Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren

seeufirst · 07.04.2014, 13:31

Schon blöd wenn man den Rechner nicht immer im Zugriff hat, aber was soll man machen :-)
Hier mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.04.2014
Suchlauf-Zeit: 13:59:06
Logdatei: mbam-log.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.07.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: USERNAME

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 460440
Verstrichene Zeit: 15 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

hier AdwCleaner.txt
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 07/04/2014 um 14:03:09
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : USERNAME - 53MPRM1
# Gestartet von : C:\Users\USERNAME\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


*************************

AdwCleaner[R0].txt - [1025 octets] - [07/04/2014 14:02:07]
AdwCleaner[S0].txt - [944 octets] - [07/04/2014 14:03:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1003 octets] ##########

--- --- ---

JRT.txt:
JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by USERNAME on 07.04.2014 at 14:06:18,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.04.2014 at 14:13:21,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

und zum Abschluss FRST.txt:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by USERNAME (administrator) on 53MPRM1 on 07-04-2014 14:14:05
Running from C:\Users\USERNAME\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fcappdb.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fortiwf.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
( ) C:\Windows\system32\DKabcoms.exe
(DeviceVM, Inc.) D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Dell Inc.) c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Pmsb.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Logitech, Inc.) C:\Program Files\SetPoint\SetPoint.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(DeviceVM, Inc.) D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(DATEV eG) C:\Program Files (x86)\DATEV-SiPa-compact\DVcServ.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [391024 2010-05-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-14] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5107712 2009-11-30] (Dell Inc.)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [USCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-15] (Broadcom Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16414824 2010-04-16] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [95336 2010-04-16] (NVIDIA Corporation)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [DellBtrEvent] - D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe [147456 2009-08-25] (DeviceVM, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [413827 2009-07-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DVCServ] - C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE [202576 2009-12-09] (NewSoft Technology Corporation)
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-04] (Google Inc.)
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Policies\Explorer: [NoWelcomeScreen] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.desys.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {B093B549-5216-4125-905D-C418CFD6081E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7RNSN_deDE391
SearchScopes: HKCU - 6693714A29DE47698E55CCD7CB90FA57 URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2B7DE831-E220-4771-8EBB-AE6659121CA3} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {B093B549-5216-4125-905D-C418CFD6081E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7RNSN_deDE391
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll (DATEV eG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70751} https://vm-spenge.desys.bi:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/setupini.cab
DPF: HKLM-x32 {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/setup.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://194.180.32.6:4343/officescan/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: HKLM-x32 {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.180.32.186 194.180.32.187

