Windows 7: PC springt alle paar Minuten auf den Desktop

Lazy_Leroy · 23.09.2013, 14:56

Hallo liebes TrojanerBoard - Team,

vor 3 Tagen habe ich festgestellt, dass mein PC in recht regelmäßigen Zeitabständen auf den Desktop springt. Dies passiert sowohl in Spielen, sodass man aus diesen herausfliegt, als auch beim Surfen im Internet (wenn man zum Beispiel bei Google etwas eintippt springt man manchmal aus der Textbox und kann erst nach erneutem Daraufklicken weitertippen).
Ich habe vorsichtshalber mal einen Quickscan von Malwarebytes durchgeführt und gemerkt, dass ich scheinbar einen Haufen Malware auf dem Rechner habe. Da ihr mir hier schon mehrmals helfen konntet, würde ich gerne erneut um eure Hilfe bitten.

Zu den Logfiles:

Defogger - Logfile

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:04 on 23/09/2013 (Felix)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

FRST - Logfile

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by *** (administrator) on SPIELEPC on 23-09-2013 02:07:03
Running from C:\Users\***\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(Microsoft Corporation) C:\Windows\system32\DXPServer.exe
(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe
(Opera Software) C:\Program Files\Opera\opera.exe
() C:\Program Files\Tor\tor.exe
() C:\Windows\system32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
() C:\Windows\system32\Drivers\BleServicesCtrl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {99550fc0-0fc7-11e0-8d18-806e6f6e6963} - D:\autorun.exe
MountPoints2: {a5b8701e-0bba-11e1-a82d-001d0997a44f} - E:\Autorun.exe
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_def_obla
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC7BB2A689FFCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_def_obla
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=119370&tt=190313_wctrl&babsrc=NT_ss&mntrId=3CACC03F0E442C07
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.google.de
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\searchplugins-backup
FF Extension: Battlefield Heroes Updater - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\plugin@videofiledownload.com
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: ciuvo-extension - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
R2 BitGuard; C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3029472 2013-09-13] ()
R2 bthsrv; C:\Windows\system32\Drivers\BleServicesCtrl.exe [335872 2013-09-16] ()
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-12-19] ()
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-08-24] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-07-19] (Cisco Systems, Inc.)
R2 Windows Internet Name Service; C:\Windows\system32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe [2665472 2013-09-08] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-07-19] (Cisco Systems, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-26] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-10] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-09-25] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-08] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-26] ()
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [346192 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [46160 2011-09-15] (Native Instruments GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc.                           )
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [10848 2000-01-26] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-30] (Duplex Secure Ltd.)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-10] (Etron)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-07-19] (Cisco Systems, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 DMSKSSRh; \??\C:\Users\***\AppData\Local\Temp\DMSKSSRh.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-08-13] (Kaspersky Lab)
S3 sony_ssm.sys; \??\C:\Users\***\AppData\Local\Temp\sony_ssm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-23 02:06 - 2013-09-23 02:06 - 01088367 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-09-23 02:06 - 2013-09-23 02:06 - 00000000 ____D C:\FRST
2013-09-23 02:04 - 2013-09-23 02:05 - 00000524 _____ C:\Users\***\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\BleServicesCtrl.exe
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\blds.exe
2013-09-14 18:15 - 2013-09-14 18:15 - 00006654 _____ C:\Windows\PFRO.log
2013-09-14 00:30 - 2013-09-14 00:30 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-14 00:30 - 2013-09-14 00:30 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\***\Desktop\Bloodline Champions.url
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-30 12:31 - 2013-08-01 08:54 - 430133457 _____ C:\Users\***\Desktop\DSCN0648.MOV
2013-08-30 12:30 - 2013-08-01 11:32 - 72828534 _____ C:\Users\***\Desktop\DSCN0663.MOV
2013-08-27 23:12 - 2013-09-14 01:23 - 00000000 ____D C:\Windows\system32\dfrg
2013-08-26 18:49 - 2001-10-23 19:40 - 00019052 ____N C:\Windows\Liesmich.txt
2013-08-26 18:49 - 2001-10-22 16:46 - 00057344 ____N C:\Windows\Launcher.exe
2013-08-26 18:49 - 2001-10-22 14:59 - 00012340 ____N C:\Windows\EULA.txt
2013-08-26 18:49 - 2001-10-19 14:42 - 00000026 ____N C:\Windows\Launcher.ini
2013-08-26 18:33 - 2013-08-26 18:49 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-24 11:13 - 2013-08-24 11:13 - 00023456 _____ C:\Windows\system32\hs_err_pid3592.log
2013-08-24 11:09 - 2013-08-24 11:09 - 00000000 ____D C:\Program Files\Tor

==================== One Month Modified Files and Folders =======

2013-09-23 02:06 - 2013-09-23 02:06 - 01088367 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-09-23 02:06 - 2013-09-23 02:06 - 00000000 ____D C:\FRST
2013-09-23 02:06 - 2012-04-03 07:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 02:05 - 2013-09-23 02:04 - 00000524 _____ C:\Users\***\Desktop\defogger_disable.log
2013-09-23 02:04 - 2010-05-30 08:53 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-09-23 01:34 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 01:34 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 01:29 - 2012-09-25 16:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-23 01:29 - 2012-09-16 22:11 - 00000000 ___RD C:\Users\***\Dropbox
2013-09-23 01:29 - 2012-09-16 22:04 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-09-23 01:28 - 2013-08-09 01:43 - 00004010 _____ C:\Windows\setupact.log
2013-09-23 01:28 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-22 18:27 - 2012-02-23 20:45 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-22 18:27 - 2009-07-22 23:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-22 18:26 - 2010-08-26 00:58 - 00000000 ____D C:\Users\***\Documents\TrackMania
2013-09-22 18:23 - 2010-08-07 11:56 - 00000000 ___RD C:\Users\***\Desktop\***
2013-09-22 18:15 - 2010-08-26 00:58 - 00000000 ____D C:\ProgramData\TrackMania
2013-09-22 14:03 - 2013-08-10 16:18 - 00008605 _____ C:\Windows\WindowsUpdate.log
2013-09-22 13:19 - 2011-11-11 18:27 - 00000000 ____D C:\Program Files\Steam
2013-09-22 12:31 - 2012-04-03 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-22 12:31 - 2011-06-10 23:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-20 13:04 - 2012-08-06 04:45 - 00000000 ____D C:\Program Files\Warkeys
2013-09-19 12:50 - 2013-04-12 18:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 09:39 - 2011-05-07 02:25 - 00001288 _____ C:\Users\***\Desktop\Opera.lnk
2013-09-19 09:12 - 2010-03-27 16:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 19:40 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\BleServicesCtrl.exe
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\blds.exe
2013-09-14 18:15 - 2013-09-14 18:15 - 00006654 _____ C:\Windows\PFRO.log
2013-09-14 01:23 - 2013-08-27 23:12 - 00000000 ____D C:\Windows\system32\dfrg
2013-09-14 00:30 - 2013-09-14 00:30 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-14 00:30 - 2013-09-14 00:30 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:41 - 2010-10-21 23:49 - 00000000 ____D C:\Windows\Minidump
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:04 - 2012-05-14 17:28 - 00000000 ____D C:\Program Files\Diablo III
2013-09-05 15:41 - 2011-09-10 13:54 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-09-03 17:39 - 2013-01-27 13:25 - 00000000 ___RD C:\Program Files\Skype
2013-09-03 17:39 - 2010-05-30 08:26 - 00000000 ____D C:\ProgramData\Skype
2013-09-03 00:51 - 2010-10-04 00:49 - 00704260 _____ C:\Windows\system32\perfh013.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00702302 _____ C:\Windows\system32\perfh015.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00691606 _____ C:\Windows\system32\prfh0816.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00676264 _____ C:\Windows\system32\prfh0416.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00628960 _____ C:\Windows\system32\perfh01D.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00621616 _____ C:\Windows\system32\perfh01F.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00141260 _____ C:\Windows\system32\perfc015.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00139488 _____ C:\Windows\system32\prfc0816.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00138766 _____ C:\Windows\system32\perfc013.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00134040 _____ C:\Windows\system32\prfc0416.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00129170 _____ C:\Windows\system32\perfc01D.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00127408 _____ C:\Windows\system32\perfc01F.dat
2013-09-03 00:51 - 2010-10-03 03:24 - 00688088 _____ C:\Windows\system32\perfh019.dat
2013-09-03 00:51 - 2010-10-03 03:24 - 00138202 _____ C:\Windows\system32\perfc019.dat
2013-09-03 00:51 - 2010-10-03 03:14 - 00368066 _____ C:\Windows\system32\prfh0804.dat
2013-09-03 00:51 - 2010-10-03 03:14 - 00109180 _____ C:\Windows\system32\prfc0804.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00702298 _____ C:\Windows\system32\perfh010.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00407258 _____ C:\Windows\system32\perfh012.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00384368 _____ C:\Windows\system32\prfh0404.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00133098 _____ C:\Windows\system32\perfc010.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00109608 _____ C:\Windows\system32\perfc012.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00104266 _____ C:\Windows\system32\prfc0404.dat
2013-09-03 00:51 - 2010-10-02 08:05 - 00459844 _____ C:\Windows\system32\perfh014.dat
2013-09-03 00:51 - 2010-10-02 08:05 - 00082322 _____ C:\Windows\system32\perfc014.dat
2013-09-03 00:51 - 2010-05-30 02:35 - 00395950 _____ C:\Windows\system32\perfh011.dat
2013-09-03 00:51 - 2010-05-30 02:35 - 00111320 _____ C:\Windows\system32\perfc011.dat
2013-09-03 00:51 - 2009-11-10 20:44 - 16514046 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\***\Desktop\Bloodline Champions.url
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-28 23:59 - 2012-12-09 00:14 - 00000458 __RSH C:\ProgramData\ntuser.pol
2013-08-28 15:23 - 2013-05-20 12:50 - 00000000 ____D C:\Program Files\Cisco
2013-08-28 15:23 - 2013-05-20 12:46 - 00000000 ____D C:\ProgramData\Cisco
2013-08-26 18:49 - 2013-08-26 18:33 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-26 18:41 - 2008-05-05 21:17 - 00000000 ____D C:\Spiele
2013-08-26 18:40 - 2010-08-30 02:18 - 00021840 ____T C:\Windows\system32\SIntfNT.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00017212 ____T C:\Windows\system32\SIntf32.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00012067 ____T C:\Windows\system32\SIntf16.dll
2013-08-26 18:33 - 2010-05-30 10:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-24 11:13 - 2013-08-24 11:13 - 00023456 _____ C:\Windows\system32\hs_err_pid3592.log
2013-08-24 11:09 - 2013-08-24 11:09 - 00000000 ____D C:\Program Files\Tor

Files to move or delete:
====================
C:\ProgramData\roma1.exe


Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\20130828031945487jniverify.dll
C:\Users\***\AppData\Local\Temp\20130828032209503jniverify.dll
C:\Users\***\AppData\Local\Temp\20130828032507628jniverify.dll
C:\Users\***\AppData\Local\Temp\SkypeSetup.exe
C:\Users\***\AppData\Local\Temp\swt-win32-3611.dll
C:\Users\***\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2013-09-21 12:55

==================== End Of Log ============================

Addition File

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013
Ran by *** at 2013-09-23 02:07:24
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Anno 1701 (Version: 1.00)
ANNO 2070 (Version: 1.0.0.0)
Assassin's Creed(R) III v1.06 (Version: 1.06)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Audacity 2.0.2 (Version: 2.0.2)
BitGuard
Bloodline Champions
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner (Version: 4.04)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.04063)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04063)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
Defraggler (Version: 2.12)
Desktop Icon für Amazon (Version: 1.0.1 (de))
Diablo II
Diablo III (Version: 1.0.8.16603)
Dropbox (HKCU Version: 2.0.22)
Empire Earth
Free YouTube Download version 3.2.2.430 (Version: 3.2.2.430)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
Freiwild-Tabs Version 1.2 (Version: 1.2)
Happy Cloud Client (HKCU Version: 1.342)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photosmart 5510 series - Grundlegende Software für das Gerät (Version: 24.0.342.0)
HP Update (Version: 5.005.000.001)
HPDiagnosticAlert (Version: 1.00.0000)
IrfanView (remove only) (Version: 4.32)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java SE Development Kit 7 Update 7 (Version: 1.7.0.70)
JavaFX 2.0.3 (Version: 2.0.3)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
League of Legends (Version: 1.02.0000)
Magicka
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 17.0.9 (x86 en-US) (Version: 17.0.9)
Mozilla Maintenance Service (Version: 17.0.9)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Native Instruments Abbey Road 60s Drums Vintage
Native Instruments Abbey Road 60s Drums Vintage (Version: 1.1.0.002)
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.4.3.891)
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig 5 (Version: 5.0.0.2354)
Native Instruments Guitar Rig Elements for Maschine
Native Instruments Guitar Rig Elements for Maschine (Version: 1.0.0.001)
Native Instruments Komplete Elements Mk2
Native Instruments Komplete Elements Mk2 (Version: 8.0.0.003)
Native Instruments Kontakt 5
Native Instruments Kontakt 5 (Version: 5.0.0.5133)
Native Instruments Kontakt Elements Selection R2
Native Instruments Kontakt Elements Selection R2 (Version: 1.1.0.003)
Native Instruments Maschine
Native Instruments Maschine (Version: 1.7.2.7746)
Native Instruments Maschine Controller
Native Instruments Maschine Controller (Version: 3.0.1.648)
Native Instruments Maschine Mikro
Native Instruments Maschine Mikro (Version: 3.0.2.664)
Native Instruments Reaktor 5
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor Elements Selection
Native Instruments Reaktor Elements Selection (Version: 1.1.0.003)
Native Instruments Reaktor Spark R2
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.3.2.926)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10)
nGlide 1.01 (Version: 1.01)
Oblivion (Version: 1.00.0000)
Octoshape add-in for Adobe Flash Player
OpenAL
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.16 (Version: 12.16.1860)
osu! (Version: 0.0.0.0)
Path of Exile (Version: 0.11.5.27504)
PunkBuster Services (Version: 0.991)
PVSonyDll (Version: 1.00.0001)
Sid Meier's Civilization V
simplitec simplicheck (Version: 1.2.2.0)
Skype™ 6.6 (Version: 6.6.106)
SPEEDLINK REFLECT (Version: 1.0.3.5)
SpellForce (Version: SpellForce v1.52)
StarCraft II (Version: 2.0.6.25180)
Steam (Version: 1.0.0.0)
The Secret World (Version: 1.0.0)
Titan Quest (Version: 1.00.0000)
TuxGuitar (Version: 1.2)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Uplay (Version: 2.0)
VLC media player 2.0.1 (Version: 2.0.1)
Warcraft III
Warcraft III: All Products
WinDirStat 1.1.2
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR
Wireshark 1.8.6 (32-bit) (Version: 1.8.6)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159)
World of Tanks v.0.6.6
XCOM: Enemy Unknown
Zip Motion Block Video codec (Remove Only)

==================== Restore Points  =========================

26-08-2013 16:28:55 Installiert Empire Earth
26-08-2013 16:36:51 Entfernt Empire Earth
26-08-2013 16:37:44 Installiert Empire Earth
26-08-2013 16:38:57 Entfernt Empire Earth
26-08-2013 16:42:04 Installiert Empire Earth
26-08-2013 16:47:08 Entfernt Empire Earth
26-08-2013 16:48:56 Installiert Empire Earth
05-09-2013 13:04:27 Geplanter Prüfpunkt
15-09-2013 14:23:53 Geplanter Prüfpunkt
21-09-2013 23:14:21 Installed Path of Exile

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A907A1F-E47D-49E9-8EE2-8D10221D591D} - System32\Tasks\{0422B9AF-031C-4C49-BFE0-54C8AD664AAA} => C:\Spiele\The Witcher\launcher.exe
Task: {166C1CA1-2393-451A-9762-B7E716BE488B} - System32\Tasks\{56312B0D-6489-43C3-8208-53E30F3BBEB3} => C:\Spiele\The Witcher\launcher.exe
Task: {25853F21-CCFA-464A-9298-B2298586222A} - System32\Tasks\{BD1331B9-6EB3-46C9-9E98-A2835D67B60A} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {3E8A2A7B-4041-4097-B3CC-289BF3F7D153} - System32\Tasks\{4C9EB581-77A3-42B1-AB33-FC6A767AC9C3} => C:\Spiele\The Witcher\System\witcher.exe
Task: {4B72A692-B3C8-40A6-8368-7A994AEF4232} - System32\Tasks\{B996A4D1-2CD1-45D7-9BEE-DB6BB3CBEF53} => C:\Spiele\The Witcher\launcher.exe
Task: {52C0736F-9FDD-434A-B2D9-D337F47DBD20} - System32\Tasks\{3B585831-C76C-4AE0-AFCC-99DB728E4D14} => D:\INSTALL.EXE
Task: {55DD84C3-35F9-4063-8A58-4EA5F3AFFE33} - System32\Tasks\{6DB36E90-1E4E-44F7-A658-8E036A02B52F} => C:\Spiele\Counter Strike\launcher.exe [2009-08-16] (SAIC)
Task: {5AA6A74A-A043-45BF-96E9-53B2DB70AFDB} - System32\Tasks\{6F773618-B8E6-46F6-82DD-3567FF121BC5} => D:\SETUP.EXE [2001-04-11] (InstallShield Software Corporation)
Task: {6E3BB79F-05EC-4268-BF19-0AB064C4F5CC} - System32\Tasks\{55982C84-23FD-4F2C-BEA7-FC6F48196F30} => C:\Spiele\Counter Strike\launcher.exe [2009-08-16] (SAIC)
Task: {78E3EFBE-849B-41C7-9A1B-AB60580BC225} - System32\Tasks\CPU Grid Computing => C:\Windows\system32\dfrg\runner.exe [2013-09-09] ()
Task: {8610BE2B-E867-4964-ACB5-BECEB8B08721} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {866C9273-1F45-4057-B647-B1A3067BF088} - System32\Tasks\{AFC9A184-CD88-4DAD-B032-9FCEAE6D391E} => C:\Spiele\Counter Strike\launcher.exe [2009-08-16] (SAIC)
Task: {8ACD8913-B832-434C-8DD8-EB4747FD1C62} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {8FE2C943-7432-46B1-B6B9-1E374061BFBA} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {9194A344-D52E-4A51-B2FB-C6F70B28DEFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {92636CD8-1085-43C4-AA9B-EFB6AC0DBA40} - System32\Tasks\{A4029463-7890-495D-8E3A-278333F8AC6F} => C:\Spiele\Diablo\Spawn\diablo_s.exe
Task: {9F97A3F0-0930-44CF-82DA-186A12C4EC69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {A1C12979-CBB4-458C-8440-F4BC9FABA5CF} - System32\Tasks\{8D770AAD-FB4D-4FDD-A3C7-38AD4AA18709} => C:\Spiele\Diablo\Spawn\diablo_s.exe
Task: {A7123E14-E753-453E-8902-EF2A187E41E3} - System32\Tasks\{22996621-E603-444B-9F77-CE09E83A2001} => C:\Spiele\The Witcher\launcher.exe
Task: {AC672A8B-69D3-4E01-8CB0-88159A237B49} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exe [2013-09-16] ()
Task: {C49BBBA5-2DE3-4435-9FE9-1A57C7F655A8} - System32\Tasks\{03F0A3CC-4DBD-4B95-98EF-9CEC49750E5C} => C:\Spiele\The Witcher\launcher.exe
Task: {CAF62A1B-ADD7-47A0-8D2F-8981E7C820DE} - System32\Tasks\{4C683D8F-0E78-4E30-BC59-9D169771431E} => C:\Spiele\The Witcher\launcher.exe
Task: {CF22565C-777A-4260-8DD5-09691B737FDA} - System32\Tasks\{26EEB8BA-8987-430E-9872-BBE7FC92E42D} => C:\Spiele\The Witcher\System\witcher.exe
Task: {D4515222-FBCB-4DD5-8923-8BD35141D761} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {E5D6F25E-8D62-41E3-8B36-890CB2DA3C63} - System32\Tasks\{ECF4F5EB-0A63-48AC-BA0E-88C37D8DA43D} => C:\Users\***\Desktop\visualboy_advance\VisualBoyAdvance.exe
Task: {F8B9AD3E-4D53-4B28-A907-290580332F0A} - System32\Tasks\{05835C77-3FEC-4075-9398-16ABF335D36A} => C:\Spiele\The Witcher\launcher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 00:30 - 2013-09-13 17:00 - 02700768 _____ () C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2013-05-17 16:45 - 2013-05-17 16:45 - 00130736 _____ (Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2011-03-31 00:01 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-04-13 12:26 - 2012-11-07 08:08 - 00162656 _____ (Piriform Ltd) C:\Program Files\Defraggler\DefragglerShell.dll
2012-08-19 23:38 - 2012-08-19 23:38 - 00107888 _____ (Sony DADC Austria AG.) C:\Windows\system32\CmdLineExt.dll
2013-07-19 23:29 - 2013-07-19 23:29 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files\Skype\Updater\Updater.dll
2009-03-04 09:52 - 2009-03-04 09:52 - 00372736 _____ () C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
2008-12-29 17:13 - 2008-12-29 17:13 - 00204800 _____ () C:\Program Files\NETGEAR\WG111v3\KJLog.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\***\AppData\Roaming\Dropbox\bin\icudt.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 16192864 _____ (Opera Software) C:\Program Files\Opera\Opera.dll
2010-12-15 15:49 - 2013-07-06 12:07 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
2011-12-08 14:34 - 2013-07-06 12:07 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
2013-09-22 12:31 - 2013-09-22 12:31 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2013 02:06:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0x4d4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3

Error: (09/23/2013 02:05:09 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x007d77b0
ID des fehlerhaften Prozesses: 0x1128
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/23/2013 02:02:35 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005d77b0
ID des fehlerhaften Prozesses: 0x12a0
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/23/2013 02:00:01 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006677b0
ID des fehlerhaften Prozesses: 0x17cc
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/23/2013 01:57:25 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x007277b0
ID des fehlerhaften Prozesses: 0x15cc
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/23/2013 01:54:51 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006277b0
ID des fehlerhaften Prozesses: 0x11c0
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/23/2013 01:52:15 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00c177b0
ID des fehlerhaften Prozesses: 0xcec
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/23/2013 01:49:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004e77b0
ID des fehlerhaften Prozesses: 0x7b0
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/23/2013 01:47:06 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x007d77b0
ID des fehlerhaften Prozesses: 0x648
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/23/2013 01:44:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006d77b0
ID des fehlerhaften Prozesses: 0xc24
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3


System errors:
=============
Error: (09/23/2013 02:05:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 14 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 02:02:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 13 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 02:00:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 12 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 01:57:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 11 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 01:54:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 10 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 01:52:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 9 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 01:49:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 8 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 01:47:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 7 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 01:44:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 6 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2013 01:41:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-22 20:28:09.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 20:28:09.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 20:28:09.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 18:52:29.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 18:52:29.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 18:52:29.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 14:35:44.475
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 14:35:44.473
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 14:35:44.471
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 14:35:44.465
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3070.18 MB
Available physical RAM: 1622.52 MB
Total Pagefile: 6138.64 MB
Available Pagefile: 4403.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:462.4 GB) (Free:47.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EEARTH) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 23F12D67)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=462 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End Of Log ============================

GMER ist im normalen Modus direkt abgestürzt, der Scan im abgesicherten Modus ist jedoch durchgelaufen.

