Log-Analyse und Auswertung - 31.07.2015 (21)
  4. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  5. Telekom Abuse Team - generic Trojaner/Virus
    Log-Analyse und Auswertung - 03.06.2015 (37)
  6. Deutsche Telekom Abuse-Team - Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 25.04.2015 (19)
  7. Telekom Abuse Team, Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  8. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Windows - 25.02.2015 (27)
  9. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Mac OSX & Linux - 20.02.2015 (9)
  10. Telekom Abuse Team E-Mail - generic Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (9)
  11. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  12. Telekom Abuse Team Sicherheitswarnung: Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (23)
  13. Telekom Abuse Team warnt vor Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  14. Brief von Telekom Abuse Team erhalten- Spamversand.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (18)
  15. Email von Telekom-Abuse-Team | Log-File anbei
    Log-Analyse und Auswertung - 14.02.2013 (11)
  16. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  17. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)

Zum Thema Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Hallo, folgendes zur Situation. Bin Untermieter bei einem älteren Ehepaar und benutze auch den selben Internetanschluss. Die Vermieter haben den im Thema erwähnten Brief bekommen. Dort stand, dass von dem - Brief von Telekom Abuse Team wegen Verdachts auf Hacking...
Archiv
Du betrachtest: Brief von Telekom Abuse Team wegen Verdachts auf Hacking auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.