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe [89600 2010-01-14] (Andrea Electronics Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [515872 2009-12-10] (Dell Inc.)
R2 dkab_device; C:\Windows\system32\DKabcoms.exe [1055040 2010-08-03] ( )
R2 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [603456 2010-08-03] ( )
R2 DvmMDES; D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe [327680 2009-08-03] (DeviceVM, Inc.)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [98322 2014-03-04] (Fortinet Inc.)
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe [244736 2010-01-14] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4521472 2009-11-30] (Dell Inc.)
S2 ntrtscan; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe" [X]
S2 tmlisten; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 DVMIO; D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys [17496 2009-07-21] (DeviceVM, Inc.)
R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [56032 2014-03-04] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [50912 2014-03-04] (Fortinet Inc)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [16096 2014-03-04] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [25312 2013-09-18] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37600 2014-03-04] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [12512 2014-03-04] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [133856 2014-03-04] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [47328 2014-03-04] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [56544 2014-03-04] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28384 2014-03-04] (Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2009-10-08] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [104576 2009-10-08] (KOBIL Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 mdareDriver_43; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys [90848 2014-04-01] (Fortinet Inc.)
R3 mdareDriver_47; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_47.sys [91872 2014-04-05] (Fortinet Inc.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2011-03-21] (Fortinet Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
S1 A2DDA; \??\F:\EEK\RUN\a2ddax64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\F:\EEK\Run\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 14:14 - 2014-04-07 14:14 - 00013500 _____ () C:\Users\USERNAME\Desktop\FRST.txt
2014-04-07 14:13 - 2014-04-07 14:13 - 00000761 _____ () C:\Users\USERNAME\Desktop\JRT.txt
2014-04-07 14:06 - 2014-04-07 14:06 - 00000000 ____D () C:\Windows\ERUNT
2014-04-07 14:01 - 2014-04-07 14:03 - 00000000 ____D () C:\AdwCleaner
2014-04-07 13:39 - 2014-04-07 14:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 13:38 - 2014-04-07 13:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-07 13:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 13:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-07 13:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 13:37 - 2014-04-07 09:06 - 01016261 _____ (Thisisu) C:\Users\USERNAME\Desktop\JRT.exe
2014-04-07 13:37 - 2014-04-07 09:05 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\USERNAME\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-07 13:37 - 2014-04-07 09:05 - 01426178 _____ () C:\Users\USERNAME\Desktop\adwcleaner.exe
2014-04-07 13:37 - 2014-03-25 15:40 - 02157056 _____ (Farbar) C:\Users\USERNAME\Desktop\FRST64.exe
2014-04-06 10:43 - 2014-04-06 10:43 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-06 10:41 - 2014-04-06 10:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-06 10:41 - 2014-04-06 10:43 - 00000000 ____D () C:\Program Files\iTunes
2014-04-06 10:41 - 2014-04-06 10:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-06 10:41 - 2014-04-06 10:41 - 00000000 ____D () C:\Program Files\iPod
2014-04-06 10:36 - 2014-04-06 10:36 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-06 10:36 - 2014-04-06 10:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-05 23:00 - 2014-04-05 23:00 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle-schrott
2014-04-03 14:17 - 2014-04-03 14:17 - 00029569 _____ () C:\ComboFix.txt
2014-04-03 13:51 - 2014-04-03 14:18 - 00000000 ____D () C:\Qoobox
2014-04-03 13:51 - 2014-04-03 14:14 - 00000000 ____D () C:\Windows\erdnt
2014-04-03 13:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-03 13:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-03 13:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-03 13:17 - 2014-04-03 13:17 - 00000763 _____ () C:\Users\USERNAME\Desktop\KJS - Provision.lnk
2014-04-01 20:25 - 2014-04-01 20:25 - 00018233 _____ () C:\Users\USERNAME\AppData\Local\recently-used.xbel
2014-04-01 17:05 - 2014-04-01 17:05 - 00002000 _____ () C:\Users\Public\Desktop\FortiClient.lnk
2014-04-01 17:05 - 2014-04-01 17:05 - 00000000 ____D () C:\Program Files\Common Files\Fortinet
2014-04-01 17:05 - 2011-03-21 12:54 - 00016928 _____ (Fortinet Inc.) C:\Windows\system32\Drivers\ftvnic.sys
2014-04-01 16:47 - 2014-04-01 16:47 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-28 15:42 - 2014-03-24 08:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\USERNAME\Desktop\TDSSKiller.exe
2014-03-25 17:09 - 2014-03-25 17:09 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-25 16:38 - 2014-03-25 16:38 - 00000000 ____D () C:\Program Files (x86)\Fortinet
2014-03-25 16:19 - 2014-03-25 16:19 - 00000000 ____D () C:\ProgramData\Applications
2014-03-25 16:12 - 2014-04-07 14:14 - 00000000 ____D () C:\FRST
2014-03-25 15:57 - 2014-03-25 15:57 - 00577701 _____ () C:\53MPRM1_2014.03.25-1454.41_52AEB628-00A9-00CE-00A2-00C97232013E_17907.zip
2014-03-25 15:12 - 2014-03-25 15:12 - 00000036 _____ () C:\Users\USERNAME\AppData\Local\housecall.guid.cache
2014-03-24 18:29 - 2014-03-24 18:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix 2014
2014-03-24 17:28 - 2014-03-24 18:08 - 00002120 _____ () C:\FixitRegBackup.reg
2014-03-24 15:21 - 2014-04-07 13:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 15:21 - 2014-03-24 15:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\Malwarebytes
2014-03-22 01:49 - 2014-03-22 01:49 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-22 01:44 - 2014-03-22 01:49 - 00016817 _____ () C:\Windows\IE11_main.log
2014-03-13 22:32 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-13 22:32 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-13 22:30 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 22:30 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 22:30 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-13 22:30 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-13 22:29 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-13 22:29 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-13 22:29 - 2013-08-29 03:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2014-03-13 22:28 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-13 22:28 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-13 22:28 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-13 22:28 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-13 22:27 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-13 22:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 22:26 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-13 22:26 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-13 22:25 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-13 22:25 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-13 22:25 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-13 22:25 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-13 22:25 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-13 22:25 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-13 22:25 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-13 22:25 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-13 22:25 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-13 22:25 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-13 22:25 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-13 22:25 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-13 22:25 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-13 22:25 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-13 22:25 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-13 22:25 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-13 22:25 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-13 22:25 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-13 22:25 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-03-13 22:25 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-03-13 22:25 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-03-13 22:25 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-13 22:25 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-13 22:25 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-13 22:24 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-13 22:23 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-13 22:23 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-13 22:23 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-13 22:23 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-13 22:23 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-13 22:23 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-13 22:23 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-13 22:23 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-13 22:23 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-13 22:23 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-13 22:23 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-13 22:23 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-13 22:23 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-13 22:23 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-13 22:23 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-13 22:23 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-13 22:23 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-13 22:23 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-13 22:23 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-13 22:23 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-13 22:23 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-13 22:23 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-13 22:23 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-13 22:23 - 2012-11-29 00:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-03-13 22:22 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-03-13 22:22 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-13 22:21 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-03-13 22:21 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-13 22:21 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-13 22:20 - 2013-12-21 11:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 22:20 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 22:16 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-13 22:16 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-13 22:16 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-13 22:16 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-13 22:15 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 22:15 - 2014-02-23 10:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 22:15 - 2014-02-23 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 22:15 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 22:15 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 22:15 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 22:14 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 22:14 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 22:14 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 22:14 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 22:14 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 22:14 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 22:14 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 22:14 - 2014-02-23 07:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-13 22:14 - 2014-02-23 07:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-13 22:11 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 22:11 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 22:11 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-13 22:11 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-13 22:08 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-13 22:08 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-13 22:06 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-13 22:06 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-13 22:06 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-13 22:06 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-13 22:06 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-13 22:06 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-13 22:06 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-13 22:06 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-13 22:06 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-13 22:06 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-13 22:06 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-13 22:06 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-13 22:06 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-13 22:06 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-12 13:50 - 2014-03-25 17:17 - 00000021 _____ () C:\tmuninst.ini
2014-03-12 13:49 - 2014-03-25 16:11 - 00165604 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-03-12 13:48 - 2013-09-02 16:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-03-12 13:48 - 2013-08-29 18:30 - 00085376 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-03-12 13:47 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 13:47 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-12 13:47 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 13:47 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-08 22:16 - 2014-04-07 13:36 - 00003360 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-08 22:16 - 2014-04-07 13:36 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-08 22:16 - 2014-04-07 00:08 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\CrashDumps
2014-03-08 12:35 - 2014-04-07 14:04 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-08 12:35 - 2014-04-07 14:04 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178