GMER - Logfile

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-23 08:42:57
Windows 6.1.7601 Service Pack 1 
Running: gmer_2.1.19163.exe; Driver: C:\Users\Felix\AppData\Local\Temp\pwloypow.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xD3 0x99 0xFA 0xE0 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x03 0x88 0xD0 0xD4 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xB1 0x3C 0x6F 0x25 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xD7 0xBD 0x80 0x2F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                0xD7 0x11 0xF9 0xDD ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                0x9D 0xDB 0x5A 0xE2 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xD3 0x99 0xFA 0xE0 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x03 0x88 0xD0 0xD4 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xB1 0x3C 0x6F 0x25 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xD7 0xBD 0x80 0x2F ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                    0xD7 0x11 0xF9 0xDD ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                    0x9D 0xDB 0x5A 0xE2 ...

---- EOF - GMER 2.1 ----

Zuletzt noch die Logfile vom Malwarebytes Quickscan

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.22.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: SPIELEPC [Administrator]

23/09/2013 01:31:51
MBAM-log-2013-09-23 (01-52-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225272
Laufzeit: 15 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 4
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> 2012 -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 384 -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 2464 -> Keine Aktion durchgeführt.
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (Trojan.Downloader.WI) -> 2216 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 1
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 13
HKLM\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc (Trojan.Sefnit) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYERUPDATESERVICE.EXE (Trojan.Sefnit) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\Windows Internet Name Service (Trojan.Downloader.WI) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\IMINENT (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://search.babylon.com/?babsrc=HP_def_obla -> Keine Aktion durchgeführt.
HKCU\Software\Iminent|SearchEngineOptin (PUP.Optional.Iminent.A) -> Daten: 0 -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0G2Y1R2X0G1M2S1M0G1S1H -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard|ImagePath (PUP.Optional.BitGuard.A) -> Daten: C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\Windows Internet Name Service|ImagePath (Trojan.P2P) -> Daten: C:\Windows\system32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.PerformerSoft.A) -> Bösartig: (c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll) Gut: () -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 13
C:\Users\***\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\OpenCandy\08E2BB1C0D724807BC14BC4565A6B31F (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\OpenCandy\2B9CBF878CE84AAEA0E7DB3FD9C39FBB (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\OpenCandy\BE31DD9121D347D9BFF8B25D9A11032D (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 33
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (Trojan.Downloader.WI) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\AC94.tmp (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\OpenCandy\08E2BB1C0D724807BC14BC4565A6B31F\TuneUpUtilities2013_2200350_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\OpenCandy\2B9CBF878CE84AAEA0E7DB3FD9C39FBB\driverscannerDE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\OpenCandy\BE31DD9121D347D9BFF8B25D9A11032D\speedupmypcROE_p1v1.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BitGuard.A) -> Keine Aktion durchgeführt.

(Ende)

Ich war mir bei dem Quickscan nicht sicher, ob ich gleich Sachen löschen sollte und habe das dann vorerst gelassen (Ich hoffe, dass das kein Fehler war).
So, ich hoffe ich habe nichts vergessen.

In Hoffnung daran, dass man das wieder geradebiegen kann und mit vielen Grüßen
Felix

aharonov · 23.09.2013, 15:18

Hallo Felix,

fang bitte so an:

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
- BitGuard
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 4

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Lazy_Leroy · 23.09.2013, 16:38

Hi Leo,

danke für die schnelle Antwort!

Ein Neustart nach dem deinstallieren von BitGuard wurde nicht gefordert.

Adwcleaner - Logfile

Code:

ATTFilter

# AdwCleaner v3.005 - Bericht erstellt am 23/09/2013 um 16:24:35
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Felix - SPIELEPC
# Gestartet von : C:\Users\Felix\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Ordner Gelöscht : C:\Program Files\simplitec
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKCU\Software\58558f8abc3abd10
Schlüssel Gelöscht : HKLM\SOFTWARE\58558f8abc3abd10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader68260_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader68260_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audiosurf_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audiosurf_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_exteel_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_exteel_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_icacheman_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_icacheman_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16448

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v17.0.9 (en-US)

[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\prefs.js ]

Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119370&tt=190313_wctrl&babsrc=HP_ss&mntrId=3CACC03F0E442C07");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119370&tt=190313_wctrl&babsrc=NT_ss&mntrId=3CACC03F0E442C07");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1323781889);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "youtube||miniclip||clearcase%20remote%20client%20wikipedia%20crc||clearcase%20remote%20client%20wikipedia||clearcase%20remote%20client||C%3A%5Ccrc.exe||do%20a%20barrel[...]
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1318003512");
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.24");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "131756193213175620811318003512169");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1323781892);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.3.3");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=");

*************************

AdwCleaner[R0].txt - [13497 octets] - [23/09/2013 16:23:20]
AdwCleaner[S0].txt - [13276 octets] - [23/09/2013 16:24:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13337 octets] ##########

Combofix hat rumgemeckert, dass ich Avira Desktop ausmachen soll, obwohl ich Avira schon lange nicht mehr installiert habe.

Combofix - Logfile

Code:

ATTFilter

ComboFix 13-09-23.02 - Felix 23/09/2013  16:55:06.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3070.1642 [GMT 2:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Felix\AppData\Local\assembly\tmp
c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\windows\system32\dfrg
c:\windows\system32\dfrg\bitcoinminercuda_10.cubin
c:\windows\system32\dfrg\bitcoinminercuda_11.cubin
c:\windows\system32\dfrg\bitcoinminercuda_20.cubin
c:\windows\system32\dfrg\bitcoinminercuda_30.cubin
c:\windows\system32\dfrg\bitcoinmineropencl.cl
c:\windows\system32\dfrg\btc-miner.exe
c:\windows\system32\dfrg\libcrypto.dll
c:\windows\system32\dfrg\libcurl-4.dll
c:\windows\system32\dfrg\libssl.dll
c:\windows\system32\dfrg\minerd.exe
c:\windows\system32\dfrg\pthreadGC2.dll
c:\windows\system32\dfrg\runner.exe
c:\windows\system32\dfrg\task_registrar.exe
c:\windows\system32\dfrg\zlib1.dll
c:\windows\system32\pt
c:\windows\system32\pt\AuthFWSnapIn.Resources.dll
c:\windows\system32\pt\AuthFWWizFwk.Resources.dll
c:\windows\system32\pt\Narrator.resources.dll
c:\windows\unin0407.exe
c:\windows\XSxS
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Windows Internet Name Service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-23 bis 2013-09-23  ))))))))))))))))))))))))))))))
.
.
2013-09-23 15:06 . 2013-09-23 15:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-23 14:23 . 2013-09-23 14:24	--------	d-----w-	C:\AdwCleaner
2013-09-23 00:33 . 2013-09-23 00:33	103680	----a-w-	C:\pwloypow.sys
2013-09-23 00:06 . 2013-09-23 00:06	--------	d-----w-	C:\FRST
2013-09-16 15:47 . 2013-09-16 15:47	335872	----a-w-	c:\windows\system32\drivers\blds.exe
2013-09-16 15:47 . 2013-09-16 15:47	335872	----a-w-	c:\windows\system32\drivers\BleServicesCtrl.exe
2013-09-05 14:04 . 2013-09-05 14:04	209272	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-08-26 16:49 . 2001-10-22 14:46	57344	------w-	c:\windows\Launcher.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 10:31 . 2012-04-03 05:51	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:31 . 2011-06-10 21:43	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-26 16:40 . 2010-08-30 00:18	21840	----atw-	c:\windows\system32\SIntfNT.dll
2013-08-26 16:40 . 2010-08-30 00:18	17212	----atw-	c:\windows\system32\SIntf32.dll
2013-08-26 16:40 . 2010-08-30 00:18	12067	----atw-	c:\windows\system32\SIntf16.dll
2013-07-19 21:29 . 2013-07-19 21:29	11152	----a-w-	c:\windows\system32\vpncategories.dll
2013-07-19 21:29 . 2013-07-19 21:29	34192	----a-w-	c:\windows\system32\vpnevents.dll
2013-07-19 21:12 . 2013-07-19 21:12	43120	----a-w-	c:\windows\system32\drivers\vpnva-6.sys
2013-07-19 21:10 . 2013-03-26 15:18	92112	----a-r-	c:\windows\system32\drivers\acsock.sys
2013-07-03 21:43 . 2013-07-03 21:43	70025	----a-w-	c:\windows\system32\nglide_uninst.exe
2013-07-03 20:43 . 2013-07-03 20:43	4608	----a-w-	c:\windows\system32\w95inf32.dll
2013-07-03 20:43 . 2013-07-03 20:43	2272	----a-w-	c:\windows\system32\w95inf16.dll
2013-09-19 07:12 . 2012-03-15 19:05	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	130736	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	130736	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	130736	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	130736	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-07-19 703888]
.
c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2080768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk]
path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
backup=c:\windows\pss\simplicheck.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2013-07-19 21:29	703888	----a-w-	c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17	3514176	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Photosmart 5510 series (NET)]
2011-05-25 15:23	1801064	----a-w-	c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 07:58	19875432	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-09-06 20:55	1811368	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2013-07-19 92112]
R3 DMSKSSRh;DMSKSSRh;c:\users\Felix\AppData\Local\Temp\DMSKSSRh.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 mmxavs;Maschine Mikro MIDI;c:\windows\system32\Drivers\mmxavs.sys [2011-09-15 346192]
R3 mmxusb_svc;Maschine Mikro;c:\windows\system32\Drivers\mmxusb.sys [2011-09-15 46160]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBET;SPEEDLINK REFLECT;c:\windows\system32\DRIVERS\ETdrv.sys [2010-11-10 5116544]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-10 239168]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 43608]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 144344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 bthsrv;Bluetooth Service;c:\windows\system32\Drivers\BleServicesCtrl.exe [2013-09-16 335872]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 4176896]
S2 tor;Tor Win32 Service;c:\program files\Tor\tor.exe [2013-08-24 3233806]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-07-19 557968]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-25 25944]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-25 25944]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-ICQ - c:\programme\ICQ7.5\ICQ.exe
MSConfigStartUp-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
AddRemove-Opera 12.16.1860 - c:\programme\Opera\Opera.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Felix\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-529928909-2706153754-3368399630-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,13,cf,
   08,93,b9,e4,06,b9,94,a5,08,8b,6d,fe,de
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1b,d8,
   cb,7b,f5,3c,07,a0,76,c3,7a,c6,86,cb,b4
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,3b,1b,06,20,4f,
   95,0c,3c,81,0b,96,54,e4,e9,92,db,d3,5b
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,24,06,
   ee,27,48,30,06,be,82,a0,05,ff,99,ad,d6
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cf,20,
   80,3c,1d,d8,0e,92,ce,0e,3b,71,4b,20,db
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2a,95,
   62,fb,61,45,09,ab,fb,54,e3,1a,7b,e0,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,01,44,
   3a,c8,0a,02,02,b4,a1,90,f6,60,6d,01,8c
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,85,15,
   ef,64,9d,49,0a,a3,39,c9,b6,2e,95,16,1e
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c5,fa,
   ad,5b,93,b7,55,a0,ef,5f,ff,ce,49,f6,12
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,20,3d,
   5d,80,38,1d,03,8c,f7,a2,84,02,76,3a,68
"{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,63,d7,74,
   45,99,be,d8,08,8d,88,03,a8,fc,fc,bc,52
"{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,3b,1b,65,4e,55,
   63,32,b5,5b,07,8b,86,98,d2,c0,35,57,48
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8c,04,
   66,ce,87,4b,02,aa,e9,8b,85,f6,9a,6e,5e
"{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,3b,1b,33,16,7d,
   8e,4c,6c,f3,0e,b2,1d,72,49,71,67,a0,c4
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,3b,1b,12,ed,2c,
   f3,7b,88,7d,02,9f,f2,de,c0,71,e2,da,e5
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,3b,1b,59,30,83,
   fe,fe,84,7e,09,bf,d8,91,57,4e,66,ce,fb
.
[HKEY_USERS\S-1-5-21-529928909-2706153754-3368399630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*g*rÙU\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-529928909-2706153754-3368399630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o* VÙU]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-529928909-2706153754-3368399630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o* VÙU\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-529928909-2706153754-3368399630-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:4b,48,46,b1,cc,a4,97,19,36,e8,66,f7,b2,8f,65,a0,62,7d,df,ef,f6,48,88,
   ba,cc,3d,0e,3c,39,e8,fd,20,9f,86,e4,c5,14,21,a5,a2,62,c9,72,96,51,39,56,7a,\
"??"=hex:f3,1b,4a,34,c1,28,f9,e6,ad,a0,25,ec,44,26,f3,a4
.
[HKEY_USERS\S-1-5-21-529928909-2706153754-3368399630-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,25,9c,97,f9,02,a5,8c,03,c6,2f,cb,4d,35,ec,6b,b1,4c,04,43,0b,
   b2,0c,c5,4c,c4,58,e6,05,66,79,97,72,87,35,6d,79,40,89,f5,84,24,23,a1,57,58,\
"rkeysecu"=hex:09,7d,86,71,0b,db,82,78,43,8b,ab,97,5c,1e,98,14
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5428)
c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-23  17:22:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-23 15:22
.
Vor Suchlauf: 20 Verzeichnis(se), 53.049.729.024 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 52.764.356.608 Bytes frei
.
- - End Of File - - 79A8D3F32B8287B59A505DC239FBBAE1
A36C5E4F47E84449FF07ED3517B43A31

Zuletzt noch die FRST - Logfile

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by Felix (administrator) on SPIELEPC on 23-09-2013 17:25:19
Running from C:\Users\Felix\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Program Files\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Opera Software) C:\Program Files\Opera\opera.exe
() C:\Windows\system32\Drivers\BleServicesCtrl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC7BB2A689FFCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\searchplugins-backup
FF Extension: Battlefield Heroes Updater - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\plugin@videofiledownload.com
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF Extension: ciuvo-extension - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
R2 bthsrv; C:\Windows\system32\Drivers\BleServicesCtrl.exe [335872 2013-09-16] ()
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-12-19] ()
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-08-24] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-07-19] (Cisco Systems, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-07-19] (Cisco Systems, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-26] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-10] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-09-25] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-08] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-26] ()
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [346192 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [46160 2011-09-15] (Native Instruments GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc.                           )
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [10848 2000-01-26] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-30] (Duplex Secure Ltd.)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-10] (Etron)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-07-19] (Cisco Systems, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Felix\AppData\Local\Temp\catchme.sys [x]
S3 DMSKSSRh; \??\C:\Users\Felix\AppData\Local\Temp\DMSKSSRh.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-08-13] (Kaspersky Lab)
S3 sony_ssm.sys; \??\C:\Users\Felix\AppData\Local\Temp\sony_ssm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 mbr; \??\C:\Users\Felix\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-23 17:22 - 2013-09-23 17:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 16:49 - 2013-09-23 17:22 - 00000000 ____D C:\ComboFix
2013-09-23 16:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-23 16:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-23 16:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-23 16:48 - 2013-09-23 17:22 - 00000000 ____D C:\Qoobox
2013-09-23 16:37 - 2013-09-23 16:39 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 16:31 - 2013-09-23 16:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 16:23 - 2013-09-23 16:24 - 00000000 ____D C:\AdwCleaner
2013-09-23 16:22 - 2013-09-23 16:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 15:44 - 2013-09-23 15:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 02:33 - 2013-09-23 02:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 02:16 - 2013-09-23 02:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 02:07 - 2013-09-23 15:43 - 00030268 _____ C:\Users\Felix\Desktop\Addition.txt
2013-09-23 02:06 - 2013-09-23 02:06 - 01088367 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-23 02:06 - 2013-09-23 02:06 - 00000000 ____D C:\FRST
2013-09-23 02:04 - 2013-09-23 02:05 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\BleServicesCtrl.exe
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\blds.exe
2013-09-14 18:15 - 2013-09-23 17:07 - 00016446 _____ C:\Windows\PFRO.log
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-30 12:31 - 2013-08-01 08:54 - 430133457 _____ C:\Users\Felix\Desktop\DSCN0648.MOV
2013-08-30 12:30 - 2013-08-01 11:32 - 72828534 _____ C:\Users\Felix\Desktop\DSCN0663.MOV
2013-08-26 18:49 - 2001-10-23 19:40 - 00019052 ____N C:\Windows\Liesmich.txt
2013-08-26 18:49 - 2001-10-22 16:46 - 00057344 ____N C:\Windows\Launcher.exe
2013-08-26 18:49 - 2001-10-22 14:59 - 00012340 ____N C:\Windows\EULA.txt
2013-08-26 18:49 - 2001-10-19 14:42 - 00000026 ____N C:\Windows\Launcher.ini
2013-08-26 18:33 - 2013-08-26 18:49 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-24 11:13 - 2013-08-24 11:13 - 00023456 _____ C:\Windows\system32\hs_err_pid3592.log
2013-08-24 11:09 - 2013-08-24 11:09 - 00000000 ____D C:\Program Files\Tor