==================== One Month Modified Files and Folders =======

2014-04-07 14:14 - 2014-04-07 14:14 - 00013500 _____ () C:\Users\USERNAME\Desktop\FRST.txt
2014-04-07 14:14 - 2014-03-25 16:12 - 00000000 ____D () C:\FRST
2014-04-07 14:13 - 2014-04-07 14:13 - 00000761 _____ () C:\Users\USERNAME\Desktop\JRT.txt
2014-04-07 14:11 - 2009-07-14 19:58 - 00684804 _____ () C:\Windows\system32\perfh007.dat
2014-04-07 14:11 - 2009-07-14 19:58 - 00138868 _____ () C:\Windows\system32\perfc007.dat
2014-04-07 14:11 - 2009-07-14 07:13 - 00820916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 14:11 - 2009-07-14 06:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 14:11 - 2009-07-14 06:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 14:06 - 2014-04-07 14:06 - 00000000 ____D () C:\Windows\ERUNT
2014-04-07 14:04 - 2014-04-07 13:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 14:04 - 2014-03-08 12:35 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-04-07 14:04 - 2014-03-08 12:35 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-04-07 14:04 - 2010-08-04 02:17 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 14:04 - 2010-07-05 12:11 - 00000216 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-07 14:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 14:04 - 2009-07-14 06:51 - 00166608 _____ () C:\Windows\setupact.log
2014-04-07 14:03 - 2014-04-07 14:01 - 00000000 ____D () C:\AdwCleaner
2014-04-07 14:03 - 2009-07-14 07:10 - 01545951 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 13:47 - 2010-08-04 02:17 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 13:43 - 2014-04-07 13:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-07 13:41 - 2012-06-19 11:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 13:38 - 2014-03-24 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 13:36 - 2014-03-08 22:16 - 00003360 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-04-07 13:36 - 2014-03-08 22:16 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-04-07 09:06 - 2014-04-07 13:37 - 01016261 _____ (Thisisu) C:\Users\USERNAME\Desktop\JRT.exe
2014-04-07 09:05 - 2014-04-07 13:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\USERNAME\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-07 09:05 - 2014-04-07 13:37 - 01426178 _____ () C:\Users\USERNAME\Desktop\adwcleaner.exe
2014-04-07 01:24 - 2010-08-02 17:30 - 00000000 ____D () C:\tmp
2014-04-07 00:08 - 2014-03-08 22:16 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\CrashDumps
2014-04-07 00:05 - 2012-02-25 22:00 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{86D6011B-9BE5-46DC-AFC0-83B9CAF77E4D}
2014-04-06 11:35 - 2011-01-31 11:28 - 00000000 ____D () C:\9-BT
2014-04-06 10:43 - 2014-04-06 10:43 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-06 10:43 - 2014-04-06 10:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-06 10:43 - 2014-04-06 10:41 - 00000000 ____D () C:\Program Files\iTunes
2014-04-06 10:43 - 2014-04-06 10:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-06 10:41 - 2014-04-06 10:41 - 00000000 ____D () C:\Program Files\iPod
2014-04-06 10:38 - 2010-07-05 13:03 - 00000000 ____D () C:\ProgramData\Apple
2014-04-06 10:36 - 2014-04-06 10:36 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-06 10:36 - 2014-04-06 10:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-06 09:58 - 2010-06-25 14:53 - 00148382 _____ () C:\Windows\PFRO.log
2014-04-05 23:03 - 2010-06-11 17:49 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-04-05 23:00 - 2014-04-05 23:00 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle-schrott
2014-04-05 18:00 - 2013-05-17 14:53 - 00000000 ____D () C:\Users\fleuter
2014-04-05 17:44 - 2013-11-19 14:27 - 00000000 ____D () C:\PRIVAT
2014-04-03 14:18 - 2014-04-03 13:51 - 00000000 ____D () C:\Qoobox
2014-04-03 14:17 - 2014-04-03 14:17 - 00029569 _____ () C:\ComboFix.txt
2014-04-03 14:17 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-03 14:14 - 2014-04-03 13:51 - 00000000 ____D () C:\Windows\erdnt
2014-04-03 14:03 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-03 14:01 - 2009-07-14 04:34 - 83623936 _____ () C:\Windows\system32\config\software.bak
2014-04-03 14:01 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\system.bak
2014-04-03 14:01 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-04-03 14:01 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-04-03 13:58 - 2010-07-14 15:32 - 00000000 ____D () C:\Users\USERNAME
2014-04-03 13:17 - 2014-04-03 13:17 - 00000763 _____ () C:\Users\USERNAME\Desktop\KJS - Provision.lnk
2014-04-03 09:51 - 2014-04-07 13:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-07 13:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-07 13:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:47 - 2013-05-18 19:44 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\Paint.NET
2014-04-02 14:33 - 2013-11-21 21:00 - 00000376 _____ () C:\Users\USERNAME\Desktop\Privatkunden - Sparkasse Bielefeld.url
2014-04-01 20:25 - 2014-04-01 20:25 - 00018233 _____ () C:\Users\USERNAME\AppData\Local\recently-used.xbel
2014-04-01 20:25 - 2012-07-31 13:22 - 00000000 ____D () C:\Users\USERNAME\.gimp-2.8
2014-04-01 17:05 - 2014-04-01 17:05 - 00002000 _____ () C:\Users\Public\Desktop\FortiClient.lnk
2014-04-01 17:05 - 2014-04-01 17:05 - 00000000 ____D () C:\Program Files\Common Files\Fortinet
2014-04-01 16:47 - 2014-04-01 16:47 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-01 16:40 - 2010-08-04 02:17 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\Google
2014-03-31 13:42 - 2010-08-04 02:17 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 13:42 - 2010-08-04 02:17 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 12:44 - 2009-07-14 06:45 - 00562416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-25 17:17 - 2014-03-12 13:50 - 00000021 _____ () C:\tmuninst.ini
2014-03-25 17:17 - 2010-07-05 13:44 - 00001145 _____ () C:\WebInstall.log
2014-03-25 17:09 - 2014-03-25 17:09 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-25 16:38 - 2014-03-25 16:38 - 00000000 ____D () C:\Program Files (x86)\Fortinet
2014-03-25 16:19 - 2014-03-25 16:19 - 00000000 ____D () C:\ProgramData\Applications
2014-03-25 16:11 - 2014-03-12 13:49 - 00165604 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-03-25 16:11 - 2010-07-06 09:07 - 00122634 _____ () C:\Windows\system32\TmInstall.log
2014-03-25 16:03 - 2012-02-25 20:53 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-25 15:57 - 2014-03-25 15:57 - 00577701 _____ () C:\53MPRM1_2014.03.25-1454.41_52AEB628-00A9-00CE-00A2-00C97232013E_17907.zip
2014-03-25 15:40 - 2014-04-07 13:37 - 02157056 _____ (Farbar) C:\Users\USERNAME\Desktop\FRST64.exe
2014-03-25 15:12 - 2014-03-25 15:12 - 00000036 _____ () C:\Users\USERNAME\AppData\Local\housecall.guid.cache
2014-03-25 15:11 - 2011-10-12 16:38 - 00000000 ____D () C:\Program Files (x86)\DATEV-SiPa-compact
2014-03-25 14:26 - 2011-12-10 19:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\.oit
2014-03-24 20:21 - 2010-07-05 13:27 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-24 18:39 - 2014-03-24 18:29 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix 2014
2014-03-24 18:32 - 2010-07-14 15:27 - 00000000 ____D () C:\Program Files\SetPoint
2014-03-24 18:08 - 2014-03-24 17:28 - 00002120 _____ () C:\FixitRegBackup.reg
2014-03-24 15:21 - 2014-03-24 15:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\Malwarebytes
2014-03-24 12:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-24 08:30 - 2014-03-28 15:42 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\USERNAME\Desktop\TDSSKiller.exe
2014-03-22 01:49 - 2014-03-22 01:49 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-22 01:49 - 2014-03-22 01:44 - 00016817 _____ () C:\Windows\IE11_main.log
2014-03-21 19:51 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-03-21 19:26 - 2011-06-16 12:00 - 00004721 _____ () C:\Windows\TMFilter.log
2014-03-21 13:22 - 2010-07-05 13:56 - 00009056 _____ () C:\Windows\cfgall.ini
2014-03-15 00:02 - 2013-08-01 13:43 - 00002000 ____H () C:\Users\USERNAME\Documents\Default.rdp
2014-03-14 14:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-14 13:38 - 2012-09-27 17:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 13:38 - 2012-09-27 17:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 22:32 - 2010-07-05 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 19:20 - 2010-07-14 15:33 - 00000000 ___RD () C:\Users\USERNAME\Virtual Machines
2014-03-12 19:20 - 2010-07-14 15:33 - 00000000 ___RD () C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-12 19:20 - 2010-07-14 15:33 - 00000000 ___RD () C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-12 15:11 - 2012-11-05 19:31 - 00000000 ____D () C:\ProgramData\04D6E31BEABFED84000004D6DE4FF870
2014-03-12 14:41 - 2012-06-19 11:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 14:41 - 2012-04-08 13:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 14:41 - 2011-05-17 11:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\USERNAME\SUPERsetup.exe


Some content of TEMP:
====================
C:\Users\USERNAME\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-03-30 01:06

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 08.04.2014, 09:18

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

seeufirst · 08.04.2014, 15:11

Hallo Schrauber,
hier das ESET-Logbuch:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4bf71cb5bd314449868c1e0e843afcb1
# engine=17796
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-08 01:36:56
# local_time=2014-04-08 03:36:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 9307 148594066 0 0
# scanned=226251
# found=0
# cleaned=0
# scan_time=7210

Hier das Checkup-Log vom Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
FortiClient AntiVirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 26  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und das FRST-Log:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by USERNAME (administrator) on 53MPRM1 on 08-04-2014 15:41:35
Running from C:\Users\USERNAME\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
( ) C:\Windows\system32\DKabcoms.exe
(DeviceVM, Inc.) D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Dell Inc.) c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Pmsb.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Logitech, Inc.) C:\Program Files\SetPoint\SetPoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(DeviceVM, Inc.) D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(DATEV eG) C:\Program Files (x86)\DATEV-SiPa-compact\DVcServ.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [391024 2010-05-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-14] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5107712 2009-11-30] (Dell Inc.)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [USCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-15] (Broadcom Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16414824 2010-04-16] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [95336 2010-04-16] (NVIDIA Corporation)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [DellBtrEvent] - D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe [147456 2009-08-25] (DeviceVM, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [413827 2009-07-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DVCServ] - C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE [202576 2009-12-09] (NewSoft Technology Corporation)
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-04] (Google Inc.)
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Policies\Explorer: [NoWelcomeScreen] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.desys.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {B093B549-5216-4125-905D-C418CFD6081E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7RNSN_deDE391
SearchScopes: HKCU - 6693714A29DE47698E55CCD7CB90FA57 URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2B7DE831-E220-4771-8EBB-AE6659121CA3} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {B093B549-5216-4125-905D-C418CFD6081E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7RNSN_deDE391
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll (DATEV eG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70751} https://vm-spenge.desys.bi:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/setupini.cab
DPF: HKLM-x32 {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/setup.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://194.180.32.6:4343/officescan/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: HKLM-x32 {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.180.32.186 194.180.32.187