==================== One Month Modified Files and Folders =======

2013-09-23 17:22 - 2013-09-23 17:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 17:22 - 2013-09-23 16:49 - 00000000 ____D C:\ComboFix
2013-09-23 17:22 - 2013-09-23 16:48 - 00000000 ____D C:\Qoobox
2013-09-23 17:22 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-23 17:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-23 17:20 - 2011-05-12 20:50 - 00000000 ____D C:\Windows\ERDNT
2013-09-23 17:20 - 2010-05-30 08:53 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Skype
2013-09-23 17:14 - 2013-08-10 16:18 - 00055129 _____ C:\Windows\WindowsUpdate.log
2013-09-23 17:13 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:13 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:11 - 2012-09-16 22:04 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2013-09-23 17:09 - 2012-09-16 22:11 - 00000000 ___RD C:\Users\Felix\Dropbox
2013-09-23 17:08 - 2012-09-25 16:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-23 17:08 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 17:07 - 2013-09-14 18:15 - 00016446 _____ C:\Windows\PFRO.log
2013-09-23 17:07 - 2013-08-09 01:43 - 00004178 _____ C:\Windows\setupact.log
2013-09-23 17:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 17:07 - 2009-07-14 04:03 - 99090432 _____ C:\Windows\system32\config\software.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 19660800 _____ C:\Windows\system32\config\system.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00069632 _____ C:\Windows\system32\config\sam.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-09-23 17:06 - 2012-04-03 07:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 16:39 - 2013-09-23 16:37 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 16:31 - 2013-09-23 16:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 16:24 - 2013-09-23 16:23 - 00000000 ____D C:\AdwCleaner
2013-09-23 16:24 - 2010-05-30 10:01 - 00000000 ____D C:\ProgramData\ICQ
2013-09-23 16:22 - 2013-09-23 16:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 15:44 - 2013-09-23 15:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 15:43 - 2013-09-23 02:07 - 00030268 _____ C:\Users\Felix\Desktop\Addition.txt
2013-09-23 02:33 - 2013-09-23 02:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 02:16 - 2013-09-23 02:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 02:06 - 2013-09-23 02:06 - 01088367 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-23 02:06 - 2013-09-23 02:06 - 00000000 ____D C:\FRST
2013-09-23 02:05 - 2013-09-23 02:04 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 18:27 - 2012-02-23 20:45 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-22 18:27 - 2009-07-22 23:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-22 18:26 - 2010-08-26 00:58 - 00000000 ____D C:\Users\Felix\Documents\TrackMania
2013-09-22 18:23 - 2010-08-07 11:56 - 00000000 ___RD C:\Users\Felix\Desktop\Felix
2013-09-22 18:15 - 2010-08-26 00:58 - 00000000 ____D C:\ProgramData\TrackMania
2013-09-22 13:19 - 2011-11-11 18:27 - 00000000 ____D C:\Program Files\Steam
2013-09-22 12:31 - 2012-04-03 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-22 12:31 - 2011-06-10 23:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-20 13:04 - 2012-08-06 04:45 - 00000000 ____D C:\Program Files\Warkeys
2013-09-19 12:50 - 2013-04-12 18:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 09:39 - 2011-05-07 02:25 - 00001288 _____ C:\Users\Felix\Desktop\Opera.lnk
2013-09-19 09:12 - 2010-03-27 16:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 19:40 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\BleServicesCtrl.exe
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\blds.exe
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:41 - 2010-10-21 23:49 - 00000000 ____D C:\Windows\Minidump
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:04 - 2012-05-14 17:28 - 00000000 ____D C:\Program Files\Diablo III
2013-09-05 15:41 - 2011-09-10 13:54 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2013-09-03 17:39 - 2013-01-27 13:25 - 00000000 ___RD C:\Program Files\Skype
2013-09-03 17:39 - 2010-05-30 08:26 - 00000000 ____D C:\ProgramData\Skype
2013-09-03 00:51 - 2010-10-04 00:49 - 00704260 _____ C:\Windows\system32\perfh013.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00702302 _____ C:\Windows\system32\perfh015.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00691606 _____ C:\Windows\system32\prfh0816.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00676264 _____ C:\Windows\system32\prfh0416.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00628960 _____ C:\Windows\system32\perfh01D.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00621616 _____ C:\Windows\system32\perfh01F.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00141260 _____ C:\Windows\system32\perfc015.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00139488 _____ C:\Windows\system32\prfc0816.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00138766 _____ C:\Windows\system32\perfc013.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00134040 _____ C:\Windows\system32\prfc0416.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00129170 _____ C:\Windows\system32\perfc01D.dat
2013-09-03 00:51 - 2010-10-04 00:49 - 00127408 _____ C:\Windows\system32\perfc01F.dat
2013-09-03 00:51 - 2010-10-03 03:24 - 00688088 _____ C:\Windows\system32\perfh019.dat
2013-09-03 00:51 - 2010-10-03 03:24 - 00138202 _____ C:\Windows\system32\perfc019.dat
2013-09-03 00:51 - 2010-10-03 03:14 - 00368066 _____ C:\Windows\system32\prfh0804.dat
2013-09-03 00:51 - 2010-10-03 03:14 - 00109180 _____ C:\Windows\system32\prfc0804.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00702298 _____ C:\Windows\system32\perfh010.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00407258 _____ C:\Windows\system32\perfh012.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00384368 _____ C:\Windows\system32\prfh0404.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00133098 _____ C:\Windows\system32\perfc010.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00109608 _____ C:\Windows\system32\perfc012.dat
2013-09-03 00:51 - 2010-10-02 11:03 - 00104266 _____ C:\Windows\system32\prfc0404.dat
2013-09-03 00:51 - 2010-10-02 08:05 - 00459844 _____ C:\Windows\system32\perfh014.dat
2013-09-03 00:51 - 2010-10-02 08:05 - 00082322 _____ C:\Windows\system32\perfc014.dat
2013-09-03 00:51 - 2010-05-30 02:35 - 00395950 _____ C:\Windows\system32\perfh011.dat
2013-09-03 00:51 - 2010-05-30 02:35 - 00111320 _____ C:\Windows\system32\perfc011.dat
2013-09-03 00:51 - 2009-11-10 20:44 - 16514046 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-28 23:59 - 2012-12-09 00:14 - 00000458 __RSH C:\ProgramData\ntuser.pol
2013-08-28 15:23 - 2013-05-20 12:50 - 00000000 ____D C:\Program Files\Cisco
2013-08-28 15:23 - 2013-05-20 12:46 - 00000000 ____D C:\ProgramData\Cisco
2013-08-26 18:49 - 2013-08-26 18:33 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-26 18:41 - 2008-05-05 21:17 - 00000000 ____D C:\Spiele
2013-08-26 18:40 - 2010-08-30 02:18 - 00021840 ____T C:\Windows\system32\SIntfNT.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00017212 ____T C:\Windows\system32\SIntf32.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00012067 ____T C:\Windows\system32\SIntf16.dll
2013-08-26 18:33 - 2010-05-30 10:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-24 11:13 - 2013-08-24 11:13 - 00023456 _____ C:\Windows\system32\hs_err_pid3592.log
2013-08-24 11:09 - 2013-08-24 11:09 - 00000000 ____D C:\Program Files\Tor

Files to move or delete:
====================
C:\ProgramData\roma1.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2013-09-21 12:55

==================== End Of Log ============================

Gruß Felix

aharonov · 23.09.2013, 16:50

Hallo Felix,

das passt so. Jetzt lass uns noch schnell einen Blick von aussen drauf werfen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Lazy_Leroy · 23.09.2013, 17:08

Hallo Leo,

das hat alles sehr gut geklappt, jedoch kam bei mir keine Anfrage vom Disclaimer.
Hier die FRST - Logfile

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by SYSTEM on MININT-RKAPQMN on 23-09-2013 18:00:35
Running from E:\
Windows 7 Ultimate (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKU\Felix\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
S2 bthsrv; C:\Windows\system32\Drivers\BleServicesCtrl.exe [335872 2013-09-16] ()
S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-12-19] ()
S2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-08-24] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-07-19] (Cisco Systems, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-07-19] (Cisco Systems, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-26] ()
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-10] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-09-25] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-25] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-25] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-08] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-26] ()
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [346192 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [46160 2011-09-15] (Native Instruments GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc.                           )
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [10848 2000-01-26] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-30] (Duplex Secure Ltd.)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-10] (Etron)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-07-19] (Cisco Systems, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Felix\AppData\Local\Temp\catchme.sys [x]
S3 DMSKSSRh; \??\C:\Users\Felix\AppData\Local\Temp\DMSKSSRh.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-08-13] (Kaspersky Lab)
S3 sony_ssm.sys; \??\C:\Users\Felix\AppData\Local\Temp\sony_ssm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-23 16:25 - 2013-09-23 16:25 - 00026156 _____ C:\Users\Felix\Desktop\FRST.txt
2013-09-23 16:22 - 2013-09-23 16:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 15:49 - 2013-09-23 16:22 - 00000000 ____D C:\ComboFix
2013-09-23 15:49 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-23 15:49 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-23 15:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-23 15:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-23 15:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-23 15:49 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-23 15:49 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-23 15:49 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-23 15:48 - 2013-09-23 16:22 - 00000000 ____D C:\Qoobox
2013-09-23 15:37 - 2013-09-23 15:39 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 15:31 - 2013-09-23 15:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 15:23 - 2013-09-23 15:24 - 00000000 ____D C:\AdwCleaner
2013-09-23 15:22 - 2013-09-23 15:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 14:44 - 2013-09-23 14:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 01:33 - 2013-09-23 01:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 01:16 - 2013-09-23 01:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 01:07 - 2013-09-23 14:43 - 00030268 _____ C:\Users\Felix\Desktop\Addition.txt
2013-09-23 01:06 - 2013-09-23 16:54 - 01088367 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-23 01:06 - 2013-09-23 01:06 - 00000000 ____D C:\FRST
2013-09-23 01:04 - 2013-09-23 01:05 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 01:03 - 2013-09-23 01:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 00:16 - 2013-09-22 00:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-21 23:43 - 2013-09-21 23:43 - 00023654 _____ C:\Windows\System32\hs_err_pid896.log
2013-09-16 16:47 - 2013-09-16 16:47 - 00335872 _____ C:\Windows\System32\Drivers\BleServicesCtrl.exe
2013-09-16 16:47 - 2013-09-16 16:47 - 00335872 _____ C:\Windows\System32\Drivers\blds.exe
2013-09-14 17:15 - 2013-09-23 16:07 - 00016446 _____ C:\Windows\PFRO.log
2013-09-12 19:41 - 2013-09-12 19:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 19:40 - 2013-09-12 19:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-01 23:29 - 2013-09-01 23:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-08-31 16:43 - 2013-08-31 16:43 - 00023822 _____ C:\Windows\System32\hs_err_pid1544.log
2013-08-30 11:31 - 2013-08-01 07:54 - 430133457 _____ C:\Users\Felix\Desktop\DSCN0648.MOV
2013-08-30 11:30 - 2013-08-01 10:32 - 72828534 _____ C:\Users\Felix\Desktop\DSCN0663.MOV
2013-08-26 17:49 - 2001-10-23 18:40 - 00019052 ____N C:\Windows\Liesmich.txt
2013-08-26 17:49 - 2001-10-22 15:46 - 00057344 ____N C:\Windows\Launcher.exe
2013-08-26 17:49 - 2001-10-22 13:59 - 00012340 ____N C:\Windows\EULA.txt
2013-08-26 17:49 - 2001-10-19 13:42 - 00000026 ____N C:\Windows\Launcher.ini
2013-08-26 17:33 - 2013-08-26 17:49 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-24 10:13 - 2013-08-24 10:13 - 00023456 _____ C:\Windows\System32\hs_err_pid3592.log
2013-08-24 10:09 - 2013-08-24 10:09 - 00000000 ____D C:\Program Files\Tor

==================== One Month Modified Files and Folders =======

2013-09-23 16:58 - 2013-08-10 15:18 - 01227311 _____ C:\Windows\WindowsUpdate.log
2013-09-23 16:54 - 2013-09-23 01:06 - 01088367 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-23 16:46 - 2011-09-10 12:54 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2013-09-23 16:43 - 2010-05-30 07:53 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Skype
2013-09-23 16:25 - 2013-09-23 16:25 - 00026156 _____ C:\Users\Felix\Desktop\FRST.txt
2013-09-23 16:25 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 16:25 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 16:22 - 2013-09-23 16:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 16:22 - 2013-09-23 15:49 - 00000000 ____D C:\ComboFix
2013-09-23 16:22 - 2013-09-23 15:48 - 00000000 ____D C:\Qoobox
2013-09-23 16:22 - 2009-07-14 03:37 - 00000000 __RHD C:\users\Default
2013-09-23 16:22 - 2009-07-14 03:37 - 00000000 ___RD C:\users\Public
2013-09-23 16:20 - 2011-05-12 19:50 - 00000000 ____D C:\Windows\ERDNT
2013-09-23 16:11 - 2012-09-16 21:04 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2013-09-23 16:09 - 2012-09-16 21:11 - 00000000 ___RD C:\Users\Felix\Dropbox
2013-09-23 16:08 - 2012-09-25 15:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-23 16:08 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 16:07 - 2013-09-14 17:15 - 00016446 _____ C:\Windows\PFRO.log
2013-09-23 16:07 - 2013-08-09 00:43 - 00004178 _____ C:\Windows\setupact.log
2013-09-23 16:07 - 2009-07-14 03:03 - 99090432 _____ C:\Windows\System32\config\software.bak
2013-09-23 16:07 - 2009-07-14 03:03 - 19660800 _____ C:\Windows\System32\config\system.bak
2013-09-23 16:07 - 2009-07-14 03:03 - 00524288 _____ C:\Windows\System32\config\default.bak
2013-09-23 16:07 - 2009-07-14 03:03 - 00069632 _____ C:\Windows\System32\config\sam.bak
2013-09-23 16:07 - 2009-07-14 03:03 - 00028672 _____ C:\Windows\System32\config\security.bak
2013-09-23 15:39 - 2013-09-23 15:37 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 15:31 - 2013-09-23 15:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 15:24 - 2013-09-23 15:23 - 00000000 ____D C:\AdwCleaner
2013-09-23 15:24 - 2010-05-30 09:01 - 00000000 ____D C:\ProgramData\ICQ
2013-09-23 15:22 - 2013-09-23 15:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 14:44 - 2013-09-23 14:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 14:43 - 2013-09-23 01:07 - 00030268 _____ C:\Users\Felix\Desktop\Addition.txt
2013-09-23 01:33 - 2013-09-23 01:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 01:16 - 2013-09-23 01:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 01:06 - 2013-09-23 01:06 - 00000000 ____D C:\FRST
2013-09-23 01:05 - 2013-09-23 01:04 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 01:03 - 2013-09-23 01:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 17:27 - 2012-02-23 19:45 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-22 17:27 - 2009-07-22 22:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-22 17:26 - 2010-08-25 23:58 - 00000000 ____D C:\Users\Felix\Documents\TrackMania
2013-09-22 17:23 - 2010-08-07 10:56 - 00000000 ___RD C:\Users\Felix\Desktop\Felix
2013-09-22 17:15 - 2010-08-25 23:58 - 00000000 ____D C:\ProgramData\TrackMania
2013-09-22 12:19 - 2011-11-11 17:27 - 00000000 ____D C:\Program Files\Steam
2013-09-22 11:31 - 2012-04-03 06:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-22 11:31 - 2011-06-10 22:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-22 00:16 - 2013-09-22 00:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-21 23:43 - 2013-09-21 23:43 - 00023654 _____ C:\Windows\System32\hs_err_pid896.log
2013-09-20 12:04 - 2012-08-06 03:45 - 00000000 ____D C:\Program Files\Warkeys
2013-09-19 11:50 - 2013-04-12 17:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 08:39 - 2011-05-07 01:25 - 00001288 _____ C:\Users\Felix\Desktop\Opera.lnk
2013-09-19 08:12 - 2010-03-27 15:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-16 16:47 - 2013-09-16 16:47 - 00335872 _____ C:\Windows\System32\Drivers\BleServicesCtrl.exe
2013-09-16 16:47 - 2013-09-16 16:47 - 00335872 _____ C:\Windows\System32\Drivers\blds.exe
2013-09-12 19:41 - 2013-09-12 19:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 19:41 - 2010-10-21 22:49 - 00000000 ____D C:\Windows\Minidump
2013-09-12 19:40 - 2013-09-12 19:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-06 14:04 - 2012-05-14 16:28 - 00000000 ____D C:\Program Files\Diablo III
2013-09-03 16:39 - 2013-01-27 12:25 - 00000000 ___RD C:\Program Files\Skype
2013-09-03 16:39 - 2010-05-30 07:26 - 00000000 ____D C:\ProgramData\Skype
2013-09-02 23:51 - 2010-10-03 23:49 - 00704260 _____ C:\Windows\System32\perfh013.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00702302 _____ C:\Windows\System32\perfh015.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00691606 _____ C:\Windows\System32\prfh0816.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00676264 _____ C:\Windows\System32\prfh0416.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00628960 _____ C:\Windows\System32\perfh01D.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00621616 _____ C:\Windows\System32\perfh01F.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00141260 _____ C:\Windows\System32\perfc015.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00139488 _____ C:\Windows\System32\prfc0816.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00138766 _____ C:\Windows\System32\perfc013.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00134040 _____ C:\Windows\System32\prfc0416.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00129170 _____ C:\Windows\System32\perfc01D.dat
2013-09-02 23:51 - 2010-10-03 23:49 - 00127408 _____ C:\Windows\System32\perfc01F.dat
2013-09-02 23:51 - 2010-10-03 02:24 - 00688088 _____ C:\Windows\System32\perfh019.dat
2013-09-02 23:51 - 2010-10-03 02:24 - 00138202 _____ C:\Windows\System32\perfc019.dat
2013-09-02 23:51 - 2010-10-03 02:14 - 00368066 _____ C:\Windows\System32\prfh0804.dat
2013-09-02 23:51 - 2010-10-03 02:14 - 00109180 _____ C:\Windows\System32\prfc0804.dat
2013-09-02 23:51 - 2010-10-02 10:03 - 00702298 _____ C:\Windows\System32\perfh010.dat
2013-09-02 23:51 - 2010-10-02 10:03 - 00407258 _____ C:\Windows\System32\perfh012.dat
2013-09-02 23:51 - 2010-10-02 10:03 - 00384368 _____ C:\Windows\System32\prfh0404.dat
2013-09-02 23:51 - 2010-10-02 10:03 - 00133098 _____ C:\Windows\System32\perfc010.dat
2013-09-02 23:51 - 2010-10-02 10:03 - 00109608 _____ C:\Windows\System32\perfc012.dat
2013-09-02 23:51 - 2010-10-02 10:03 - 00104266 _____ C:\Windows\System32\prfc0404.dat
2013-09-02 23:51 - 2010-10-02 07:05 - 00459844 _____ C:\Windows\System32\perfh014.dat
2013-09-02 23:51 - 2010-10-02 07:05 - 00082322 _____ C:\Windows\System32\perfc014.dat
2013-09-02 23:51 - 2010-05-30 01:35 - 00395950 _____ C:\Windows\System32\perfh011.dat
2013-09-02 23:51 - 2010-05-30 01:35 - 00111320 _____ C:\Windows\System32\perfc011.dat
2013-09-02 23:51 - 2009-11-10 19:44 - 16514046 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-01 23:29 - 2013-09-01 23:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-08-31 16:43 - 2013-08-31 16:43 - 00023822 _____ C:\Windows\System32\hs_err_pid1544.log
2013-08-28 22:59 - 2012-12-08 23:14 - 00000458 __RSH C:\ProgramData\ntuser.pol
2013-08-28 14:23 - 2013-05-20 11:50 - 00000000 ____D C:\Program Files\Cisco
2013-08-28 14:23 - 2013-05-20 11:46 - 00000000 ____D C:\ProgramData\Cisco
2013-08-26 17:49 - 2013-08-26 17:33 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-26 17:41 - 2008-05-05 20:17 - 00000000 ____D C:\Spiele
2013-08-26 17:40 - 2010-08-30 01:18 - 00021840 ____T C:\Windows\System32\SIntfNT.dll
2013-08-26 17:40 - 2010-08-30 01:18 - 00017212 ____T C:\Windows\System32\SIntf32.dll
2013-08-26 17:40 - 2010-08-30 01:18 - 00012067 ____T C:\Windows\System32\SIntf16.dll
2013-08-26 17:33 - 2010-05-30 09:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-24 10:13 - 2013-08-24 10:13 - 00023456 _____ C:\Windows\System32\hs_err_pid3592.log
2013-08-24 10:09 - 2013-08-24 10:09 - 00000000 ____D C:\Program Files\Tor

Files to move or delete:
====================
C:\ProgramData\roma1.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-26 17:32:54
Restore point made on: 2013-08-26 17:37:21
Restore point made on: 2013-08-26 17:38:13
Restore point made on: 2013-08-26 17:39:27
Restore point made on: 2013-08-26 17:42:36
Restore point made on: 2013-08-26 17:47:39
Restore point made on: 2013-08-26 17:49:28
Restore point made on: 2013-09-05 14:08:41
Restore point made on: 2013-09-15 15:26:37
Restore point made on: 2013-09-22 00:16:42
Restore point made on: 2013-09-23 15:53:38

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3070.18 MB
Available physical RAM: 2583.72 MB
Total Pagefile: 3068.45 MB
Available Pagefile: 2581.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:462.4 GB) (Free:48.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EEARTH) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
Drive e: (Lexar) (Removable) (Total:3.73 GB) (Free:0.01 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 23F12D67)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=462 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-09-21 11:55

==================== End Of Log ============================

Gruß Felix

aharonov · 23.09.2013, 17:23

Ok, dann wieder im normalen Modus weiter:

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-08-24] ()
R2 AdobeFlashPlayerUpdateSvc; C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [3233806 2013-08-24] ()
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
2013-08-24 11:09 - 2013-08-24 11:09 - 00000000 ____D C:\Program Files\Tor
C:\ProgramData\roma1.exe
testsigning on:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte noch einmal FRST.

Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von FRST
Log von MBAM
Log von ESET
Logs von FRST

Lazy_Leroy · 24.09.2013, 13:36

Hallo Leo,

sorry, dass ich erst heute wieder antworte, der ESET Scan hat gestern 6 Stunden gedauert, ich war dann zu faul auch noch FRST laufen zu lassen

.

Hier sind die Logs:

Fixlog von FRST

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-09-2013
Ran by Felix at 2013-09-23 18:25:43 Run:1
Running from C:\Users\Felix\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-08-24] ()
R2 AdobeFlashPlayerUpdateSvc; C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [3233806 2013-08-24] ()
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
2013-08-24 11:09 - 2013-08-24 11:09 - 00000000 ____D C:\Program Files\Tor
C:\ProgramData\roma1.exe
testsigning on:
*****************

tor => Service deleted successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service => Moved successfully.
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe => Moved successfully.
C:\Program Files\Tor => Moved successfully.
C:\ProgramData\roma1.exe => Moved successfully.

Der Vorgang wurde erfolgreich beendet.


The system needs a manual reboot. 