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe [89600 2010-01-14] (Andrea Electronics Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [515872 2009-12-10] (Dell Inc.)
R2 dkab_device; C:\Windows\system32\DKabcoms.exe [1055040 2010-08-03] ( )
R2 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [603456 2010-08-03] ( )
R2 DvmMDES; D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe [327680 2009-08-03] (DeviceVM, Inc.)
S2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [98322 2014-03-04] (Fortinet Inc.)
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe [244736 2010-01-14] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4521472 2009-11-30] (Dell Inc.)
S2 ntrtscan; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe" [X]
S2 tmlisten; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 DVMIO; D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys [17496 2009-07-21] (DeviceVM, Inc.)
R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [56032 2014-03-04] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [50912 2014-03-04] (Fortinet Inc)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [16096 2014-03-04] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [25312 2013-09-18] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37600 2014-03-04] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [12512 2014-03-04] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [133856 2014-03-04] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [47328 2014-03-04] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [56544 2014-03-04] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28384 2014-03-04] (Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2009-10-08] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [104576 2009-10-08] (KOBIL Systems GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation)
S3 mdareDriver_43; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys [90848 2014-04-01] (Fortinet Inc.)
S3 mdareDriver_47; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_47.sys [91872 2014-04-05] (Fortinet Inc.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2011-03-21] (Fortinet Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
S1 A2DDA; \??\F:\EEK\RUN\a2ddax64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\F:\EEK\Run\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 15:41 - 2014-04-08 15:41 - 00012844 _____ () C:\Users\USERNAME\Desktop\FRST.txt
2014-04-08 15:34 - 2014-04-08 13:14 - 00987448 _____ () C:\Users\USERNAME\Desktop\SecurityCheck.exe
2014-04-08 15:34 - 2014-03-25 15:40 - 02157056 _____ (Farbar) C:\Users\USERNAME\Desktop\FRST64.exe
2014-04-08 13:33 - 2014-04-08 13:34 - 00000000 ____D () C:\Program Files (x86)\WizTree
2014-04-08 13:33 - 2014-04-08 13:33 - 00000949 _____ () C:\Users\USERNAME\Desktop\WizTree.lnk
2014-04-07 14:53 - 2014-04-07 14:53 - 00000000 ___HD () C:\Users\USERNAME\AppData\Local\dvmexp
2014-04-07 14:13 - 2014-04-07 14:13 - 00000761 _____ () C:\Users\USERNAME\Desktop\JRT.txt
2014-04-07 14:06 - 2014-04-07 14:06 - 00000000 ____D () C:\Windows\ERUNT
2014-04-07 13:39 - 2014-04-07 14:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 10:43 - 2014-04-06 10:43 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-06 10:41 - 2014-04-06 10:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-06 10:41 - 2014-04-06 10:43 - 00000000 ____D () C:\Program Files\iTunes
2014-04-06 10:41 - 2014-04-06 10:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-06 10:41 - 2014-04-06 10:41 - 00000000 ____D () C:\Program Files\iPod
2014-04-06 10:36 - 2014-04-06 10:36 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-06 10:36 - 2014-04-06 10:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-05 23:00 - 2014-04-05 23:00 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle-schrott
2014-04-03 13:51 - 2014-04-03 14:18 - 00000000 ____D () C:\Qoobox
2014-04-03 13:51 - 2014-04-03 14:14 - 00000000 ____D () C:\Windows\erdnt
2014-04-03 13:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-03 13:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-03 13:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-03 13:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-03 13:17 - 2014-04-03 13:17 - 00000763 _____ () C:\Users\USERNAME\Desktop\KJS - Provision.lnk
2014-04-01 20:25 - 2014-04-01 20:25 - 00018233 _____ () C:\Users\USERNAME\AppData\Local\recently-used.xbel
2014-04-01 17:05 - 2014-04-01 17:05 - 00002000 _____ () C:\Users\Public\Desktop\FortiClient.lnk
2014-04-01 17:05 - 2014-04-01 17:05 - 00000000 ____D () C:\Program Files\Common Files\Fortinet
2014-04-01 17:05 - 2011-03-21 12:54 - 00016928 _____ (Fortinet Inc.) C:\Windows\system32\Drivers\ftvnic.sys
2014-03-25 17:09 - 2014-03-25 17:09 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-25 16:38 - 2014-03-25 16:38 - 00000000 ____D () C:\Program Files (x86)\Fortinet
2014-03-25 16:19 - 2014-03-25 16:19 - 00000000 ____D () C:\ProgramData\Applications
2014-03-25 16:12 - 2014-04-08 15:41 - 00000000 ____D () C:\FRST
2014-03-25 15:57 - 2014-03-25 15:57 - 00577701 _____ () C:\53MPRM1_2014.03.25-1454.41_52AEB628-00A9-00CE-00A2-00C97232013E_17907.zip
2014-03-25 15:12 - 2014-03-25 15:12 - 00000036 _____ () C:\Users\USERNAME\AppData\Local\housecall.guid.cache
2014-03-24 18:29 - 2014-03-24 18:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix 2014
2014-03-24 17:28 - 2014-03-24 18:08 - 00002120 _____ () C:\FixitRegBackup.reg
2014-03-24 15:21 - 2014-04-07 13:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 15:21 - 2014-03-24 15:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\Malwarebytes
2014-03-22 01:49 - 2014-03-22 01:49 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-22 01:44 - 2014-03-22 01:49 - 00016817 _____ () C:\Windows\IE11_main.log
2014-03-13 22:32 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-13 22:32 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-13 22:30 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 22:30 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 22:30 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-13 22:30 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-13 22:29 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-13 22:29 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-13 22:29 - 2013-08-29 03:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2014-03-13 22:28 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-13 22:28 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-13 22:28 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-13 22:28 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-13 22:27 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-13 22:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 22:26 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-13 22:26 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-13 22:25 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-13 22:25 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-13 22:25 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-13 22:25 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-13 22:25 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-13 22:25 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-13 22:25 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-13 22:25 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-13 22:25 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-13 22:25 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-13 22:25 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-13 22:25 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-13 22:25 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-13 22:25 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-13 22:25 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-13 22:25 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-13 22:25 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-13 22:25 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-13 22:25 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-03-13 22:25 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-03-13 22:25 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-03-13 22:25 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-13 22:25 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-13 22:25 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-13 22:24 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-13 22:24 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-13 22:23 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-13 22:23 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-13 22:23 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-13 22:23 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-13 22:23 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-13 22:23 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-13 22:23 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-13 22:23 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-13 22:23 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-13 22:23 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-13 22:23 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-13 22:23 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-13 22:23 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-13 22:23 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-13 22:23 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-13 22:23 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-13 22:23 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-13 22:23 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-13 22:23 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-13 22:23 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-13 22:23 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-13 22:23 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-13 22:23 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-13 22:23 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-13 22:23 - 2012-11-29 00:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-03-13 22:22 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-03-13 22:22 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-13 22:21 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-03-13 22:21 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-13 22:21 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-13 22:20 - 2013-12-21 11:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 22:20 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 22:16 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-13 22:16 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-13 22:16 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-13 22:16 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-13 22:15 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 22:15 - 2014-02-23 10:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 22:15 - 2014-02-23 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 22:15 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 22:15 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 22:15 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 22:14 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 22:14 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 22:14 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 22:14 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 22:14 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 22:14 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 22:14 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 22:14 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 22:14 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 22:14 - 2014-02-23 07:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-13 22:14 - 2014-02-23 07:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-13 22:11 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 22:11 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 22:11 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-13 22:11 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-13 22:08 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-13 22:08 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-13 22:06 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-13 22:06 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-13 22:06 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-13 22:06 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-13 22:06 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-13 22:06 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-13 22:06 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-13 22:06 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-13 22:06 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-13 22:06 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-13 22:06 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-13 22:06 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-13 22:06 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-13 22:06 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-12 13:50 - 2014-03-25 17:17 - 00000021 _____ () C:\tmuninst.ini
2014-03-12 13:49 - 2014-03-25 16:11 - 00165604 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-03-12 13:48 - 2013-09-02 16:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-03-12 13:48 - 2013-08-29 18:30 - 00085376 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-03-12 13:47 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 13:47 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-12 13:47 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 13:47 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2014-04-08 15:41 - 2014-04-08 15:41 - 00012844 _____ () C:\Users\USERNAME\Desktop\FRST.txt
2014-04-08 15:41 - 2014-03-25 16:12 - 00000000 ____D () C:\FRST
2014-04-08 15:41 - 2012-06-19 11:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 14:47 - 2010-08-04 02:17 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 14:10 - 2010-07-05 12:11 - 00000216 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-08 14:03 - 2010-08-02 17:30 - 00000000 ____D () C:\tmp
2014-04-08 13:47 - 2010-08-04 02:17 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 13:34 - 2014-04-08 13:33 - 00000000 ____D () C:\Program Files (x86)\WizTree
2014-04-08 13:33 - 2014-04-08 13:33 - 00000949 _____ () C:\Users\USERNAME\Desktop\WizTree.lnk
2014-04-08 13:14 - 2014-04-08 15:34 - 00987448 _____ () C:\Users\USERNAME\Desktop\SecurityCheck.exe
2014-04-08 13:04 - 2009-07-14 07:10 - 01565323 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 12:36 - 2012-02-25 22:00 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{86D6011B-9BE5-46DC-AFC0-83B9CAF77E4D}