==== End of Fixlog ====

Log von MBAM

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.23.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Felix :: SPIELEPC [Administrator]

23/09/2013 18:28:45
mbam-log-2013-09-23 (18-28-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233312
Laufzeit: 12 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\FRST\Quarantine\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> 1908 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYERUPDATESERVICE.EXE (Trojan.Sefnit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\FRST\Quarantine\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Löschen bei Neustart.
C:\Windows\System32\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Log von ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=900893744d3b634aa8159a6274cd7de5
# engine=15231
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-23 11:43:26
# local_time=2013-09-24 01:43:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 99 31394712 34749728 0 0
# compatibility_mode=5893 16776574 100 94 33996282 131610997 0 0
# scanned=661368
# found=26
# cleaned=0
# scan_time=24458
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=60E3E4227497AD83885E859903CB98D769ED9B9C ft=1 fh=c71c0011e1c26d8e vn="Win32/Agent.PBI trojan" ac=I fn="C:\FRST\Quarantine\Windows Internet Name Service\wins.exe"
sh=E9DFC9B6122A0B3FE3BFDE33E694AFB3F0857FD3 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2bafee12-4f969c8f"
sh=5E7C2862D93757DB70A0A84E120DFC48E3C51069 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\60bacdc2-745bfedd"
sh=E4B149CF066E72F0F98605F57D2BE084EB25E04E ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\2f11bad4-2875c56b"
sh=DD10347704721A5A0C83FAC52DEA0AF439748056 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\72973a98-109f79fb"
sh=A76A4B700D4358A31571A39940289F2E0ED05D2B ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\d496a5a-195561ed"
sh=274B6246BD9BF976D7D2BFC91453A9046009C146 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-4681.BU trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\3516d61b-5d69660e"
sh=235A2EF47B10EC6FC31749824E79CE81AF6BBD92 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\144745dc-2f1fcdcf"
sh=E094CFE4D85D8748A67E7AAC3C574F2DBBBB2386 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\9df6620-62ac7fb0"
sh=E792284D01C379D9A6E50578ACBF96CAB0A772B3 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\25cafa2-2dc4676e"
sh=DFCBA0F071ED43AF75E13121D2208D7D39C647DF ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\45dbf9a3-27e5e973"
sh=23215F0DC475BDE828F3A8EFF90BF3F9A81967DA ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4d543727-1ce38434"
sh=68EE7195289EB13A158550E257C3C06C5B0280EA ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6d63d804-45fa7c4c"
sh=68EE7195289EB13A158550E257C3C06C5B0280EA ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6bb90b6a-60b50cdd"
sh=95E9B3B89B294C363F87A08040F782B37C4A5DAC ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\513306ad-148b97d7"
sh=EFEABEE7CD0C4700A67B66519BBE6F4077863264 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\5804fa2d-709d13d6"
sh=E5C246B55A487B416DBCCB31AB12D4311E78F379 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\67eee06d-2bf50f64"
sh=3B7C26E7140CEFB52F7C358B4A363FE9D9E60ECC ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\24a35b30-4da8bd48"
sh=E92E8C4D12BCFA430A2EDF1D28E028F1270542A3 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NAX trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\499a7f70-627589f3"
sh=257EBF3D1A7919301B3851F78CB30738186055B3 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\11da6005-5eb69579"
sh=CFA9479A57A45992943B09A4D888CA4972F7DE08 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-4681.BU trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\1054caf4-576c7a0b"
sh=9E862F3EB39C6FB364716A58E6ED1477AF559E8E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-5076.W trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6d8530b9-33b66dce"
sh=24DBF24D82443A50A3D6F69BF09061618458623A ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\33dbc47b-4d5a8ec4"
sh=76EA77352538014CE8C7058C68E1D72068F26966 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\79d4eebe-31d06029"
sh=357075BCB21573CB19E9C65EDF242B3506FCD8FC ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NFH trojan" ac=I fn="C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\36afef47-7b2afacc"

Logs von FRST
- Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2013
Ran by Felix at 2013-09-24 14:27:34
Running from C:\Users\Felix\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Anno 1701 (Version: 1.00)
ANNO 2070 (Version: 1.0.0.0)
Assassin's Creed(R) III v1.06 (Version: 1.06)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Audacity 2.0.2 (Version: 2.0.2)
Bloodline Champions
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner (Version: 4.04)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.04063)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04063)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
Defraggler (Version: 2.12)
Diablo II
Diablo III (Version: 1.0.8.16603)
Dropbox (HKCU Version: 2.0.22)
Empire Earth
Free YouTube Download version 3.2.2.430 (Version: 3.2.2.430)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
Freiwild-Tabs Version 1.2 (Version: 1.2)
Happy Cloud Client (HKCU Version: 1.342)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photosmart 5510 series - Grundlegende Software für das Gerät (Version: 24.0.342.0)
HP Update (Version: 5.005.000.001)
HPDiagnosticAlert (Version: 1.00.0000)
IrfanView (remove only) (Version: 4.32)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java SE Development Kit 7 Update 7 (Version: 1.7.0.70)
JavaFX 2.0.3 (Version: 2.0.3)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
League of Legends (Version: 1.02.0000)
Magicka
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 17.0.9 (x86 en-US) (Version: 17.0.9)
Mozilla Maintenance Service (Version: 17.0.9)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Native Instruments Abbey Road 60s Drums Vintage
Native Instruments Abbey Road 60s Drums Vintage (Version: 1.1.0.002)
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.4.3.891)
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig 5 (Version: 5.0.0.2354)
Native Instruments Guitar Rig Elements for Maschine
Native Instruments Guitar Rig Elements for Maschine (Version: 1.0.0.001)
Native Instruments Komplete Elements Mk2
Native Instruments Komplete Elements Mk2 (Version: 8.0.0.003)
Native Instruments Kontakt 5
Native Instruments Kontakt 5 (Version: 5.0.0.5133)
Native Instruments Kontakt Elements Selection R2
Native Instruments Kontakt Elements Selection R2 (Version: 1.1.0.003)
Native Instruments Maschine
Native Instruments Maschine (Version: 1.7.2.7746)
Native Instruments Maschine Controller
Native Instruments Maschine Controller (Version: 3.0.1.648)
Native Instruments Maschine Mikro
Native Instruments Maschine Mikro (Version: 3.0.2.664)
Native Instruments Reaktor 5
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor Elements Selection
Native Instruments Reaktor Elements Selection (Version: 1.1.0.003)
Native Instruments Reaktor Spark R2
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.3.2.926)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10)
nGlide 1.01 (Version: 1.01)
Oblivion (Version: 1.00.0000)
OpenAL
OpenOffice.org 3.3 (Version: 3.3.9567)
osu! (Version: 0.0.0.0)
Path of Exile (Version: 0.11.5.27504)
PunkBuster Services (Version: 0.991)
PVSonyDll (Version: 1.00.0001)
Sid Meier's Civilization V
simplitec simplicheck (Version: 1.2.2.0)
Skype™ 6.6 (Version: 6.6.106)
SPEEDLINK REFLECT (Version: 1.0.3.5)
SpellForce (Version: SpellForce v1.52)
StarCraft II (Version: 2.0.6.25180)
Steam (Version: 1.0.0.0)
The Secret World (Version: 1.0.0)
Titan Quest (Version: 1.00.0000)
TuxGuitar (Version: 1.2)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Uplay (Version: 2.0)
VLC media player 2.0.1 (Version: 2.0.1)
Warcraft III
Warcraft III: All Products
WinDirStat 1.1.2
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR
Wireshark 1.8.6 (32-bit) (Version: 1.8.6)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159)
World of Tanks v.0.6.6
XCOM: Enemy Unknown
Zip Motion Block Video codec (Remove Only)

==================== Restore Points  =========================

05-09-2013 13:04:27 Geplanter Prüfpunkt
15-09-2013 14:23:53 Geplanter Prüfpunkt
21-09-2013 23:14:21 Installed Path of Exile
23-09-2013 14:50:05 ComboFix created restore point
23-09-2013 23:49:09 Windows Update
24-09-2013 10:20:56 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-09-23 17:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A907A1F-E47D-49E9-8EE2-8D10221D591D} - System32\Tasks\{0422B9AF-031C-4C49-BFE0-54C8AD664AAA} => C:\Spiele\The Witcher\launcher.exe
Task: {166C1CA1-2393-451A-9762-B7E716BE488B} - System32\Tasks\{56312B0D-6489-43C3-8208-53E30F3BBEB3} => C:\Spiele\The Witcher\launcher.exe
Task: {25853F21-CCFA-464A-9298-B2298586222A} - System32\Tasks\{BD1331B9-6EB3-46C9-9E98-A2835D67B60A} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {3E8A2A7B-4041-4097-B3CC-289BF3F7D153} - System32\Tasks\{4C9EB581-77A3-42B1-AB33-FC6A767AC9C3} => C:\Spiele\The Witcher\System\witcher.exe
Task: {4B72A692-B3C8-40A6-8368-7A994AEF4232} - System32\Tasks\{B996A4D1-2CD1-45D7-9BEE-DB6BB3CBEF53} => C:\Spiele\The Witcher\launcher.exe
Task: {52C0736F-9FDD-434A-B2D9-D337F47DBD20} - System32\Tasks\{3B585831-C76C-4AE0-AFCC-99DB728E4D14} => D:\INSTALL.EXE
Task: {55DD84C3-35F9-4063-8A58-4EA5F3AFFE33} - System32\Tasks\{6DB36E90-1E4E-44F7-A658-8E036A02B52F} => C:\Spiele\Counter Strike\launcher.exe [2009-08-16] (SAIC)
Task: {5AA6A74A-A043-45BF-96E9-53B2DB70AFDB} - System32\Tasks\{6F773618-B8E6-46F6-82DD-3567FF121BC5} => D:\SETUP.EXE [2001-04-11] (InstallShield Software Corporation)
Task: {6E3BB79F-05EC-4268-BF19-0AB064C4F5CC} - System32\Tasks\{55982C84-23FD-4F2C-BEA7-FC6F48196F30} => C:\Spiele\Counter Strike\launcher.exe [2009-08-16] (SAIC)
Task: {78E3EFBE-849B-41C7-9A1B-AB60580BC225} - System32\Tasks\CPU Grid Computing => C:\Windows\system32\dfrg\runner.exe
Task: {8610BE2B-E867-4964-ACB5-BECEB8B08721} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {866C9273-1F45-4057-B647-B1A3067BF088} - System32\Tasks\{AFC9A184-CD88-4DAD-B032-9FCEAE6D391E} => C:\Spiele\Counter Strike\launcher.exe [2009-08-16] (SAIC)
Task: {8ACD8913-B832-434C-8DD8-EB4747FD1C62} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {8FE2C943-7432-46B1-B6B9-1E374061BFBA} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {9194A344-D52E-4A51-B2FB-C6F70B28DEFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {92636CD8-1085-43C4-AA9B-EFB6AC0DBA40} - System32\Tasks\{A4029463-7890-495D-8E3A-278333F8AC6F} => C:\Spiele\Diablo\Spawn\diablo_s.exe
Task: {9F97A3F0-0930-44CF-82DA-186A12C4EC69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {A1C12979-CBB4-458C-8440-F4BC9FABA5CF} - System32\Tasks\{8D770AAD-FB4D-4FDD-A3C7-38AD4AA18709} => C:\Spiele\Diablo\Spawn\diablo_s.exe
Task: {A7123E14-E753-453E-8902-EF2A187E41E3} - System32\Tasks\{22996621-E603-444B-9F77-CE09E83A2001} => C:\Spiele\The Witcher\launcher.exe
Task: {AC672A8B-69D3-4E01-8CB0-88159A237B49} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exe [2013-09-16] ()
Task: {C49BBBA5-2DE3-4435-9FE9-1A57C7F655A8} - System32\Tasks\{03F0A3CC-4DBD-4B95-98EF-9CEC49750E5C} => C:\Spiele\The Witcher\launcher.exe
Task: {CAF62A1B-ADD7-47A0-8D2F-8981E7C820DE} - System32\Tasks\{4C683D8F-0E78-4E30-BC59-9D169771431E} => C:\Spiele\The Witcher\launcher.exe
Task: {CF22565C-777A-4260-8DD5-09691B737FDA} - System32\Tasks\{26EEB8BA-8987-430E-9872-BBE7FC92E42D} => C:\Spiele\The Witcher\System\witcher.exe
Task: {E5D6F25E-8D62-41E3-8B36-890CB2DA3C63} - System32\Tasks\{ECF4F5EB-0A63-48AC-BA0E-88C37D8DA43D} => C:\Users\Felix\Desktop\visualboy_advance\VisualBoyAdvance.exe
Task: {F8B9AD3E-4D53-4B28-A907-290580332F0A} - System32\Tasks\{05835C77-3FEC-4075-9398-16ABF335D36A} => C:\Spiele\The Witcher\launcher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-05-17 16:45 - 2013-05-17 16:45 - 00130736 _____ (Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2013-07-19 23:29 - 2013-07-19 23:29 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files\Skype\Updater\Updater.dll
2009-03-04 09:52 - 2009-03-04 09:52 - 00372736 _____ () C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
2008-12-29 17:13 - 2008-12-29 17:13 - 00204800 _____ () C:\Program Files\NETGEAR\WG111v3\KJLog.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Felix\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Felix\AppData\Roaming\Dropbox\bin\icudt.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 16192864 _____ (Opera Software) C:\Program Files\Opera\Opera.dll
2013-09-22 12:31 - 2013-09-22 12:31 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
2010-12-15 15:49 - 2013-07-06 12:07 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
2011-12-08 14:34 - 2013-07-06 12:07 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
2011-01-29 01:56 - 2013-07-06 12:07 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2013 02:27:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003d77b0
ID des fehlerhaften Prozesses: 0x69c
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 02:24:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006377b0
ID des fehlerhaften Prozesses: 0x96c
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 02:22:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006277b0
ID des fehlerhaften Prozesses: 0xd84
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 02:19:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006477b0
ID des fehlerhaften Prozesses: 0x57c
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 02:16:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x007c77b0
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 00:22:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006977b0
ID des fehlerhaften Prozesses: 0x1054
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 00:20:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x007277b0
ID des fehlerhaften Prozesses: 0x1708
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 00:17:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x007177b0
ID des fehlerhaften Prozesses: 0x5a8
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 00:14:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006677b0
ID des fehlerhaften Prozesses: 0x13f0
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3

Error: (09/24/2013 00:12:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BleServicesCtrl.exe, Version: 2.1.1.137, Zeitstempel: 0x5231cb10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006577b0
ID des fehlerhaften Prozesses: 0xd3c
Startzeit der fehlerhaften Anwendung: 0xBleServicesCtrl.exe0
Pfad der fehlerhaften Anwendung: BleServicesCtrl.exe1
Pfad des fehlerhaften Moduls: BleServicesCtrl.exe2
Berichtskennung: BleServicesCtrl.exe3


System errors:
=============
Error: (09/24/2013 02:27:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2013 02:24:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2013 02:23:05 PM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (09/24/2013 02:22:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 3 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2013 02:19:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2013 02:16:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2013 00:22:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 34 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2013 00:20:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 33 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2013 00:17:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 32 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2013 00:14:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 31 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-22 20:28:09.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 20:28:09.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 20:28:09.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 18:52:29.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 18:52:29.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 18:52:29.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 14:35:44.475
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 14:35:44.473
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 14:35:44.471
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-22 14:35:44.465
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 3070.18 MB
Available physical RAM: 1230.56 MB
Total Pagefile: 6138.64 MB
Available Pagefile: 3966 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:462.4 GB) (Free:46.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EEARTH) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
Drive g: (Lexar) (Removable) (Total:3.73 GB) (Free:0.01 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 23F12D67)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=462 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

- FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by Felix (administrator) on SPIELEPC on 24-09-2013 14:26:16
Running from C:\Users\Felix\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Opera Software) C:\Program Files\Opera\opera.exe
() C:\Windows\system32\Drivers\BleServicesCtrl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC7BB2A689FFCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\searchplugins-backup
FF Extension: Battlefield Heroes Updater - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\plugin@videofiledownload.com
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF Extension: ciuvo-extension - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
R2 bthsrv; C:\Windows\system32\Drivers\BleServicesCtrl.exe [335872 2013-09-16] ()
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-12-19] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-07-19] (Cisco Systems, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-07-19] (Cisco Systems, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-26] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-10] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-09-25] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-08] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-26] ()
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [346192 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [46160 2011-09-15] (Native Instruments GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc.                           )
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [10848 2000-01-26] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-30] (Duplex Secure Ltd.)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-10] (Etron)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-07-19] (Cisco Systems, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Felix\AppData\Local\Temp\catchme.sys [x]
S3 DMSKSSRh; \??\C:\Users\Felix\AppData\Local\Temp\DMSKSSRh.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-08-13] (Kaspersky Lab)
S3 sony_ssm.sys; \??\C:\Users\Felix\AppData\Local\Temp\sony_ssm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 14:25 - 2013-09-24 14:25 - 01088653 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-24 11:31 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-24 03:56 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-24 03:56 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-24 03:08 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-24 03:08 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-24 03:08 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-24 03:08 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-24 03:07 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-24 03:07 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-24 03:07 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-24 03:07 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-24 03:07 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-24 02:50 - 2013-09-24 02:53 - 00000000 ____D C:\Windows\system32\MRT
2013-09-24 02:02 - 2013-09-24 02:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-24 02:02 - 2013-09-24 02:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-24 02:02 - 2013-09-24 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-24 02:02 - 2013-09-24 02:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-24 02:02 - 2013-09-24 02:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-24 02:02 - 2013-09-24 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-24 02:01 - 2013-09-24 02:01 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-24 01:59 - 2013-09-24 01:59 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-24 01:57 - 2013-09-24 01:57 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-24 01:54 - 2013-09-24 02:47 - 00048389 _____ C:\Windows\IE10_main.log
2013-09-23 23:34 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-23 23:34 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-23 23:34 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-23 23:34 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-09-23 23:34 - 2012-08-22 19:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-23 23:34 - 2012-07-04 21:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-09-23 23:32 - 2013-04-12 15:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-23 23:31 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-23 23:31 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-23 23:28 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-23 23:23 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-23 23:22 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-09-23 23:21 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-23 23:21 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-23 23:21 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-23 23:21 - 2013-03-19 06:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-23 23:21 - 2013-03-19 06:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-23 23:21 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-09-23 23:21 - 2013-03-19 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-23 23:21 - 2012-08-21 22:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-09-23 23:20 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-23 23:20 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-23 23:20 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-23 23:09 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-23 23:09 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-23 23:09 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-23 23:08 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\system32\locale.nls
2013-09-23 23:08 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-09-23 23:08 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-09-23 23:08 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-23 23:07 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-23 23:07 - 2013-01-03 07:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-23 23:07 - 2012-08-22 19:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-23 23:05 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-23 23:04 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-23 23:04 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-23 23:01 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-23 23:01 - 2013-04-10 07:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-23 23:01 - 2013-04-10 07:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-23 23:00 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-09-23 23:00 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-09-23 23:00 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-09-23 22:59 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-23 19:54 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-23 19:54 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-23 19:54 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-23 19:54 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-23 19:54 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-23 19:52 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-09-23 19:52 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-23 19:51 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-23 19:51 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-23 19:51 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-23 19:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-23 18:07 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-23 18:07 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-23 18:06 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-23 18:06 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-23 18:06 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-23 17:22 - 2013-09-23 17:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 16:49 - 2013-09-23 17:22 - 00000000 ____D C:\ComboFix
2013-09-23 16:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-23 16:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-23 16:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-23 16:48 - 2013-09-23 17:22 - 00000000 ____D C:\Qoobox
2013-09-23 16:37 - 2013-09-23 16:39 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 16:31 - 2013-09-23 16:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 16:23 - 2013-09-23 16:24 - 00000000 ____D C:\AdwCleaner
2013-09-23 16:22 - 2013-09-23 16:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 15:44 - 2013-09-23 15:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 02:33 - 2013-09-23 02:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 02:16 - 2013-09-23 02:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 02:06 - 2013-09-23 18:25 - 00000000 ____D C:\FRST
2013-09-23 02:04 - 2013-09-23 02:05 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\BleServicesCtrl.exe
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\blds.exe
2013-09-14 18:15 - 2013-09-24 10:40 - 00017592 _____ C:\Windows\PFRO.log
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-30 12:31 - 2013-08-01 08:54 - 430133457 _____ C:\Users\Felix\Desktop\DSCN0648.MOV
2013-08-30 12:30 - 2013-08-01 11:32 - 72828534 _____ C:\Users\Felix\Desktop\DSCN0663.MOV
2013-08-26 18:49 - 2001-10-23 19:40 - 00019052 ____N C:\Windows\Liesmich.txt
2013-08-26 18:49 - 2001-10-22 16:46 - 00057344 ____N C:\Windows\Launcher.exe
2013-08-26 18:49 - 2001-10-22 14:59 - 00012340 ____N C:\Windows\EULA.txt
2013-08-26 18:49 - 2001-10-19 14:42 - 00000026 ____N C:\Windows\Launcher.ini
2013-08-26 18:33 - 2013-08-26 18:49 - 00000196 _____ C:\Windows\SIERRA.INI