2014-04-08 12:34 - 2009-07-14 19:58 - 00684804 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 12:34 - 2009-07-14 19:58 - 00138868 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 12:34 - 2009-07-14 07:13 - 00820916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 12:34 - 2009-07-14 06:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 12:34 - 2009-07-14 06:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 12:30 - 2014-03-08 22:16 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\CrashDumps
2014-04-08 12:27 - 2014-03-08 12:35 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-04-08 12:27 - 2014-03-08 12:35 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-04-08 12:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 12:27 - 2009-07-14 06:51 - 00166664 _____ () C:\Windows\setupact.log
2014-04-07 14:53 - 2014-04-07 14:53 - 00000000 ___HD () C:\Users\USERNAME\AppData\Local\dvmexp
2014-04-07 14:13 - 2014-04-07 14:13 - 00000761 _____ () C:\Users\USERNAME\Desktop\JRT.txt
2014-04-07 14:06 - 2014-04-07 14:06 - 00000000 ____D () C:\Windows\ERUNT
2014-04-07 14:04 - 2014-04-07 13:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 13:38 - 2014-03-24 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 13:36 - 2014-03-08 22:16 - 00003360 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-04-07 13:36 - 2014-03-08 22:16 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-04-06 11:35 - 2011-01-31 11:28 - 00000000 ____D () C:\9-BT
2014-04-06 10:43 - 2014-04-06 10:43 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-06 10:43 - 2014-04-06 10:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-06 10:43 - 2014-04-06 10:41 - 00000000 ____D () C:\Program Files\iTunes
2014-04-06 10:43 - 2014-04-06 10:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-06 10:41 - 2014-04-06 10:41 - 00000000 ____D () C:\Program Files\iPod
2014-04-06 10:38 - 2010-07-05 13:03 - 00000000 ____D () C:\ProgramData\Apple
2014-04-06 10:36 - 2014-04-06 10:36 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-06 10:36 - 2014-04-06 10:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-06 09:58 - 2010-06-25 14:53 - 00148382 _____ () C:\Windows\PFRO.log
2014-04-05 23:03 - 2010-06-11 17:49 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-04-05 23:00 - 2014-04-05 23:00 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle-schrott
2014-04-05 18:00 - 2013-05-17 14:53 - 00000000 ____D () C:\Users\fleuter
2014-04-05 17:44 - 2013-11-19 14:27 - 00000000 ____D () C:\PRIVAT
2014-04-03 14:18 - 2014-04-03 13:51 - 00000000 ____D () C:\Qoobox
2014-04-03 14:17 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-03 14:14 - 2014-04-03 13:51 - 00000000 ____D () C:\Windows\erdnt
2014-04-03 14:03 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-03 14:01 - 2009-07-14 04:34 - 83623936 _____ () C:\Windows\system32\config\software.bak
2014-04-03 14:01 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\system.bak
2014-04-03 14:01 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-04-03 14:01 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-04-03 13:58 - 2010-07-14 15:32 - 00000000 ____D () C:\Users\USERNAME
2014-04-03 13:17 - 2014-04-03 13:17 - 00000763 _____ () C:\Users\USERNAME\Desktop\KJS - Provision.lnk
2014-04-02 19:47 - 2013-05-18 19:44 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\Paint.NET
2014-04-02 14:33 - 2013-11-21 21:00 - 00000376 _____ () C:\Users\USERNAME\Desktop\Privatkunden - Sparkasse Bielefeld.url
2014-04-01 20:25 - 2014-04-01 20:25 - 00018233 _____ () C:\Users\USERNAME\AppData\Local\recently-used.xbel
2014-04-01 20:25 - 2012-07-31 13:22 - 00000000 ____D () C:\Users\USERNAME\.gimp-2.8
2014-04-01 17:05 - 2014-04-01 17:05 - 00002000 _____ () C:\Users\Public\Desktop\FortiClient.lnk
2014-04-01 17:05 - 2014-04-01 17:05 - 00000000 ____D () C:\Program Files\Common Files\Fortinet
2014-04-01 16:40 - 2010-08-04 02:17 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\Google
2014-03-31 13:42 - 2010-08-04 02:17 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 13:42 - 2010-08-04 02:17 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 12:44 - 2009-07-14 06:45 - 00562416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-25 17:17 - 2014-03-12 13:50 - 00000021 _____ () C:\tmuninst.ini
2014-03-25 17:17 - 2010-07-05 13:44 - 00001145 _____ () C:\WebInstall.log
2014-03-25 17:09 - 2014-03-25 17:09 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-25 16:38 - 2014-03-25 16:38 - 00000000 ____D () C:\Program Files (x86)\Fortinet
2014-03-25 16:19 - 2014-03-25 16:19 - 00000000 ____D () C:\ProgramData\Applications
2014-03-25 16:11 - 2014-03-12 13:49 - 00165604 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-03-25 16:11 - 2010-07-06 09:07 - 00122634 _____ () C:\Windows\system32\TmInstall.log
2014-03-25 16:03 - 2012-02-25 20:53 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-25 15:57 - 2014-03-25 15:57 - 00577701 _____ () C:\53MPRM1_2014.03.25-1454.41_52AEB628-00A9-00CE-00A2-00C97232013E_17907.zip
2014-03-25 15:40 - 2014-04-08 15:34 - 02157056 _____ (Farbar) C:\Users\USERNAME\Desktop\FRST64.exe
2014-03-25 15:12 - 2014-03-25 15:12 - 00000036 _____ () C:\Users\USERNAME\AppData\Local\housecall.guid.cache
2014-03-25 15:11 - 2011-10-12 16:38 - 00000000 ____D () C:\Program Files (x86)\DATEV-SiPa-compact
2014-03-25 14:26 - 2011-12-10 19:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\.oit
2014-03-24 20:21 - 2010-07-05 13:27 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-24 18:39 - 2014-03-24 18:29 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix 2014
2014-03-24 18:32 - 2010-07-14 15:27 - 00000000 ____D () C:\Program Files\SetPoint
2014-03-24 18:08 - 2014-03-24 17:28 - 00002120 _____ () C:\FixitRegBackup.reg
2014-03-24 15:21 - 2014-03-24 15:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\Malwarebytes
2014-03-24 12:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-22 01:49 - 2014-03-22 01:49 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-22 01:49 - 2014-03-22 01:44 - 00016817 _____ () C:\Windows\IE11_main.log
2014-03-21 19:51 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-03-21 19:26 - 2011-06-16 12:00 - 00004721 _____ () C:\Windows\TMFilter.log
2014-03-21 13:22 - 2010-07-05 13:56 - 00009056 _____ () C:\Windows\cfgall.ini
2014-03-15 00:02 - 2013-08-01 13:43 - 00002000 ____H () C:\Users\USERNAME\Documents\Default.rdp
2014-03-14 14:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-14 13:38 - 2012-09-27 17:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 13:38 - 2012-09-27 17:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 22:32 - 2010-07-05 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 19:20 - 2010-07-14 15:33 - 00000000 ___RD () C:\Users\USERNAME\Virtual Machines
2014-03-12 19:20 - 2010-07-14 15:33 - 00000000 ___RD () C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-12 19:20 - 2010-07-14 15:33 - 00000000 ___RD () C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-12 15:11 - 2012-11-05 19:31 - 00000000 ____D () C:\ProgramData\04D6E31BEABFED84000004D6DE4FF870
2014-03-12 14:41 - 2012-06-19 11:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 14:41 - 2012-04-08 13:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 14:41 - 2011-05-17 11:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\USERNAME\SUPERsetup.exe