==================== One Month Modified Files and Folders =======

2013-09-24 14:26 - 2013-08-10 16:18 - 01222472 _____ C:\Windows\WindowsUpdate.log
2013-09-24 14:25 - 2013-09-24 14:25 - 01088653 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-24 14:21 - 2010-10-04 00:49 - 00704260 _____ C:\Windows\system32\perfh013.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00702302 _____ C:\Windows\system32\perfh015.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00691606 _____ C:\Windows\system32\prfh0816.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00676264 _____ C:\Windows\system32\prfh0416.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00628960 _____ C:\Windows\system32\perfh01D.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00621616 _____ C:\Windows\system32\perfh01F.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00141260 _____ C:\Windows\system32\perfc015.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00139488 _____ C:\Windows\system32\prfc0816.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00138766 _____ C:\Windows\system32\perfc013.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00134040 _____ C:\Windows\system32\prfc0416.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00129170 _____ C:\Windows\system32\perfc01D.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00127408 _____ C:\Windows\system32\perfc01F.dat
2013-09-24 14:21 - 2010-10-03 03:24 - 00688088 _____ C:\Windows\system32\perfh019.dat
2013-09-24 14:21 - 2010-10-03 03:24 - 00138202 _____ C:\Windows\system32\perfc019.dat
2013-09-24 14:21 - 2010-10-03 03:14 - 00368066 _____ C:\Windows\system32\prfh0804.dat
2013-09-24 14:21 - 2010-10-03 03:14 - 00109180 _____ C:\Windows\system32\prfc0804.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00702298 _____ C:\Windows\system32\perfh010.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00407258 _____ C:\Windows\system32\perfh012.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00384368 _____ C:\Windows\system32\prfh0404.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00133098 _____ C:\Windows\system32\perfc010.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00109608 _____ C:\Windows\system32\perfc012.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00104266 _____ C:\Windows\system32\prfc0404.dat
2013-09-24 14:21 - 2010-10-02 08:05 - 00459844 _____ C:\Windows\system32\perfh014.dat
2013-09-24 14:21 - 2010-10-02 08:05 - 00082322 _____ C:\Windows\system32\perfc014.dat
2013-09-24 14:21 - 2010-05-30 02:35 - 00395950 _____ C:\Windows\system32\perfh011.dat
2013-09-24 14:21 - 2010-05-30 02:35 - 00111320 _____ C:\Windows\system32\perfc011.dat
2013-09-24 14:21 - 2009-11-10 20:44 - 16514046 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 14:20 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 14:20 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 14:18 - 2010-05-30 08:53 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Skype
2013-09-24 14:17 - 2012-09-25 16:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-24 14:17 - 2012-09-16 22:11 - 00000000 ___RD C:\Users\Felix\Dropbox
2013-09-24 14:17 - 2012-09-16 22:04 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2013-09-24 14:14 - 2013-08-09 01:43 - 00004458 _____ C:\Windows\setupact.log
2013-09-24 14:14 - 2012-04-03 07:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 14:14 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 11:36 - 2011-11-11 18:27 - 00000000 ____D C:\Program Files\Steam
2013-09-24 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-24 10:54 - 2009-10-14 05:07 - 00000000 ____D C:\Windows\Panther
2013-09-24 10:54 - 2009-07-14 06:33 - 00442272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\uk-UA
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\th-TH
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sl-SI
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sk-SK
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ro-RO
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\lv-LV
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\lt-LT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hr-HR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\he-IL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\et-EE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\bg-BG
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ar-SA
2013-09-24 10:45 - 2010-10-05 23:59 - 00000000 ____D C:\Windows\system32\Drivers\el-GR
2013-09-24 10:45 - 2010-10-04 00:30 - 00000000 ____D C:\Windows\system32\Drivers\tr-TR
2013-09-24 10:45 - 2010-10-04 00:30 - 00000000 ____D C:\Windows\system32\Drivers\hu-HU
2013-09-24 10:45 - 2010-10-04 00:29 - 00000000 ____D C:\Windows\system32\Drivers\pt-PT
2013-09-24 10:45 - 2010-10-04 00:28 - 00000000 ____D C:\Windows\system32\Drivers\nl-NL
2013-09-24 10:45 - 2010-10-04 00:27 - 00000000 ____D C:\Windows\system32\Drivers\sv-SE
2013-09-24 10:45 - 2010-10-04 00:27 - 00000000 ____D C:\Windows\system32\Drivers\ar-SA
2013-09-24 10:45 - 2010-10-04 00:26 - 00000000 ____D C:\Windows\system32\Drivers\pl-PL
2013-09-24 10:45 - 2010-10-04 00:24 - 00000000 ____D C:\Windows\system32\Drivers\pt-BR
2013-09-24 10:45 - 2010-10-03 03:23 - 00000000 ____D C:\Windows\system32\Drivers\ru-RU
2013-09-24 10:45 - 2010-10-03 03:12 - 00000000 ____D C:\Windows\system32\Drivers\zh-CN
2013-09-24 10:45 - 2010-10-02 10:43 - 00000000 ____D C:\Windows\system32\Drivers\zh-TW
2013-09-24 10:45 - 2010-10-02 10:43 - 00000000 ____D C:\Windows\system32\Drivers\it-IT
2013-09-24 10:45 - 2010-10-02 10:42 - 00000000 ____D C:\Windows\system32\Drivers\ko-KR
2013-09-24 10:45 - 2010-10-02 10:42 - 00000000 ____D C:\Windows\system32\Drivers\fr-FR
2013-09-24 10:45 - 2010-10-02 10:40 - 00000000 ____D C:\Windows\system32\Drivers\fi-FI
2013-09-24 10:45 - 2010-10-02 08:05 - 00000000 ____D C:\Windows\system32\Drivers\nb-NO
2013-09-24 10:45 - 2010-05-30 02:34 - 00000000 ____D C:\Windows\system32\Drivers\ja-JP
2013-09-24 10:45 - 2010-05-30 02:30 - 00000000 ____D C:\Windows\system32\Drivers\he-IL
2013-09-24 10:45 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-24 10:45 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-24 10:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-24 10:44 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-24 10:40 - 2013-09-14 18:15 - 00017592 _____ C:\Windows\PFRO.log
2013-09-24 10:40 - 2011-11-09 01:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-24 03:45 - 2012-01-06 12:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-24 02:55 - 2009-07-14 04:04 - 00000502 _____ C:\Windows\win.ini
2013-09-24 02:53 - 2013-09-24 02:50 - 00000000 ____D C:\Windows\system32\MRT
2013-09-24 02:47 - 2013-09-24 01:54 - 00048389 _____ C:\Windows\IE10_main.log
2013-09-24 02:02 - 2013-09-24 02:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-24 02:02 - 2013-09-24 02:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-24 02:02 - 2013-09-24 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-24 02:02 - 2013-09-24 02:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-24 02:02 - 2013-09-24 02:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-24 02:02 - 2013-09-24 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-24 02:01 - 2013-09-24 02:01 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-24 01:59 - 2013-09-24 01:59 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-24 01:57 - 2013-09-24 01:57 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-23 19:27 - 2010-08-07 11:56 - 00000000 ___RD C:\Users\Felix\Desktop\Felix
2013-09-23 18:25 - 2013-09-23 02:06 - 00000000 ____D C:\FRST
2013-09-23 17:46 - 2011-09-10 13:54 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2013-09-23 17:22 - 2013-09-23 17:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 17:22 - 2013-09-23 16:49 - 00000000 ____D C:\ComboFix
2013-09-23 17:22 - 2013-09-23 16:48 - 00000000 ____D C:\Qoobox
2013-09-23 17:22 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-23 17:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-23 17:20 - 2011-05-12 20:50 - 00000000 ____D C:\Windows\ERDNT
2013-09-23 17:08 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 17:07 - 2009-07-14 04:03 - 99090432 _____ C:\Windows\system32\config\software.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 19660800 _____ C:\Windows\system32\config\system.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00069632 _____ C:\Windows\system32\config\sam.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-09-23 16:39 - 2013-09-23 16:37 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 16:31 - 2013-09-23 16:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 16:24 - 2013-09-23 16:23 - 00000000 ____D C:\AdwCleaner
2013-09-23 16:24 - 2010-05-30 10:01 - 00000000 ____D C:\ProgramData\ICQ
2013-09-23 16:22 - 2013-09-23 16:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 15:44 - 2013-09-23 15:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 02:33 - 2013-09-23 02:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 02:16 - 2013-09-23 02:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 02:05 - 2013-09-23 02:04 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 18:27 - 2012-02-23 20:45 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-22 18:27 - 2009-07-22 23:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-22 18:26 - 2010-08-26 00:58 - 00000000 ____D C:\Users\Felix\Documents\TrackMania
2013-09-22 18:15 - 2010-08-26 00:58 - 00000000 ____D C:\ProgramData\TrackMania
2013-09-22 12:31 - 2012-04-03 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-22 12:31 - 2011-06-10 23:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-20 13:04 - 2012-08-06 04:45 - 00000000 ____D C:\Program Files\Warkeys
2013-09-19 12:50 - 2013-04-12 18:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 09:39 - 2011-05-07 02:25 - 00001288 _____ C:\Users\Felix\Desktop\Opera.lnk
2013-09-19 09:12 - 2010-03-27 16:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 19:40 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\BleServicesCtrl.exe
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\blds.exe
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:41 - 2010-10-21 23:49 - 00000000 ____D C:\Windows\Minidump
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:04 - 2012-05-14 17:28 - 00000000 ____D C:\Program Files\Diablo III
2013-09-03 17:39 - 2013-01-27 13:25 - 00000000 ___RD C:\Program Files\Skype
2013-09-03 17:39 - 2010-05-30 08:26 - 00000000 ____D C:\ProgramData\Skype
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-09-01 16:57 - 2009-10-14 04:21 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-28 23:59 - 2012-12-09 00:14 - 00000458 __RSH C:\ProgramData\ntuser.pol
2013-08-28 15:23 - 2013-05-20 12:50 - 00000000 ____D C:\Program Files\Cisco
2013-08-28 15:23 - 2013-05-20 12:46 - 00000000 ____D C:\ProgramData\Cisco
2013-08-26 18:49 - 2013-08-26 18:33 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-26 18:41 - 2008-05-05 21:17 - 00000000 ____D C:\Spiele
2013-08-26 18:40 - 2010-08-30 02:18 - 00021840 ____T C:\Windows\system32\SIntfNT.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00017212 ____T C:\Windows\system32\SIntf32.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00012067 ____T C:\Windows\system32\SIntf16.dll
2013-08-26 18:33 - 2010-05-30 10:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2013-09-21 12:55

==================== End Of Log ============================

Gruß Felix

aharonov · 24.09.2013, 13:44

Hallo Felix,

mach bitte einen Neustart des Rechners und dann ein frisches FRST-Log:

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Lazy_Leroy · 24.09.2013, 13:55

Hallo Leo,

hier die neue FRST Logdatei:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by Felix (administrator) on SPIELEPC on 24-09-2013 14:51:51
Running from C:\Users\Felix\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Windows\system32\Drivers\BleServicesCtrl.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\system32\PnkBstrA.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC7BB2A689FFCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\searchplugins-backup
FF Extension: Battlefield Heroes Updater - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\plugin@videofiledownload.com
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF Extension: ciuvo-extension - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
R2 bthsrv; C:\Windows\system32\Drivers\BleServicesCtrl.exe [335872 2013-09-16] ()
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-12-19] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-07-19] (Cisco Systems, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-07-19] (Cisco Systems, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-26] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-10] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-09-25] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-08] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-26] ()
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [346192 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [46160 2011-09-15] (Native Instruments GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc.                           )
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [10848 2000-01-26] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-30] (Duplex Secure Ltd.)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-10] (Etron)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-07-19] (Cisco Systems, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Felix\AppData\Local\Temp\catchme.sys [x]
S3 DMSKSSRh; \??\C:\Users\Felix\AppData\Local\Temp\DMSKSSRh.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-08-13] (Kaspersky Lab)
S3 sony_ssm.sys; \??\C:\Users\Felix\AppData\Local\Temp\sony_ssm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 14:27 - 2013-09-24 14:28 - 00029848 _____ C:\Users\Felix\Desktop\Addition.txt
2013-09-24 14:25 - 2013-09-24 14:25 - 01088653 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-24 11:31 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-24 03:56 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-24 03:56 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-24 03:08 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-24 03:08 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-24 03:08 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-24 03:08 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-24 03:07 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-24 03:07 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-24 03:07 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-24 03:07 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-24 03:07 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-24 02:50 - 2013-09-24 02:53 - 00000000 ____D C:\Windows\system32\MRT
2013-09-24 02:02 - 2013-09-24 02:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-24 02:02 - 2013-09-24 02:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-24 02:02 - 2013-09-24 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-24 02:02 - 2013-09-24 02:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-24 02:02 - 2013-09-24 02:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-24 02:02 - 2013-09-24 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-24 02:01 - 2013-09-24 02:01 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-24 01:59 - 2013-09-24 01:59 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-24 01:57 - 2013-09-24 01:57 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-24 01:54 - 2013-09-24 02:47 - 00048389 _____ C:\Windows\IE10_main.log
2013-09-23 23:34 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-23 23:34 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-23 23:34 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-23 23:34 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-09-23 23:34 - 2012-08-22 19:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-23 23:34 - 2012-07-04 21:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-09-23 23:32 - 2013-04-12 15:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-23 23:31 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-23 23:31 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-23 23:28 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-23 23:23 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-23 23:22 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-09-23 23:21 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-23 23:21 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-23 23:21 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-23 23:21 - 2013-03-19 06:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-23 23:21 - 2013-03-19 06:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-23 23:21 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-09-23 23:21 - 2013-03-19 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-23 23:21 - 2012-08-21 22:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-09-23 23:20 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-23 23:20 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-23 23:20 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-23 23:09 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-23 23:09 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-23 23:09 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-23 23:08 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\system32\locale.nls
2013-09-23 23:08 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-09-23 23:08 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-09-23 23:08 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-23 23:07 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-23 23:07 - 2013-01-03 07:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-23 23:07 - 2012-08-22 19:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-23 23:05 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-23 23:04 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-23 23:04 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-23 23:01 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-23 23:01 - 2013-04-10 07:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-23 23:01 - 2013-04-10 07:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-23 23:00 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-09-23 23:00 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-09-23 23:00 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-09-23 22:59 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-23 19:54 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-23 19:54 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-23 19:54 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-23 19:54 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-23 19:54 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-23 19:52 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-09-23 19:52 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-23 19:51 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-23 19:51 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-23 19:51 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-23 19:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-23 18:07 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-23 18:07 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-23 18:06 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-23 18:06 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-23 18:06 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-23 17:22 - 2013-09-23 17:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 16:49 - 2013-09-23 17:22 - 00000000 ____D C:\ComboFix
2013-09-23 16:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-23 16:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-23 16:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-23 16:48 - 2013-09-23 17:22 - 00000000 ____D C:\Qoobox
2013-09-23 16:37 - 2013-09-23 16:39 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 16:31 - 2013-09-23 16:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 16:23 - 2013-09-23 16:24 - 00000000 ____D C:\AdwCleaner
2013-09-23 16:22 - 2013-09-23 16:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 15:44 - 2013-09-23 15:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 02:33 - 2013-09-23 02:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 02:16 - 2013-09-23 02:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 02:06 - 2013-09-23 18:25 - 00000000 ____D C:\FRST
2013-09-23 02:04 - 2013-09-23 02:05 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\BleServicesCtrl.exe
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\blds.exe
2013-09-14 18:15 - 2013-09-24 10:40 - 00017592 _____ C:\Windows\PFRO.log
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-30 12:31 - 2013-08-01 08:54 - 430133457 _____ C:\Users\Felix\Desktop\DSCN0648.MOV
2013-08-30 12:30 - 2013-08-01 11:32 - 72828534 _____ C:\Users\Felix\Desktop\DSCN0663.MOV
2013-08-26 18:49 - 2001-10-23 19:40 - 00019052 ____N C:\Windows\Liesmich.txt
2013-08-26 18:49 - 2001-10-22 16:46 - 00057344 ____N C:\Windows\Launcher.exe
2013-08-26 18:49 - 2001-10-22 14:59 - 00012340 ____N C:\Windows\EULA.txt
2013-08-26 18:49 - 2001-10-19 14:42 - 00000026 ____N C:\Windows\Launcher.ini
2013-08-26 18:33 - 2013-08-26 18:49 - 00000196 _____ C:\Windows\SIERRA.INI

==================== One Month Modified Files and Folders =======

2013-09-24 14:52 - 2012-09-16 22:11 - 00000000 ___RD C:\Users\Felix\Dropbox
2013-09-24 14:52 - 2012-09-16 22:04 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2013-09-24 14:52 - 2010-05-30 08:53 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Skype
2013-09-24 14:50 - 2012-09-25 16:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-24 14:49 - 2013-08-09 01:43 - 00004514 _____ C:\Windows\setupact.log
2013-09-24 14:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 14:45 - 2013-08-10 16:18 - 01263668 _____ C:\Windows\WindowsUpdate.log
2013-09-24 14:28 - 2013-09-24 14:27 - 00029848 _____ C:\Users\Felix\Desktop\Addition.txt
2013-09-24 14:25 - 2013-09-24 14:25 - 01088653 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-24 14:21 - 2010-10-04 00:49 - 00704260 _____ C:\Windows\system32\perfh013.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00702302 _____ C:\Windows\system32\perfh015.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00691606 _____ C:\Windows\system32\prfh0816.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00676264 _____ C:\Windows\system32\prfh0416.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00628960 _____ C:\Windows\system32\perfh01D.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00621616 _____ C:\Windows\system32\perfh01F.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00141260 _____ C:\Windows\system32\perfc015.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00139488 _____ C:\Windows\system32\prfc0816.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00138766 _____ C:\Windows\system32\perfc013.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00134040 _____ C:\Windows\system32\prfc0416.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00129170 _____ C:\Windows\system32\perfc01D.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00127408 _____ C:\Windows\system32\perfc01F.dat
2013-09-24 14:21 - 2010-10-03 03:24 - 00688088 _____ C:\Windows\system32\perfh019.dat
2013-09-24 14:21 - 2010-10-03 03:24 - 00138202 _____ C:\Windows\system32\perfc019.dat
2013-09-24 14:21 - 2010-10-03 03:14 - 00368066 _____ C:\Windows\system32\prfh0804.dat
2013-09-24 14:21 - 2010-10-03 03:14 - 00109180 _____ C:\Windows\system32\prfc0804.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00702298 _____ C:\Windows\system32\perfh010.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00407258 _____ C:\Windows\system32\perfh012.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00384368 _____ C:\Windows\system32\prfh0404.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00133098 _____ C:\Windows\system32\perfc010.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00109608 _____ C:\Windows\system32\perfc012.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00104266 _____ C:\Windows\system32\prfc0404.dat
2013-09-24 14:21 - 2010-10-02 08:05 - 00459844 _____ C:\Windows\system32\perfh014.dat
2013-09-24 14:21 - 2010-10-02 08:05 - 00082322 _____ C:\Windows\system32\perfc014.dat
2013-09-24 14:21 - 2010-05-30 02:35 - 00395950 _____ C:\Windows\system32\perfh011.dat
2013-09-24 14:21 - 2010-05-30 02:35 - 00111320 _____ C:\Windows\system32\perfc011.dat
2013-09-24 14:21 - 2009-11-10 20:44 - 16514046 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 14:20 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 14:20 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 14:14 - 2012-04-03 07:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 11:36 - 2011-11-11 18:27 - 00000000 ____D C:\Program Files\Steam
2013-09-24 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-24 10:54 - 2009-10-14 05:07 - 00000000 ____D C:\Windows\Panther
2013-09-24 10:54 - 2009-07-14 06:33 - 00442272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\uk-UA
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\th-TH
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sl-SI
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sk-SK
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ro-RO
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\lv-LV
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\lt-LT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hr-HR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\he-IL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\et-EE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\bg-BG
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ar-SA
2013-09-24 10:45 - 2010-10-05 23:59 - 00000000 ____D C:\Windows\system32\Drivers\el-GR
2013-09-24 10:45 - 2010-10-04 00:30 - 00000000 ____D C:\Windows\system32\Drivers\tr-TR
2013-09-24 10:45 - 2010-10-04 00:30 - 00000000 ____D C:\Windows\system32\Drivers\hu-HU
2013-09-24 10:45 - 2010-10-04 00:29 - 00000000 ____D C:\Windows\system32\Drivers\pt-PT
2013-09-24 10:45 - 2010-10-04 00:28 - 00000000 ____D C:\Windows\system32\Drivers\nl-NL
2013-09-24 10:45 - 2010-10-04 00:27 - 00000000 ____D C:\Windows\system32\Drivers\sv-SE
2013-09-24 10:45 - 2010-10-04 00:27 - 00000000 ____D C:\Windows\system32\Drivers\ar-SA
2013-09-24 10:45 - 2010-10-04 00:26 - 00000000 ____D C:\Windows\system32\Drivers\pl-PL
2013-09-24 10:45 - 2010-10-04 00:24 - 00000000 ____D C:\Windows\system32\Drivers\pt-BR
2013-09-24 10:45 - 2010-10-03 03:23 - 00000000 ____D C:\Windows\system32\Drivers\ru-RU
2013-09-24 10:45 - 2010-10-03 03:12 - 00000000 ____D C:\Windows\system32\Drivers\zh-CN
2013-09-24 10:45 - 2010-10-02 10:43 - 00000000 ____D C:\Windows\system32\Drivers\zh-TW
2013-09-24 10:45 - 2010-10-02 10:43 - 00000000 ____D C:\Windows\system32\Drivers\it-IT
2013-09-24 10:45 - 2010-10-02 10:42 - 00000000 ____D C:\Windows\system32\Drivers\ko-KR
2013-09-24 10:45 - 2010-10-02 10:42 - 00000000 ____D C:\Windows\system32\Drivers\fr-FR
2013-09-24 10:45 - 2010-10-02 10:40 - 00000000 ____D C:\Windows\system32\Drivers\fi-FI
2013-09-24 10:45 - 2010-10-02 08:05 - 00000000 ____D C:\Windows\system32\Drivers\nb-NO
2013-09-24 10:45 - 2010-05-30 02:34 - 00000000 ____D C:\Windows\system32\Drivers\ja-JP
2013-09-24 10:45 - 2010-05-30 02:30 - 00000000 ____D C:\Windows\system32\Drivers\he-IL
2013-09-24 10:45 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-24 10:45 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-24 10:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-24 10:44 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-24 10:40 - 2013-09-14 18:15 - 00017592 _____ C:\Windows\PFRO.log
2013-09-24 10:40 - 2011-11-09 01:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-24 03:45 - 2012-01-06 12:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-24 02:55 - 2009-07-14 04:04 - 00000502 _____ C:\Windows\win.ini
2013-09-24 02:53 - 2013-09-24 02:50 - 00000000 ____D C:\Windows\system32\MRT
2013-09-24 02:47 - 2013-09-24 01:54 - 00048389 _____ C:\Windows\IE10_main.log
2013-09-24 02:02 - 2013-09-24 02:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-24 02:02 - 2013-09-24 02:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-24 02:02 - 2013-09-24 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-24 02:02 - 2013-09-24 02:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-24 02:02 - 2013-09-24 02:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-24 02:02 - 2013-09-24 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-24 02:01 - 2013-09-24 02:01 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-24 01:59 - 2013-09-24 01:59 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-24 01:57 - 2013-09-24 01:57 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-23 19:27 - 2010-08-07 11:56 - 00000000 ___RD C:\Users\Felix\Desktop\Felix
2013-09-23 18:25 - 2013-09-23 02:06 - 00000000 ____D C:\FRST
2013-09-23 17:46 - 2011-09-10 13:54 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2013-09-23 17:22 - 2013-09-23 17:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 17:22 - 2013-09-23 16:49 - 00000000 ____D C:\ComboFix
2013-09-23 17:22 - 2013-09-23 16:48 - 00000000 ____D C:\Qoobox
2013-09-23 17:22 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-23 17:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-23 17:20 - 2011-05-12 20:50 - 00000000 ____D C:\Windows\ERDNT
2013-09-23 17:08 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 17:07 - 2009-07-14 04:03 - 99090432 _____ C:\Windows\system32\config\software.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 19660800 _____ C:\Windows\system32\config\system.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00069632 _____ C:\Windows\system32\config\sam.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-09-23 16:39 - 2013-09-23 16:37 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 16:31 - 2013-09-23 16:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 16:24 - 2013-09-23 16:23 - 00000000 ____D C:\AdwCleaner
2013-09-23 16:24 - 2010-05-30 10:01 - 00000000 ____D C:\ProgramData\ICQ
2013-09-23 16:22 - 2013-09-23 16:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 15:44 - 2013-09-23 15:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 02:33 - 2013-09-23 02:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 02:16 - 2013-09-23 02:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 02:05 - 2013-09-23 02:04 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 18:27 - 2012-02-23 20:45 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-22 18:27 - 2009-07-22 23:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-22 18:26 - 2010-08-26 00:58 - 00000000 ____D C:\Users\Felix\Documents\TrackMania
2013-09-22 18:15 - 2010-08-26 00:58 - 00000000 ____D C:\ProgramData\TrackMania
2013-09-22 12:31 - 2012-04-03 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-22 12:31 - 2011-06-10 23:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-20 13:04 - 2012-08-06 04:45 - 00000000 ____D C:\Program Files\Warkeys
2013-09-19 12:50 - 2013-04-12 18:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 09:39 - 2011-05-07 02:25 - 00001288 _____ C:\Users\Felix\Desktop\Opera.lnk
2013-09-19 09:12 - 2010-03-27 16:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 19:40 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\BleServicesCtrl.exe
2013-09-16 17:47 - 2013-09-16 17:47 - 00335872 _____ C:\Windows\system32\Drivers\blds.exe
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:41 - 2010-10-21 23:49 - 00000000 ____D C:\Windows\Minidump
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:04 - 2012-05-14 17:28 - 00000000 ____D C:\Program Files\Diablo III
2013-09-03 17:39 - 2013-01-27 13:25 - 00000000 ___RD C:\Program Files\Skype
2013-09-03 17:39 - 2010-05-30 08:26 - 00000000 ____D C:\ProgramData\Skype
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-09-01 16:57 - 2009-10-14 04:21 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-28 23:59 - 2012-12-09 00:14 - 00000458 __RSH C:\ProgramData\ntuser.pol
2013-08-28 15:23 - 2013-05-20 12:50 - 00000000 ____D C:\Program Files\Cisco
2013-08-28 15:23 - 2013-05-20 12:46 - 00000000 ____D C:\ProgramData\Cisco
2013-08-26 18:49 - 2013-08-26 18:33 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-26 18:41 - 2008-05-05 21:17 - 00000000 ____D C:\Spiele
2013-08-26 18:40 - 2010-08-30 02:18 - 00021840 ____T C:\Windows\system32\SIntfNT.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00017212 ____T C:\Windows\system32\SIntf32.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00012067 ____T C:\Windows\system32\SIntf16.dll
2013-08-26 18:33 - 2010-05-30 10:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2013-09-21 12:55

==================== End Of Log ============================

Gruß Felix

aharonov · 24.09.2013, 14:18

ok.

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Lazy_Leroy · 24.09.2013, 15:03

Hallo Leo,

Hier die TDSS Killer Logdatei:

Code:

ATTFilter

15:55:50.0645 4404  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:55:51.0702 4404  ============================================================
15:55:51.0702 4404  Current date / time: 2013/09/24 15:55:51.0702
15:55:51.0702 4404  SystemInfo:
15:55:51.0702 4404  
15:55:51.0702 4404  OS Version: 6.1.7601 ServicePack: 1.0
15:55:51.0702 4404  Product type: Workstation
15:55:51.0702 4404  ComputerName: SPIELEPC
15:55:51.0702 4404  UserName: Felix
15:55:51.0702 4404  Windows directory: C:\Windows
15:55:51.0702 4404  System windows directory: C:\Windows
15:55:51.0702 4404  Processor architecture: Intel x86
15:55:51.0702 4404  Number of processors: 2
15:55:51.0702 4404  Page size: 0x1000
15:55:51.0702 4404  Boot type: Normal boot
15:55:51.0702 4404  ============================================================
15:55:53.0332 4404  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:55:53.0367 4404  Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:55:53.0370 4404  ============================================================
15:55:53.0370 4404  \Device\Harddisk0\DR0:
15:55:53.0370 4404  MBR partitions:
15:55:53.0370 4404  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x39CCEE0B
15:55:53.0370 4404  \Device\Harddisk1\DR1:
15:55:53.0370 4404  MBR partitions:
15:55:53.0370 4404  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0
15:55:53.0370 4404  ============================================================
15:55:53.0437 4404  C: <-> \Device\Harddisk0\DR0\Partition1
15:55:53.0437 4404  ============================================================
15:55:53.0437 4404  Initialize success
15:55:53.0437 4404  ============================================================
15:56:28.0919 4492  ============================================================
15:56:28.0919 4492  Scan started
15:56:28.0919 4492  Mode: Manual; SigCheck; TDLFS; 
15:56:28.0919 4492  ============================================================
15:56:29.0322 4492  ================ Scan system memory ========================
15:56:29.0322 4492  System memory - ok
15:56:29.0322 4492  ================ Scan services =============================
15:56:29.0502 4492  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:56:29.0644 4492  1394ohci - ok
15:56:29.0724 4492  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:56:29.0744 4492  ACPI - ok
15:56:29.0814 4492  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:56:29.0904 4492  AcpiPmi - ok
15:56:30.0014 4492  [ 9BC0D1B4D9CCEC2DC9F010E466738A38 ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
15:56:30.0077 4492  acsock - ok
15:56:30.0199 4492  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:30.0209 4492  AdobeARMservice - ok
15:56:30.0392 4492  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:56:30.0422 4492  adp94xx - ok
15:56:30.0474 4492  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:56:30.0494 4492  adpahci - ok
15:56:30.0514 4492  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:56:30.0524 4492  adpu320 - ok
15:56:30.0554 4492  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:56:30.0694 4492  AeLookupSvc - ok
15:56:30.0806 4492  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:56:30.0876 4492  AFD - ok
15:56:30.0951 4492  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:56:30.0981 4492  agp440 - ok
15:56:31.0051 4492  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:56:31.0071 4492  aic78xx - ok
15:56:31.0134 4492  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:56:31.0214 4492  ALG - ok
15:56:31.0254 4492  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:56:31.0264 4492  aliide - ok
15:56:31.0364 4492  [ 0DB03D8F29420B2B6716436A28E79C68 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:56:31.0456 4492  AMD External Events Utility - ok
15:56:31.0496 4492  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:56:31.0559 4492  amdagp - ok
15:56:31.0604 4492  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:56:31.0614 4492  amdide - ok
15:56:31.0686 4492  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:56:31.0736 4492  AmdK8 - ok
15:56:31.0904 4492  [ 8FD111119BE6924B1B8C3976FAC1B535 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:56:32.0128 4492  amdkmdag - ok
15:56:32.0188 4492  [ C9B705FF53B15DD71F6A4D4F45396EDD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:56:32.0248 4492  amdkmdap - ok
15:56:32.0290 4492  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:56:32.0330 4492  AmdPPM - ok
15:56:32.0440 4492  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:56:32.0450 4492  amdsata - ok
15:56:32.0520 4492  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:56:32.0540 4492  amdsbs - ok
15:56:32.0560 4492  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:56:32.0570 4492  amdxata - ok
15:56:32.0648 4492  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:56:32.0708 4492  AppID - ok
15:56:32.0778 4492  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:56:32.0838 4492  AppIDSvc - ok
15:56:32.0928 4492  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
15:56:33.0018 4492  Appinfo - ok
15:56:33.0100 4492  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:56:33.0153 4492  AppMgmt - ok
15:56:33.0183 4492  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:56:33.0193 4492  arc - ok
15:56:33.0213 4492  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:56:33.0243 4492  arcsas - ok
15:56:33.0385 4492  [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:56:33.0418 4492  aspnet_state - ok
15:56:33.0478 4492  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:33.0610 4492  AsyncMac - ok
15:56:33.0625 4492  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:56:33.0645 4492  atapi - ok
15:56:33.0738 4492  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
15:56:33.0763 4492  atksgt - ok
15:56:33.0858 4492  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:33.0930 4492  AudioEndpointBuilder - ok
15:56:33.0960 4492  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:56:34.0000 4492  Audiosrv - ok
15:56:34.0137 4492  [ F1CA8ED683D6945EFDC4492AB60B1460 ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
15:56:34.0150 4492  AVP - ok
15:56:34.0230 4492  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:56:34.0320 4492  AxInstSV - ok
15:56:34.0470 4492  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:56:34.0522 4492  b06bdrv - ok
15:56:34.0602 4492  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:56:34.0647 4492  b57nd60x - ok
15:56:34.0862 4492  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
15:56:34.0982 4492  BCM43XX - ok
15:56:35.0052 4492  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:56:35.0122 4492  BDESVC - ok
15:56:35.0132 4492  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:56:35.0194 4492  Beep - ok
15:56:35.0284 4492  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:56:35.0347 4492  BFE - ok
15:56:35.0391 4492  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
15:56:35.0467 4492  BITS - ok
15:56:35.0492 4492  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:56:35.0544 4492  blbdrive - ok
15:56:35.0624 4492  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:56:35.0689 4492  bowser - ok
15:56:35.0699 4492  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:56:35.0744 4492  BrFiltLo - ok
15:56:35.0774 4492  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:56:35.0812 4492  BrFiltUp - ok
15:56:35.0887 4492  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:56:35.0947 4492  BridgeMP - ok
15:56:35.0982 4492  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:56:36.0072 4492  Browser - ok
15:56:36.0099 4492  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:56:36.0152 4492  Brserid - ok
15:56:36.0182 4492  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:36.0227 4492  BrSerWdm - ok
15:56:36.0262 4492  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:36.0312 4492  BrUsbMdm - ok
15:56:36.0339 4492  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:36.0384 4492  BrUsbSer - ok
15:56:36.0414 4492  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:56:36.0434 4492  BTHMODEM - ok
15:56:36.0527 4492  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:56:36.0624 4492  bthserv - ok
15:56:36.0777 4492  [ BF6054D16BBCE96159F8CBBDE8EA80B3 ] bthsrv          C:\Windows\system32\Drivers\BleServicesCtrl.exe
15:56:36.0974 4492  bthsrv ( UnsignedFile.Multi.Generic ) - warning
15:56:36.0974 4492  bthsrv - detected UnsignedFile.Multi.Generic (1)
15:56:37.0102 4492  catchme - ok
15:56:37.0169 4492  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:56:37.0227 4492  cdfs - ok
15:56:37.0362 4492  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:56:37.0412 4492  cdrom - ok
15:56:37.0484 4492  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:56:37.0547 4492  CertPropSvc - ok
15:56:37.0609 4492  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:56:37.0664 4492  circlass - ok
15:56:37.0713 4492  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:56:37.0729 4492  CLFS - ok
15:56:37.0814 4492  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:37.0826 4492  clr_optimization_v2.0.50727_32 - ok
15:56:37.0939 4492  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:37.0951 4492  clr_optimization_v4.0.30319_32 - ok
15:56:37.0966 4492  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:38.0019 4492  CmBatt - ok
15:56:38.0059 4492  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:56:38.0071 4492  cmdide - ok
15:56:38.0104 4492  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:56:38.0141 4492  CNG - ok
15:56:38.0204 4492  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:56:38.0221 4492  Compbatt - ok
15:56:38.0254 4492  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:56:38.0301 4492  CompositeBus - ok
15:56:38.0329 4492  COMSysApp - ok
15:56:38.0364 4492  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:56:38.0379 4492  crcdisk - ok
15:56:38.0464 4492  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:56:38.0526 4492  CryptSvc - ok
15:56:38.0579 4492  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
15:56:38.0659 4492  CSC - ok
15:56:38.0686 4492  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
15:56:38.0746 4492  CscService - ok
15:56:38.0776 4492  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:56:38.0846 4492  DcomLaunch - ok
15:56:38.0906 4492  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:56:38.0986 4492  defragsvc - ok
15:56:39.0059 4492  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:56:39.0139 4492  DfsC - ok
15:56:39.0209 4492  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:56:39.0291 4492  Dhcp - ok
15:56:39.0321 4492  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:56:39.0381 4492  discache - ok
15:56:39.0451 4492  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:56:39.0461 4492  Disk - ok
15:56:39.0524 4492  DMSKSSRh - ok
15:56:39.0571 4492  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:56:39.0646 4492  Dnscache - ok
15:56:39.0676 4492  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:56:39.0739 4492  dot3svc - ok
15:56:39.0779 4492  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:56:39.0841 4492  DPS - ok
15:56:39.0911 4492  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:56:39.0961 4492  drmkaud - ok
15:56:40.0061 4492  [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:56:40.0084 4492  dtsoftbus01 - ok
15:56:40.0144 4492  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:56:40.0241 4492  DXGKrnl - ok
15:56:40.0321 4492  [ CF0A6015F437161698C5B2A0A12CF052 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
15:56:40.0371 4492  e1express - ok
15:56:40.0429 4492  [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:56:40.0469 4492  E1G60 - ok
15:56:40.0519 4492  EagleXNt - ok
15:56:40.0564 4492  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:56:40.0634 4492  EapHost - ok
15:56:40.0749 4492  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:56:40.0859 4492  ebdrv - ok
15:56:40.0899 4492  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:56:40.0979 4492  EFS - ok
15:56:41.0039 4492  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:56:41.0129 4492  ehRecvr - ok
15:56:41.0149 4492  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
15:56:41.0189 4492  ehSched - ok
15:56:41.0232 4492  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:56:41.0252 4492  elxstor - ok
15:56:41.0284 4492  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:56:41.0334 4492  ErrDev - ok
15:56:41.0417 4492  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:56:41.0489 4492  EventSystem - ok
15:56:41.0519 4492  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:56:41.0561 4492  exfat - ok
15:56:41.0604 4492  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:56:41.0674 4492  fastfat - ok
15:56:41.0746 4492  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:56:41.0826 4492  Fax - ok
15:56:41.0856 4492  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:56:41.0896 4492  fdc - ok
15:56:41.0926 4492  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:56:41.0956 4492  fdPHost - ok
15:56:41.0986 4492  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:56:42.0101 4492  FDResPub - ok
15:56:42.0131 4492  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:56:42.0171 4492  FileInfo - ok
15:56:42.0264 4492  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:56:42.0369 4492  Filetrace - ok
15:56:42.0399 4492  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:56:42.0451 4492  flpydisk - ok
15:56:42.0531 4492  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:56:42.0571 4492  FltMgr - ok
15:56:42.0691 4492  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
15:56:42.0773 4492  FontCache - ok
15:56:42.0846 4492  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:56:42.0856 4492  FontCache3.0.0.0 - ok
15:56:42.0873 4492  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:56:42.0886 4492  FsDepends - ok
15:56:42.0906 4492  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:56:42.0916 4492  Fs_Rec - ok
15:56:43.0008 4492  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:56:43.0028 4492  fvevol - ok
15:56:43.0093 4492  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:56:43.0113 4492  gagp30kx - ok
15:56:43.0216 4492  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:56:43.0283 4492  gpsvc - ok
15:56:43.0357 4492  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:56:43.0378 4492  hamachi - ok
15:56:43.0392 4492  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:56:43.0453 4492  hcw85cir - ok
15:56:43.0541 4492  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:56:43.0593 4492  HdAudAddService - ok
15:56:43.0636 4492  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:56:43.0683 4492  HDAudBus - ok
15:56:43.0711 4492  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:56:43.0758 4492  HidBatt - ok
15:56:43.0791 4492  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:56:43.0841 4492  HidBth - ok
15:56:43.0893 4492  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:56:43.0936 4492  HidIr - ok
15:56:43.0986 4492  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
15:56:44.0036 4492  hidserv - ok
15:56:44.0106 4492  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:56:44.0163 4492  HidUsb - ok
15:56:44.0206 4492  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:56:44.0276 4492  hkmsvc - ok
15:56:44.0313 4492  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:56:44.0391 4492  HomeGroupListener - ok
15:56:44.0416 4492  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:56:44.0461 4492  HomeGroupProvider - ok
15:56:44.0523 4492  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:56:44.0533 4492  HpSAMD - ok
15:56:44.0621 4492  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:56:44.0651 4492  HTTP - ok
15:56:44.0681 4492  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:56:44.0691 4492  hwpolicy - ok
15:56:44.0776 4492  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:56:44.0826 4492  i8042prt - ok
15:56:44.0953 4492  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:56:44.0986 4492  iaStorV - ok
15:56:45.0188 4492  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:56:45.0228 4492  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:56:45.0228 4492  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:56:45.0308 4492  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:56:45.0361 4492  idsvc - ok
15:56:45.0391 4492  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:56:45.0401 4492  iirsp - ok
15:56:45.0431 4492  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:56:45.0508 4492  IKEEXT - ok
15:56:45.0578 4492  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:56:45.0596 4492  intelide - ok
15:56:45.0658 4492  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:56:45.0698 4492  intelppm - ok
15:56:45.0761 4492  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:56:45.0826 4492  IPBusEnum - ok
15:56:45.0853 4492  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:45.0908 4492  IpFilterDriver - ok
15:56:46.0031 4492  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:56:46.0105 4492  iphlpsvc - ok
15:56:46.0140 4492  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:56:46.0210 4492  IPMIDRV - ok
15:56:46.0238 4492  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:56:46.0305 4492  IPNAT - ok
15:56:46.0333 4492  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:56:46.0383 4492  IRENUM - ok
15:56:46.0428 4492  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:56:46.0445 4492  isapnp - ok
15:56:46.0473 4492  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:56:46.0488 4492  iScsiPrt - ok
15:56:46.0570 4492  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:46.0588 4492  kbdclass - ok
15:56:46.0658 4492  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:56:46.0700 4492  kbdhid - ok
15:56:46.0733 4492  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:56:46.0743 4492  KeyIso - ok
15:56:46.0855 4492  [ EA26CB00F83686856F2C79673C00C686 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
15:56:46.0870 4492  kl1 - ok
15:56:47.0058 4492  [ 998F34684E8CA8ADCCAEB9FA1A95832D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
15:56:47.0090 4492  KLIF - ok
15:56:47.0188 4492  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
15:56:47.0203 4492  KLIM6 - ok
15:56:47.0298 4492  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
15:56:47.0313 4492  klkbdflt - ok
15:56:47.0410 4492  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
15:56:47.0423 4492  klmouflt - ok
15:56:47.0490 4492  [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
15:56:47.0505 4492  kltdi - ok
15:56:47.0553 4492  [ 71A38C123600172511C26BFABD0EF579 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
15:56:47.0570 4492  kneps - ok
15:56:47.0608 4492  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:56:47.0625 4492  KSecDD - ok
15:56:47.0650 4492  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:56:47.0668 4492  KSecPkg - ok
15:56:47.0698 4492  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:56:47.0763 4492  KtmRm - ok
15:56:47.0828 4492  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:56:47.0888 4492  LanmanServer - ok
15:56:47.0965 4492  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:56:48.0023 4492  LanmanWorkstation - ok
15:56:48.0130 4492  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
15:56:48.0145 4492  lirsgt - ok
15:56:48.0245 4492  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:56:48.0313 4492  lltdio - ok
15:56:48.0360 4492  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:56:48.0418 4492  lltdsvc - ok
15:56:48.0445 4492  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:56:48.0500 4492  lmhosts - ok
15:56:48.0555 4492  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:56:48.0573 4492  LSI_FC - ok
15:56:48.0593 4492  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:56:48.0608 4492  LSI_SAS - ok
15:56:48.0653 4492  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:56:48.0673 4492  LSI_SAS2 - ok
15:56:48.0690 4492  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:56:48.0700 4492  LSI_SCSI - ok
15:56:48.0720 4492  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:56:48.0783 4492  luafv - ok
15:56:48.0818 4492  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:56:48.0858 4492  Mcx2Svc - ok
15:56:48.0888 4492  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:56:48.0898 4492  megasas - ok
15:56:48.0928 4492  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:56:48.0938 4492  MegaSR - ok
15:56:49.0030 4492  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:56:49.0040 4492  Microsoft Office Groove Audit Service - ok
15:56:49.0070 4492  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:56:49.0123 4492  MMCSS - ok
15:56:49.0193 4492  [ A42C452CFFB03FC24C7A1B0F754033B4 ] mmxavs          C:\Windows\system32\Drivers\mmxavs.sys
15:56:49.0213 4492  mmxavs - ok
15:56:49.0293 4492  [ E764E648D35843F159FE2404D4A5C25C ] mmxusb_svc      C:\Windows\system32\Drivers\mmxusb.sys
15:56:49.0305 4492  mmxusb_svc - ok
15:56:49.0355 4492  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:56:49.0415 4492  Modem - ok
15:56:49.0505 4492  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:56:49.0548 4492  monitor - ok
15:56:49.0650 4492  [ A77205D70D14D153342D357DE5A4E770 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
15:56:49.0670 4492  MotioninJoyXFilter - ok
15:56:49.0750 4492  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:56:49.0760 4492  mouclass - ok
15:56:49.0803 4492  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:56:49.0838 4492  mouhid - ok
15:56:49.0908 4492  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:56:49.0950 4492  mountmgr - ok
15:56:50.0080 4492  [ EC14E147A5D23EF65989790F40FA6E61 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:56:50.0140 4492  MozillaMaintenance - ok
15:56:50.0190 4492  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:56:50.0233 4492  mpio - ok
15:56:50.0285 4492  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:56:50.0340 4492  mpsdrv - ok
15:56:50.0430 4492  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:56:50.0510 4492  MpsSvc - ok
15:56:50.0550 4492  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:56:50.0593 4492  MRxDAV - ok
15:56:50.0653 4492  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:50.0733 4492  mrxsmb - ok
15:56:50.0763 4492  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:50.0818 4492  mrxsmb10 - ok
15:56:50.0848 4492  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:50.0878 4492  mrxsmb20 - ok
15:56:50.0928 4492  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:56:50.0948 4492  msahci - ok
15:56:50.0998 4492  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:56:51.0018 4492  msdsm - ok
15:56:51.0043 4492  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:56:51.0103 4492  MSDTC - ok
15:56:51.0133 4492  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:56:51.0186 4492  Msfs - ok
15:56:51.0215 4492  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:56:51.0255 4492  mshidkmdf - ok
15:56:51.0285 4492  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:56:51.0305 4492  msisadrv - ok
15:56:51.0380 4492  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:56:51.0435 4492  MSiSCSI - ok
15:56:51.0435 4492  msiserver - ok
15:56:51.0497 4492  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:56:51.0562 4492  MSKSSRV - ok
15:56:51.0612 4492  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:51.0682 4492  MSPCLOCK - ok
15:56:51.0682 4492  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:56:51.0712 4492  MSPQM - ok
15:56:51.0742 4492  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:56:51.0762 4492  MsRPC - ok
15:56:51.0772 4492  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:56:51.0790 4492  mssmbios - ok
15:56:51.0800 4492  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:56:51.0820 4492  MSTEE - ok
15:56:51.0840 4492  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:56:51.0870 4492  MTConfig - ok
15:56:51.0900 4492  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:56:51.0920 4492  Mup - ok
15:56:51.0950 4492  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:56:52.0010 4492  napagent - ok
15:56:52.0070 4492  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:56:52.0132 4492  NativeWifiP - ok
15:56:52.0202 4492  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:56:52.0242 4492  NDIS - ok
15:56:52.0322 4492  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:56:52.0375 4492  NdisCap - ok
15:56:52.0435 4492  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:52.0537 4492  NdisTapi - ok
15:56:52.0617 4492  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:52.0732 4492  Ndisuio - ok
15:56:52.0847 4492  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:52.0917 4492  NdisWan - ok
15:56:52.0967 4492  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:56:53.0027 4492  NDProxy - ok
15:56:53.0087 4492  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:56:53.0137 4492  NetBIOS - ok
15:56:53.0177 4492  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:56:53.0227 4492  NetBT - ok
15:56:53.0257 4492  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:56:53.0277 4492  Netlogon - ok
15:56:53.0360 4492  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:56:53.0420 4492  Netman - ok
15:56:53.0460 4492  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:56:53.0520 4492  netprofm - ok
15:56:53.0632 4492  [ 76B1157EF850830C5ECE61D3E591CA8B ] netr73          C:\Windows\system32\DRIVERS\netr73.sys
15:56:53.0692 4492  netr73 - ok
15:56:53.0742 4492  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:56:53.0762 4492  NetTcpPortSharing - ok
15:56:53.0822 4492  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:56:53.0832 4492  nfrd960 - ok
15:56:54.0147 4492  [ FEB33E85DA105767265C89F97201135F ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
15:56:54.0272 4492  NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
15:56:54.0272 4492  NIHardwareService - detected UnsignedFile.Multi.Generic (1)
15:56:54.0335 4492  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:56:54.0375 4492  NlaSvc - ok
15:56:54.0475 4492  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\Windows\system32\drivers\npf.sys
15:56:54.0495 4492  NPF - ok
15:56:54.0505 4492  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:56:54.0575 4492  Npfs - ok
15:56:54.0615 4492  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:56:54.0645 4492  nsi - ok
15:56:54.0655 4492  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:56:54.0705 4492  nsiproxy - ok
15:56:54.0765 4492  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:56:54.0820 4492  Ntfs - ok
15:56:54.0840 4492  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:56:54.0890 4492  Null - ok
15:56:55.0208 4492  [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:56:55.0519 4492  nvlddmkm - ok
15:56:55.0569 4492  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:56:55.0581 4492  nvraid - ok
15:56:55.0604 4492  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:56:55.0619 4492  nvstor - ok
15:56:55.0701 4492  [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:56:55.0714 4492  nvsvc - ok
15:56:55.0746 4492  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:56:55.0759 4492  nv_agp - ok
15:56:55.0814 4492  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:56:55.0824 4492  odserv - ok
15:56:55.0861 4492  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:56:55.0906 4492  ohci1394 - ok
15:56:55.0994 4492  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:56.0011 4492  ose - ok
15:56:56.0106 4492  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:56:56.0174 4492  p2pimsvc - ok
15:56:56.0214 4492  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:56:56.0264 4492  p2psvc - ok
15:56:56.0329 4492  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:56:56.0371 4492  Parport - ok
15:56:56.0409 4492  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:56:56.0426 4492  partmgr - ok
15:56:56.0441 4492  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:56:56.0489 4492  Parvdm - ok
15:56:56.0524 4492  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:56:56.0589 4492  PcaSvc - ok
15:56:56.0639 4492  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:56:56.0674 4492  pci - ok
15:56:56.0704 4492  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:56:56.0721 4492  pciide - ok
15:56:56.0739 4492  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:56:56.0754 4492  pcmcia - ok
15:56:56.0761 4492  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:56:56.0776 4492  pcw - ok
15:56:56.0854 4492  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:56:56.0926 4492  PEAUTH - ok
15:56:56.0969 4492  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:56:57.0059 4492  PeerDistSvc - ok
15:56:57.0119 4492  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:56:57.0209 4492  pla - ok
15:56:57.0279 4492  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:56:57.0349 4492  PlugPlay - ok
15:56:57.0464 4492  [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
15:56:57.0481 4492  PnkBstrA - ok
15:56:57.0509 4492  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:56:57.0546 4492  PNRPAutoReg - ok
15:56:57.0583 4492  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:56:57.0598 4492  PNRPsvc - ok
15:56:57.0618 4492  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:56:57.0678 4492  PolicyAgent - ok
15:56:57.0718 4492  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:56:57.0778 4492  Power - ok
15:56:57.0851 4492  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:56:57.0938 4492  PptpMiniport - ok
15:56:57.0996 4492  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:56:58.0063 4492  Processor - ok
15:56:58.0231 4492  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:56:58.0336 4492  ProfSvc - ok
15:56:58.0351 4492  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:56:58.0366 4492  ProtectedStorage - ok
15:56:58.0433 4492  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:56:58.0488 4492  Psched - ok
15:56:58.0538 4492  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:56:58.0598 4492  ql2300 - ok
15:56:58.0618 4492  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:56:58.0638 4492  ql40xx - ok
15:56:58.0658 4492  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:56:58.0711 4492  QWAVE - ok
15:56:58.0741 4492  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:56:58.0791 4492  QWAVEdrv - ok
15:56:58.0821 4492  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:56:58.0876 4492  RasAcd - ok
15:56:58.0946 4492  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:56:58.0996 4492  RasAgileVpn - ok
15:56:59.0026 4492  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:56:59.0086 4492  RasAuto - ok
15:56:59.0116 4492  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:59.0176 4492  Rasl2tp - ok
15:56:59.0278 4492  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:56:59.0328 4492  RasMan - ok
15:56:59.0402 4492  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:59.0458 4492  RasPppoe - ok
15:56:59.0518 4492  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:56:59.0581 4492  RasSstp - ok
15:56:59.0623 4492  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:56:59.0686 4492  rdbss - ok
15:56:59.0706 4492  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:56:59.0756 4492  rdpbus - ok
15:56:59.0796 4492  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:59.0846 4492  RDPCDD - ok
15:56:59.0896 4492  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:56:59.0956 4492  RDPDR - ok
15:57:00.0026 4492  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:57:00.0078 4492  RDPENCDD - ok
15:57:00.0108 4492  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:57:00.0168 4492  RDPREFMP - ok
15:57:00.0318 4492  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:57:00.0391 4492  RdpVideoMiniport - ok
15:57:00.0441 4492  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:57:00.0541 4492  RDPWD - ok
15:57:00.0641 4492  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:57:00.0661 4492  rdyboost - ok
15:57:00.0701 4492  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:57:00.0761 4492  RemoteAccess - ok
15:57:00.0813 4492  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:57:00.0883 4492  RemoteRegistry - ok
15:57:00.0986 4492  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
15:57:01.0016 4492  rpcapd - ok
15:57:01.0078 4492  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:57:01.0138 4492  RpcEptMapper - ok
15:57:01.0178 4492  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:57:01.0221 4492  RpcLocator - ok
15:57:01.0261 4492  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\System32\rpcss.dll
15:57:01.0301 4492  RpcSs - ok
15:57:01.0341 4492  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:57:01.0401 4492  rspndr - ok
15:57:01.0481 4492  [ B6B3C4259D514F10B458CA6C2E50BC2E ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys
15:57:01.0543 4492  RTL8187B - ok
15:57:01.0573 4492  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:57:01.0643 4492  s3cap - ok
15:57:01.0653 4492  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:57:01.0673 4492  SamSs - ok
15:57:01.0736 4492  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:57:01.0748 4492  sbp2port - ok
15:57:01.0778 4492  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:57:01.0851 4492  SCardSvr - ok
15:57:01.0883 4492  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:57:01.0956 4492  scfilter - ok
15:57:02.0006 4492  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:57:02.0071 4492  Schedule - ok
15:57:02.0121 4492  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:57:02.0151 4492  SCPolicySvc - ok
15:57:02.0181 4492  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:57:02.0251 4492  SDRSVC - ok
15:57:02.0358 4492  [ ACFF056CE19A32CB074EB6FD0FEEEC5A ] Secdrv          C:\Windows\system32\drivers\SECDRV.SYS
15:57:02.0378 4492  Secdrv ( UnsignedFile.Multi.Generic ) - warning
15:57:02.0378 4492  Secdrv - detected UnsignedFile.Multi.Generic (1)
15:57:02.0418 4492  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:57:02.0493 4492  seclogon - ok
15:57:02.0573 4492  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
15:57:02.0626 4492  SENS - ok
15:57:02.0646 4492  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:57:02.0708 4492  SensrSvc - ok
15:57:02.0778 4492  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:57:02.0818 4492  Serenum - ok
15:57:02.0848 4492  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:57:02.0868 4492  Serial - ok
15:57:02.0878 4492  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:57:02.0908 4492  sermouse - ok
15:57:02.0961 4492  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:57:03.0036 4492  SessionEnv - ok
15:57:03.0073 4492  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:57:03.0103 4492  sffdisk - ok
15:57:03.0133 4492  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:57:03.0186 4492  sffp_mmc - ok
15:57:03.0208 4492  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:57:03.0228 4492  sffp_sd - ok
15:57:03.0248 4492  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:57:03.0268 4492  sfloppy - ok
15:57:03.0371 4492  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:57:03.0466 4492  SharedAccess - ok
15:57:03.0571 4492  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:57:03.0641 4492  ShellHWDetection - ok
15:57:03.0668 4492  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:57:03.0693 4492  sisagp - ok
15:57:03.0763 4492  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:57:03.0773 4492  SiSRaid2 - ok
15:57:03.0783 4492  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:57:03.0803 4492  SiSRaid4 - ok
15:57:03.0913 4492  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:57:03.0923 4492  SkypeUpdate - ok
15:57:03.0998 4492  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:57:04.0051 4492  Smb - ok
15:57:04.0098 4492  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:57:04.0146 4492  SNMPTRAP - ok
15:57:04.0263 4492  sony_ssm.sys - ok
15:57:04.0273 4492  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:57:04.0293 4492  spldr - ok
15:57:04.0381 4492  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:57:04.0458 4492  Spooler - ok
15:57:04.0571 4492  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:57:04.0715 4492  sppsvc - ok
15:57:04.0750 4492  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:57:04.0800 4492  sppuinotify - ok
15:57:04.0883 4492  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\System32\Drivers\sptd.sys
15:57:04.0915 4492  sptd - ok
15:57:04.0953 4492  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:57:05.0023 4492  srv - ok
15:57:05.0043 4492  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:57:05.0090 4492  srv2 - ok
15:57:05.0120 4492  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:57:05.0170 4492  srvnet - ok
15:57:05.0208 4492  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:57:05.0263 4492  SSDPSRV - ok
15:57:05.0280 4492  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:57:05.0375 4492  SstpSvc - ok
15:57:05.0487 4492  Steam Client Service - ok
15:57:05.0570 4492  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:57:05.0590 4492  stexstor - ok
15:57:05.0685 4492  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:57:05.0730 4492  StillCam - ok
15:57:05.0812 4492  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:57:05.0892 4492  StiSvc - ok
15:57:05.0955 4492  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:57:05.0967 4492  storflt - ok
15:57:05.0995 4492  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:57:06.0007 4492  storvsc - ok
15:57:06.0022 4492  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:57:06.0040 4492  swenum - ok
15:57:06.0057 4492  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:57:06.0115 4492  swprv - ok
15:57:06.0142 4492  Synth3dVsc - ok
15:57:06.0210 4492  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:57:06.0292 4492  SysMain - ok
15:57:06.0330 4492  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:57:06.0437 4492  TabletInputService - ok
15:57:06.0542 4492  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:57:06.0596 4492  TapiSrv - ok
15:57:06.0620 4492  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:57:06.0672 4492  TBS - ok
15:57:06.0776 4492  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:57:06.0831 4492  Tcpip - ok
15:57:06.0859 4492  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:57:06.0884 4492  TCPIP6 - ok
15:57:06.0949 4492  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:57:06.0986 4492  tcpipreg - ok
15:57:07.0028 4492  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:57:07.0103 4492  TDPIPE - ok
15:57:07.0136 4492  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:57:07.0176 4492  TDTCP - ok
15:57:07.0218 4492  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:57:07.0241 4492  tdx - ok
15:57:07.0248 4492  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:57:07.0259 4492  TermDD - ok
15:57:07.0293 4492  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:57:07.0368 4492  TermService - ok
15:57:07.0402 4492  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:57:07.0440 4492  Themes - ok
15:57:07.0470 4492  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:57:07.0503 4492  THREADORDER - ok
15:57:07.0568 4492  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:57:07.0623 4492  TrkWks - ok
15:57:07.0710 4492  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:57:07.0758 4492  TrustedInstaller - ok
15:57:07.0795 4492  [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:07.0863 4492  tssecsrv - ok
15:57:07.0890 4492  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:57:07.0953 4492  TsUsbFlt - ok
15:57:07.0963 4492  tsusbhub - ok
15:57:08.0048 4492  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:57:08.0070 4492  tunnel - ok
15:57:08.0078 4492  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:57:08.0098 4492  uagp35 - ok
15:57:08.0128 4492  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:57:08.0173 4492  udfs - ok
15:57:08.0208 4492  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:57:08.0245 4492  UI0Detect - ok
15:57:08.0340 4492  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:57:08.0353 4492  uliagpkx - ok
15:57:08.0375 4492  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
15:57:08.0413 4492  umbus - ok
15:57:08.0443 4492  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:57:08.0493 4492  UmPass - ok
15:57:08.0535 4492  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:57:08.0575 4492  UmRdpService - ok
15:57:08.0635 4492  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:57:08.0695 4492  upnphost - ok
15:57:08.0755 4492  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:57:08.0848 4492  usbccgp - ok
15:57:08.0930 4492  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:57:08.0980 4492  usbcir - ok
15:57:09.0063 4492  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:57:09.0095 4492  usbehci - ok
15:57:09.0338 4492  [ DAAB7FBF35275BC6C33BDF20BF1D15E5 ] USBET           C:\Windows\system32\DRIVERS\ETdrv.sys
15:57:09.0503 4492  USBET - ok
15:57:09.0573 4492  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:57:09.0620 4492  usbhub - ok
15:57:09.0665 4492  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:57:09.0712 4492  usbohci - ok
15:57:09.0748 4492  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:57:09.0808 4492  usbprint - ok
15:57:09.0850 4492  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:09.0910 4492  USBSTOR - ok
15:57:09.0930 4492  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:57:09.0960 4492  usbuhci - ok
15:57:10.0038 4492  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:57:10.0078 4492  usbvideo - ok
15:57:10.0133 4492  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:57:10.0188 4492  UxSms - ok
15:57:10.0218 4492  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:57:10.0228 4492  VaultSvc - ok
15:57:10.0238 4492  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:57:10.0243 4492  vdrvroot - ok
15:57:10.0283 4492  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:57:10.0345 4492  vds - ok
15:57:10.0403 4492  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:10.0433 4492  vga - ok
15:57:10.0440 4492  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:57:10.0465 4492  VgaSave - ok
15:57:10.0498 4492  VGPU - ok
15:57:10.0558 4492  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:57:10.0568 4492  vhdmp - ok
15:57:10.0638 4492  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:57:10.0648 4492  viaagp - ok
15:57:10.0668 4492  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:57:10.0710 4492  ViaC7 - ok
15:57:10.0763 4492  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:57:10.0773 4492  viaide - ok
15:57:10.0793 4492  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:57:10.0805 4492  vmbus - ok
15:57:10.0825 4492  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:57:10.0855 4492  VMBusHID - ok
15:57:10.0865 4492  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:57:10.0875 4492  volmgr - ok
15:57:10.0908 4492  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:57:10.0928 4492  volmgrx - ok
15:57:10.0940 4492  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:57:10.0950 4492  volsnap - ok
15:57:11.0080 4492  [ 5C180CD2A33051642A589A7C6090A035 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
15:57:11.0105 4492  vpnagent - ok
15:57:11.0205 4492  [ 0728EFA3492908D683F1A88C0818CBA3 ] vpnva           C:\Windows\system32\DRIVERS\vpnva-6.sys
15:57:11.0215 4492  vpnva - ok
15:57:11.0288 4492  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:57:11.0298 4492  vsmraid - ok
15:57:11.0358 4492  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:57:11.0433 4492  VSS - ok
15:57:11.0465 4492  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:57:11.0520 4492  vwifibus - ok
15:57:11.0582 4492  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:57:11.0595 4492  vwififlt - ok
15:57:11.0672 4492  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:57:11.0715 4492  vwifimp - ok
15:57:11.0765 4492  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:57:11.0812 4492  W32Time - ok
15:57:11.0845 4492  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:57:11.0885 4492  WacomPen - ok
15:57:11.0950 4492  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:57:11.0997 4492  WANARP - ok
15:57:11.0997 4492  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:57:12.0017 4492  Wanarpv6 - ok
15:57:12.0067 4492  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:57:12.0157 4492  wbengine - ok
15:57:12.0270 4492  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:57:12.0337 4492  WbioSrvc - ok
15:57:12.0427 4492  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:57:12.0477 4492  wcncsvc - ok
15:57:12.0532 4492  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:57:12.0595 4492  WcsPlugInService - ok
15:57:12.0615 4492  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:57:12.0625 4492  Wd - ok
15:57:12.0735 4492  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:57:12.0755 4492  Wdf01000 - ok
15:57:12.0795 4492  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:57:12.0899 4492  WdiServiceHost - ok
15:57:12.0902 4492  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:57:12.0912 4492  WdiSystemHost - ok
15:57:12.0947 4492  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:57:12.0987 4492  WebClient - ok
15:57:13.0022 4492  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:57:13.0072 4492  Wecsvc - ok
15:57:13.0094 4492  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:57:13.0144 4492  wercplsupport - ok
15:57:13.0214 4492  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:57:13.0274 4492  WerSvc - ok
15:57:13.0307 4492  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:57:13.0357 4492  WfpLwf - ok
15:57:13.0387 4492  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:57:13.0397 4492  WIMMount - ok
15:57:13.0477 4492  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:57:13.0557 4492  WinDefend - ok
15:57:13.0627 4492  WinHttpAutoProxySvc - ok
15:57:14.0004 4492  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:57:14.0112 4492  Winmgmt - ok
15:57:14.0407 4492  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:57:14.0479 4492  WinRM - ok
15:57:14.0579 4492  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:57:14.0609 4492  WinUsb - ok
15:57:14.0659 4492  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:57:14.0732 4492  Wlansvc - ok
15:57:14.0859 4492  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:57:14.0922 4492  wlidsvc - ok
15:57:14.0949 4492  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:57:15.0006 4492  WmiAcpi - ok
15:57:15.0046 4492  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:57:15.0089 4492  wmiApSrv - ok
15:57:15.0184 4492  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:57:15.0276 4492  WMPNetworkSvc - ok
15:57:15.0296 4492  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:57:15.0361 4492  WPCSvc - ok
15:57:15.0395 4492  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:57:15.0464 4492  WPDBusEnum - ok
15:57:15.0496 4492  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:57:15.0549 4492  ws2ifsl - ok
15:57:15.0614 4492  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
15:57:15.0636 4492  wscsvc - ok
15:57:15.0641 4492  WSearch - ok
15:57:15.0709 4492  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:57:15.0786 4492  wuauserv - ok
15:57:15.0891 4492  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:57:15.0979 4492  WudfPf - ok
15:57:16.0047 4492  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:57:16.0085 4492  WUDFRd - ok
15:57:16.0151 4492  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:57:16.0189 4492  wudfsvc - ok
15:57:16.0229 4492  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:57:16.0292 4492  WwanSvc - ok
15:57:16.0373 4492  [ CE0C846127D6ABB1E2A22E59682B2527 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
15:57:16.0434 4492  xnacc - ok
15:57:16.0479 4492  [ EE9144207EE0211EB5656BA6808AC4A0 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
15:57:16.0489 4492  xusb21 - ok
15:57:16.0574 4492  ================ Scan global ===============================
15:57:16.0636 4492  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:57:16.0674 4492  [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
15:57:16.0692 4492  [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
15:57:16.0717 4492  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:57:16.0742 4492  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:57:16.0744 4492  [Global] - ok
15:57:16.0744 4492  ================ Scan MBR ==================================
15:57:16.0757 4492  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:57:17.0004 4492  \Device\Harddisk0\DR0 - ok
15:57:17.0019 4492  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:57:19.0545 4492  \Device\Harddisk1\DR1 - ok
15:57:19.0545 4492  ================ Scan VBR ==================================
15:57:19.0561 4492  [ 99D8DC8ACBDF30517F3BC7867E8D4713 ] \Device\Harddisk0\DR0\Partition1
15:57:19.0561 4492  \Device\Harddisk0\DR0\Partition1 - ok
15:57:19.0561 4492  [ 5BC421FEF1FE5FE4E921948F8D29D0B5 ] \Device\Harddisk1\DR1\Partition1
15:57:19.0561 4492  \Device\Harddisk1\DR1\Partition1 - ok
15:57:19.0561 4492  ============================================================
15:57:19.0561 4492  Scan finished
15:57:19.0561 4492  ============================================================
15:57:19.0607 4312  Detected object count: 4
15:57:19.0607 4312  Actual detected object count: 4
15:58:47.0780 4312  bthsrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:47.0780 4312  bthsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:58:47.0780 4312  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:47.0780 4312  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:58:47.0780 4312  NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:47.0780 4312  NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:58:47.0780 4312  Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:47.0780 4312  Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:58:55.0986 4204  Deinitialize success

Ich hoffe das skippen war ok.

Gruß Felix

aharonov · 24.09.2013, 15:23

Hallo Felix,

ja das skippen war ok, so wird es ja in der Anleitung verlangt.

Das ist aber immer noch nicht sauber, da läuft noch was.
Nach dem Fix in Schritt 1 den Rechner bitte neu starten und dann Schritt 2 ausführen.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

R2 bthsrv; C:\Windows\system32\Drivers\BleServicesCtrl.exe [335872 2013-09-16] ()
C:\Windows\system32\Drivers\BleServicesCtrl.exe
C:\Windows\system32\Drivers\blds.exe
testsigning on:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Lazy_Leroy · 24.09.2013, 15:46

Hallo Leo,

Hier die Fixlog - Datei

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by Felix at 2013-09-24 16:26:19 Run:2
Running from C:\Users\Felix\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R2 bthsrv; C:\Windows\system32\Drivers\BleServicesCtrl.exe [335872 2013-09-16] ()
C:\Windows\system32\Drivers\BleServicesCtrl.exe
C:\Windows\system32\Drivers\blds.exe
testsigning on:
*****************

bthsrv => Service deleted successfully.
C:\Windows\system32\Drivers\BleServicesCtrl.exe => Moved successfully.
C:\Windows\system32\Drivers\blds.exe => Moved successfully.

Der Vorgang wurde erfolgreich beendet.


The system needs a manual reboot. 

==== End of Fixlog ====

Und hier die normale FRST - Datei

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by Felix (administrator) on SPIELEPC on 24-09-2013 16:41:09
Running from C:\Users\Felix\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\system32\DXPServer.exe
(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC7BB2A689FFCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\searchplugins\searchplugins-backup
FF Extension: Battlefield Heroes Updater - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\plugin@videofiledownload.com
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF Extension: ciuvo-extension - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\h1wivocd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-08-17] (Kaspersky Lab ZAO)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-12-19] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-07-19] (Cisco Systems, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-07-19] (Cisco Systems, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-26] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-10] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-09-25] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-08] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-26] ()
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [346192 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [46160 2011-09-15] (Native Instruments GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc.                           )
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [10848 2000-01-26] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-30] (Duplex Secure Ltd.)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5116544 2010-11-10] (Etron)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-07-19] (Cisco Systems, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Felix\AppData\Local\Temp\catchme.sys [x]
S3 DMSKSSRh; \??\C:\Users\Felix\AppData\Local\Temp\DMSKSSRh.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-08-13] (Kaspersky Lab)
S3 sony_ssm.sys; \??\C:\Users\Felix\AppData\Local\Temp\sony_ssm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 15:55 - 2013-09-24 15:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Felix\Desktop\tdsskiller.exe
2013-09-24 14:27 - 2013-09-24 14:28 - 00029848 _____ C:\Users\Felix\Desktop\Addition.txt
2013-09-24 14:25 - 2013-09-24 14:25 - 01088653 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-24 11:31 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-24 03:56 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-24 03:56 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-24 03:08 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-24 03:08 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-24 03:08 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-24 03:08 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-24 03:07 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-24 03:07 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-24 03:07 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-24 03:07 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-24 03:07 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-24 03:07 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-24 02:50 - 2013-09-24 02:53 - 00000000 ____D C:\Windows\system32\MRT
2013-09-24 02:02 - 2013-09-24 02:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-24 02:02 - 2013-09-24 02:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-24 02:02 - 2013-09-24 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-24 02:02 - 2013-09-24 02:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-24 02:02 - 2013-09-24 02:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-24 02:02 - 2013-09-24 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-24 02:01 - 2013-09-24 02:01 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-24 01:59 - 2013-09-24 01:59 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-24 01:57 - 2013-09-24 01:57 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-24 01:54 - 2013-09-24 02:47 - 00048389 _____ C:\Windows\IE10_main.log
2013-09-23 23:34 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-23 23:34 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-23 23:34 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-23 23:34 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-09-23 23:34 - 2012-08-22 19:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-23 23:34 - 2012-07-04 21:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-09-23 23:32 - 2013-04-12 15:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-23 23:31 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-23 23:31 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-23 23:31 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-23 23:28 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-23 23:23 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-23 23:22 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-09-23 23:21 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-23 23:21 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-23 23:21 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-23 23:21 - 2013-03-19 06:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-23 23:21 - 2013-03-19 06:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-23 23:21 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-09-23 23:21 - 2013-03-19 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-23 23:21 - 2012-08-21 22:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-09-23 23:20 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-23 23:20 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-23 23:20 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-23 23:09 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-23 23:09 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-09-23 23:09 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-23 23:09 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-23 23:08 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\system32\locale.nls
2013-09-23 23:08 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-09-23 23:08 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-09-23 23:08 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-23 23:07 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-23 23:07 - 2013-01-03 07:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-23 23:07 - 2012-08-22 19:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-23 23:05 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-23 23:04 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-23 23:04 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-23 23:01 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-23 23:01 - 2013-04-10 07:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-23 23:01 - 2013-04-10 07:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-23 23:00 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-09-23 23:00 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-09-23 23:00 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-09-23 23:00 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-09-23 22:59 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-23 19:54 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-23 19:54 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-23 19:54 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-23 19:54 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-23 19:54 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-23 19:52 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-09-23 19:52 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-23 19:51 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-23 19:51 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-23 19:51 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-23 19:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-23 19:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-23 18:07 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-23 18:07 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-23 18:06 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-23 18:06 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-23 18:06 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-23 17:22 - 2013-09-23 17:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 16:49 - 2013-09-23 17:22 - 00000000 ____D C:\ComboFix
2013-09-23 16:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-23 16:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-23 16:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-23 16:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-23 16:48 - 2013-09-23 17:22 - 00000000 ____D C:\Qoobox
2013-09-23 16:37 - 2013-09-23 16:39 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 16:31 - 2013-09-23 16:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 16:23 - 2013-09-23 16:24 - 00000000 ____D C:\AdwCleaner
2013-09-23 16:22 - 2013-09-23 16:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 15:44 - 2013-09-23 15:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 02:33 - 2013-09-23 02:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 02:16 - 2013-09-23 02:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 02:06 - 2013-09-24 16:26 - 00000000 ____D C:\FRST
2013-09-23 02:04 - 2013-09-23 02:05 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-14 18:15 - 2013-09-24 10:40 - 00017592 _____ C:\Windows\PFRO.log
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-30 12:31 - 2013-08-01 08:54 - 430133457 _____ C:\Users\Felix\Desktop\DSCN0648.MOV
2013-08-30 12:30 - 2013-08-01 11:32 - 72828534 _____ C:\Users\Felix\Desktop\DSCN0663.MOV
2013-08-26 18:49 - 2001-10-23 19:40 - 00019052 ____N C:\Windows\Liesmich.txt
2013-08-26 18:49 - 2001-10-22 16:46 - 00057344 ____N C:\Windows\Launcher.exe
2013-08-26 18:49 - 2001-10-22 14:59 - 00012340 ____N C:\Windows\EULA.txt
2013-08-26 18:49 - 2001-10-19 14:42 - 00000026 ____N C:\Windows\Launcher.ini
2013-08-26 18:33 - 2013-08-26 18:49 - 00000196 _____ C:\Windows\SIERRA.INI

==================== One Month Modified Files and Folders =======

2013-09-24 16:36 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 16:36 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 16:35 - 2012-09-25 16:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-24 16:35 - 2012-09-16 22:11 - 00000000 ___RD C:\Users\Felix\Dropbox
2013-09-24 16:35 - 2012-09-16 22:04 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2013-09-24 16:35 - 2010-05-30 08:53 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Skype
2013-09-24 16:31 - 2013-08-09 01:43 - 00004570 _____ C:\Windows\setupact.log
2013-09-24 16:31 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 16:27 - 2013-08-10 16:18 - 01282866 _____ C:\Windows\WindowsUpdate.log
2013-09-24 16:26 - 2013-09-23 02:06 - 00000000 ____D C:\FRST
2013-09-24 16:06 - 2012-04-03 07:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 15:55 - 2013-09-24 15:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Felix\Desktop\tdsskiller.exe
2013-09-24 15:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-24 14:28 - 2013-09-24 14:27 - 00029848 _____ C:\Users\Felix\Desktop\Addition.txt
2013-09-24 14:25 - 2013-09-24 14:25 - 01088653 _____ (Farbar) C:\Users\Felix\Desktop\FRST.exe
2013-09-24 14:21 - 2010-10-04 00:49 - 00704260 _____ C:\Windows\system32\perfh013.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00702302 _____ C:\Windows\system32\perfh015.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00691606 _____ C:\Windows\system32\prfh0816.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00676264 _____ C:\Windows\system32\prfh0416.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00628960 _____ C:\Windows\system32\perfh01D.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00621616 _____ C:\Windows\system32\perfh01F.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00141260 _____ C:\Windows\system32\perfc015.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00139488 _____ C:\Windows\system32\prfc0816.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00138766 _____ C:\Windows\system32\perfc013.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00134040 _____ C:\Windows\system32\prfc0416.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00129170 _____ C:\Windows\system32\perfc01D.dat
2013-09-24 14:21 - 2010-10-04 00:49 - 00127408 _____ C:\Windows\system32\perfc01F.dat
2013-09-24 14:21 - 2010-10-03 03:24 - 00688088 _____ C:\Windows\system32\perfh019.dat
2013-09-24 14:21 - 2010-10-03 03:24 - 00138202 _____ C:\Windows\system32\perfc019.dat
2013-09-24 14:21 - 2010-10-03 03:14 - 00368066 _____ C:\Windows\system32\prfh0804.dat
2013-09-24 14:21 - 2010-10-03 03:14 - 00109180 _____ C:\Windows\system32\prfc0804.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00702298 _____ C:\Windows\system32\perfh010.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00407258 _____ C:\Windows\system32\perfh012.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00384368 _____ C:\Windows\system32\prfh0404.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00133098 _____ C:\Windows\system32\perfc010.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00109608 _____ C:\Windows\system32\perfc012.dat
2013-09-24 14:21 - 2010-10-02 11:03 - 00104266 _____ C:\Windows\system32\prfc0404.dat
2013-09-24 14:21 - 2010-10-02 08:05 - 00459844 _____ C:\Windows\system32\perfh014.dat
2013-09-24 14:21 - 2010-10-02 08:05 - 00082322 _____ C:\Windows\system32\perfc014.dat
2013-09-24 14:21 - 2010-05-30 02:35 - 00395950 _____ C:\Windows\system32\perfh011.dat
2013-09-24 14:21 - 2010-05-30 02:35 - 00111320 _____ C:\Windows\system32\perfc011.dat
2013-09-24 14:21 - 2009-11-10 20:44 - 16514046 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 11:36 - 2011-11-11 18:27 - 00000000 ____D C:\Program Files\Steam
2013-09-24 10:54 - 2009-10-14 05:07 - 00000000 ____D C:\Windows\Panther
2013-09-24 10:54 - 2009-07-14 06:33 - 00442272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\uk-UA
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\th-TH
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sl-SI
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sk-SK
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ro-RO
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\lv-LV
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\lt-LT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hr-HR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\he-IL
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\et-EE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\bg-BG
2013-09-24 10:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ar-SA
2013-09-24 10:45 - 2010-10-05 23:59 - 00000000 ____D C:\Windows\system32\Drivers\el-GR
2013-09-24 10:45 - 2010-10-04 00:30 - 00000000 ____D C:\Windows\system32\Drivers\tr-TR
2013-09-24 10:45 - 2010-10-04 00:30 - 00000000 ____D C:\Windows\system32\Drivers\hu-HU
2013-09-24 10:45 - 2010-10-04 00:29 - 00000000 ____D C:\Windows\system32\Drivers\pt-PT
2013-09-24 10:45 - 2010-10-04 00:28 - 00000000 ____D C:\Windows\system32\Drivers\nl-NL
2013-09-24 10:45 - 2010-10-04 00:27 - 00000000 ____D C:\Windows\system32\Drivers\sv-SE
2013-09-24 10:45 - 2010-10-04 00:27 - 00000000 ____D C:\Windows\system32\Drivers\ar-SA
2013-09-24 10:45 - 2010-10-04 00:26 - 00000000 ____D C:\Windows\system32\Drivers\pl-PL
2013-09-24 10:45 - 2010-10-04 00:24 - 00000000 ____D C:\Windows\system32\Drivers\pt-BR
2013-09-24 10:45 - 2010-10-03 03:23 - 00000000 ____D C:\Windows\system32\Drivers\ru-RU
2013-09-24 10:45 - 2010-10-03 03:12 - 00000000 ____D C:\Windows\system32\Drivers\zh-CN
2013-09-24 10:45 - 2010-10-02 10:43 - 00000000 ____D C:\Windows\system32\Drivers\zh-TW
2013-09-24 10:45 - 2010-10-02 10:43 - 00000000 ____D C:\Windows\system32\Drivers\it-IT
2013-09-24 10:45 - 2010-10-02 10:42 - 00000000 ____D C:\Windows\system32\Drivers\ko-KR
2013-09-24 10:45 - 2010-10-02 10:42 - 00000000 ____D C:\Windows\system32\Drivers\fr-FR
2013-09-24 10:45 - 2010-10-02 10:40 - 00000000 ____D C:\Windows\system32\Drivers\fi-FI
2013-09-24 10:45 - 2010-10-02 08:05 - 00000000 ____D C:\Windows\system32\Drivers\nb-NO
2013-09-24 10:45 - 2010-05-30 02:34 - 00000000 ____D C:\Windows\system32\Drivers\ja-JP
2013-09-24 10:45 - 2010-05-30 02:30 - 00000000 ____D C:\Windows\system32\Drivers\he-IL
2013-09-24 10:45 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-24 10:45 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-24 10:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-24 10:44 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-24 10:40 - 2013-09-14 18:15 - 00017592 _____ C:\Windows\PFRO.log
2013-09-24 10:40 - 2011-11-09 01:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-24 03:45 - 2012-01-06 12:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-24 02:55 - 2009-07-14 04:04 - 00000502 _____ C:\Windows\win.ini
2013-09-24 02:53 - 2013-09-24 02:50 - 00000000 ____D C:\Windows\system32\MRT
2013-09-24 02:47 - 2013-09-24 01:54 - 00048389 _____ C:\Windows\IE10_main.log
2013-09-24 02:02 - 2013-09-24 02:02 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-24 02:02 - 2013-09-24 02:02 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-24 02:02 - 2013-09-24 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-24 02:02 - 2013-09-24 02:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-24 02:02 - 2013-09-24 02:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-24 02:02 - 2013-09-24 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-24 02:02 - 2013-09-24 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-24 02:02 - 2013-09-24 02:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-24 02:01 - 2013-09-24 02:01 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-24 01:59 - 2013-09-24 01:59 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-24 01:59 - 2013-09-24 01:59 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-24 01:57 - 2013-09-24 01:57 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-23 19:27 - 2010-08-07 11:56 - 00000000 ___RD C:\Users\Felix\Desktop\Felix
2013-09-23 17:46 - 2011-09-10 13:54 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2013-09-23 17:22 - 2013-09-23 17:22 - 00019137 _____ C:\ComboFix.txt
2013-09-23 17:22 - 2013-09-23 16:49 - 00000000 ____D C:\ComboFix
2013-09-23 17:22 - 2013-09-23 16:48 - 00000000 ____D C:\Qoobox
2013-09-23 17:22 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-23 17:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-23 17:20 - 2011-05-12 20:50 - 00000000 ____D C:\Windows\ERDNT
2013-09-23 17:08 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 17:07 - 2009-07-14 04:03 - 99090432 _____ C:\Windows\system32\config\software.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 19660800 _____ C:\Windows\system32\config\system.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00069632 _____ C:\Windows\system32\config\sam.bak
2013-09-23 17:07 - 2009-07-14 04:03 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-09-23 16:39 - 2013-09-23 16:37 - 05129279 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2013-09-23 16:31 - 2013-09-23 16:31 - 00013418 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2013-09-23 16:24 - 2013-09-23 16:23 - 00000000 ____D C:\AdwCleaner
2013-09-23 16:24 - 2010-05-30 10:01 - 00000000 ____D C:\ProgramData\ICQ
2013-09-23 16:22 - 2013-09-23 16:22 - 01042066 _____ C:\Users\Felix\Desktop\adwcleaner.exe
2013-09-23 15:44 - 2013-09-23 15:44 - 00004632 _____ C:\Users\Felix\Desktop\Gmer.txt
2013-09-23 02:33 - 2013-09-23 02:33 - 00103680 _____ (GMER) C:\pwloypow.sys
2013-09-23 02:16 - 2013-09-23 02:16 - 00377856 _____ C:\Users\Felix\Desktop\gmer_2.1.19163.exe
2013-09-23 02:05 - 2013-09-23 02:04 - 00000524 _____ C:\Users\Felix\Desktop\defogger_disable.log
2013-09-23 02:03 - 2013-09-23 02:03 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2013-09-22 18:27 - 2012-02-23 20:45 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-22 18:27 - 2009-07-22 23:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-22 18:26 - 2010-08-26 00:58 - 00000000 ____D C:\Users\Felix\Documents\TrackMania
2013-09-22 18:15 - 2010-08-26 00:58 - 00000000 ____D C:\ProgramData\TrackMania
2013-09-22 12:31 - 2012-04-03 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-22 12:31 - 2011-06-10 23:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 01:16 - 2013-09-22 01:16 - 00001930 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-09-22 00:43 - 2013-09-22 00:43 - 00023654 _____ C:\Windows\system32\hs_err_pid896.log
2013-09-20 13:04 - 2012-08-06 04:45 - 00000000 ____D C:\Program Files\Warkeys
2013-09-19 12:50 - 2013-04-12 18:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 09:39 - 2011-05-07 02:25 - 00001288 _____ C:\Users\Felix\Desktop\Opera.lnk
2013-09-19 09:12 - 2010-03-27 16:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 19:40 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 20:41 - 2013-09-12 20:41 - 00151792 _____ C:\Windows\Minidump\091213-17721-01.dmp
2013-09-12 20:41 - 2010-10-21 23:49 - 00000000 ____D C:\Windows\Minidump
2013-09-12 20:40 - 2013-09-12 20:40 - 490483348 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:04 - 2012-05-14 17:28 - 00000000 ____D C:\Program Files\Diablo III
2013-09-03 17:39 - 2013-01-27 13:25 - 00000000 ___RD C:\Program Files\Skype
2013-09-03 17:39 - 2010-05-30 08:26 - 00000000 ____D C:\ProgramData\Skype
2013-09-02 00:29 - 2013-09-02 00:29 - 00000214 _____ C:\Users\Felix\Desktop\Bloodline Champions.url
2013-09-01 16:57 - 2009-10-14 04:21 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-31 17:43 - 2013-08-31 17:43 - 00023822 _____ C:\Windows\system32\hs_err_pid1544.log
2013-08-28 23:59 - 2012-12-09 00:14 - 00000458 __RSH C:\ProgramData\ntuser.pol
2013-08-28 15:23 - 2013-05-20 12:50 - 00000000 ____D C:\Program Files\Cisco
2013-08-28 15:23 - 2013-05-20 12:46 - 00000000 ____D C:\ProgramData\Cisco
2013-08-26 18:49 - 2013-08-26 18:33 - 00000196 _____ C:\Windows\SIERRA.INI
2013-08-26 18:41 - 2008-05-05 21:17 - 00000000 ____D C:\Spiele
2013-08-26 18:40 - 2010-08-30 02:18 - 00021840 ____T C:\Windows\system32\SIntfNT.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00017212 ____T C:\Windows\system32\SIntf32.dll
2013-08-26 18:40 - 2010-08-30 02:18 - 00012067 ____T C:\Windows\system32\SIntf16.dll
2013-08-26 18:33 - 2010-05-30 10:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2013-09-21 12:55

==================== End Of Log ============================

Gruß Felix

aharonov · 24.09.2013, 15:55

Hallo Felix,

wie läuft der Rechner jetzt? Was für Probleme bemerkst du noch?

Lazy_Leroy · 24.09.2013, 16:07

Hallo Leo,

das Problem mit dem Springen auf den Desktop scheint wieder verschwunden zu sein. Außerdem läuft der Rechner allgemein wieder schneller. Probleme bemerke ich jetzt keine mehr. Gibt's noch was zu tun?

Gruß Felix

24.09.2013, 15:55	#14
aharonov /// TB-Ausbilder	Windows 7: PC springt alle paar Minuten auf den Desktop Hallo Felix, wie läuft der Rechner jetzt? Was für Probleme bemerkst du noch? __________________ cheers, Leo

Windows 7: PC springt alle paar Minuten auf den Desktop

Log-Analyse und Auswertung: Windows 7: PC springt alle paar Minuten auf den Desktop