Some content of TEMP:
====================
C:\Users\USERNAME\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-03-30 01:06

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Hallo Schrauber,
nochmal vielen Dank für deine Hilfe. Problem? Nö.
Ist der Rechner von meinem Chef, der guckt zwar schon dass ich ihn täglich besuche, aber ich bleib am Ball! ;-)
Ausserdem fühlt es sich gut an endlich mal was gegen die Malware-Flut tun zu können und den Rechner gründlich durch zu putzen.

Gruß
seeufirst

Hallo Schrauber!

Bevor ich's vergesse, ja die diversen Programme werden demnächst aktualisiert ;-)
Der PC wird sonst von einem Kollegen betreut, der wohl ziemlich geschludert hat. Werde die Betreuung wohl übernehmen...

Gruß
Seeufirst

schrauber · 09.04.2014, 13:30

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

testsigning: on

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

seeufirst · 09.04.2014, 15:50

Hallo Schrauber,
hier das gewünschte Log-File:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by heubaum at 2014-04-09 16:13:43 Run:1
Running from C:\Users\USERNAME\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
testsigning: on
*****************


Der Vorgang wurde erfolgreich beendet.

==== End of Fixlog ====

Hallo Schrauber,

noch mal vielen Dank für deine Hilfe. Werde den PC entsprechend noch konfigurieren. Du kannst den Thread nun schliessen.

Gruß
seeufirst

schrauber · 10.04.2014, 11:52

Gern Geschehen

10.04.2014, 11:52	#21
schrauber /// the machine /// TB-Ausbilder	Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren Gern Geschehen __________________ --> Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren

Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren

Log-Analyse und Auswertung: Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren